package org.wso2.carbon.apacheds.impl;

import java.io.IOException;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.jndi.CoreContextFactory;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.shared.store.KerberosAttribute;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
import org.apache.directory.shared.ldap.constants.MetaSchemaConstants;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.exception.LdapInvalidDnException;
import org.apache.mina.util.AvailablePortFinder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apacheds.KDCServer;
import org.wso2.carbon.apacheds.KdcConfiguration;
import org.wso2.carbon.apacheds.LDAPServer;
import org.wso2.carbon.apacheds.PartitionInfo;
import org.wso2.carbon.ldap.server.exception.DirectoryServerException;

/* loaded from: input_file:org/wso2/carbon/apacheds/impl/ApacheKDCServer.class */
public class ApacheKDCServer implements KDCServer {
    private static final Logger logger = LoggerFactory.getLogger(ApacheKDCServer.class);
    private static final int START_PORT = 6088;
    protected LdapContext schemaRoot;
    private KdcServer kdcServer = new KdcServer();

    @Override // org.wso2.carbon.apacheds.KDCServer
    public void init(KdcConfiguration kdcConfiguration, LDAPServer lDAPServer) throws DirectoryServerException {
        if (kdcConfiguration == null) {
            throw new DirectoryServerException("Could not initialize KDC server. KDC configurations are null");
        }
        if (lDAPServer == null) {
            throw new DirectoryServerException("Could not initialize KDC server. Directory service is null.");
        }
        if (!(lDAPServer instanceof ApacheLDAPServer)) {
            throw new DirectoryServerException("Apache KDC server is only compatible with ApacheLDAPServer");
        }
        this.kdcServer.setServiceName(kdcConfiguration.getKdcName());
        this.kdcServer.setKdcPrincipal(kdcConfiguration.getKdcPrinciple());
        this.kdcServer.setPrimaryRealm(kdcConfiguration.getPrimaryRealm());
        this.kdcServer.setMaximumTicketLifetime(kdcConfiguration.getMaxTicketLifeTime());
        this.kdcServer.setMaximumRenewableLifetime(kdcConfiguration.getMaxRenewableLifeTime());
        this.kdcServer.setSearchBaseDn(kdcConfiguration.getSearchBaseDomainName());
        this.kdcServer.setPaEncTimestampRequired(kdcConfiguration.isPreAuthenticateTimeStampRequired());
        configureTransportHandlers(kdcConfiguration);
        DirectoryService service = ((ApacheLDAPServer) lDAPServer).getService();
        if (service == null) {
            throw new DirectoryServerException("LDAP service is null. Could not configure Kerberos.");
        }
        this.kdcServer.setDirectoryService(service);
        setSchemaContext(kdcConfiguration, service, lDAPServer.getConnectionDomainName());
        enableKerberoseSchema();
    }

    private void enableKerberoseSchema() throws DirectoryServerException {
        try {
            Attributes attributes = this.schemaRoot.getAttributes("cn=Krb5kdc");
            boolean z = false;
            if (attributes.get(MetaSchemaConstants.M_DISABLED_AT) != null) {
                z = "TRUE".equalsIgnoreCase((String) attributes.get(MetaSchemaConstants.M_DISABLED_AT).get());
            }
            if (z) {
                this.schemaRoot.modifyAttributes("cn=Krb5kdc", new ModificationItem[]{new ModificationItem(3, new BasicAttribute(MetaSchemaConstants.M_DISABLED_AT))});
            }
        } catch (NamingException e) {
            logger.error("An error occurred while enabling Kerberos schema.", e);
            throw new DirectoryServerException("An error occurred while enabling Kerberos schema.", e);
        }
    }

    @Override // org.wso2.carbon.apacheds.KDCServer
    public void kerberizePartition(PartitionInfo partitionInfo, LDAPServer lDAPServer) throws DirectoryServerException {
        DirContext dirContext = null;
        try {
            try {
                if (!(lDAPServer instanceof ApacheLDAPServer)) {
                    throw new DirectoryServerException("Apache KDC server is only compatible with ApacheLDAPServer");
                }
                Hashtable hashtable = new Hashtable();
                hashtable.put(DirectoryService.JNDI_KEY, ((ApacheLDAPServer) lDAPServer).getService());
                hashtable.put(JndiPropertyConstants.JNDI_FACTORY_INITIAL, ConfigurationConstants.LDAP_INITIAL_CONTEXT_FACTORY);
                hashtable.put(JndiPropertyConstants.JNDI_PROVIDER_URL, "ou=Users," + partitionInfo.getRootDN());
                hashtable.put(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, partitionInfo.getAdminDomainName());
                hashtable.put(JndiPropertyConstants.JNDI_SECURITY_CREDENTIALS, partitionInfo.getPartitionAdministrator().getAdminPassword());
                hashtable.put(JndiPropertyConstants.JNDI_SECURITY_AUTHENTICATION, ConfigurationConstants.SIMPLE_AUTHENTICATION);
                InitialDirContext initialDirContext = new InitialDirContext(hashtable);
                initialDirContext.createSubcontext("uid=krbtgt", getPrincipalAttributes(ConfigurationConstants.SERVER_PRINCIPLE, ConfigurationConstants.KDC_SERVER_COMMON_NAME, ConfigurationConstants.KDC_SERVER_UID, partitionInfo.getPartitionKdcPassword(), getKDCPrincipleName(partitionInfo)));
                initialDirContext.createSubcontext("uid=ldap", getPrincipalAttributes(ConfigurationConstants.SERVER_PRINCIPLE, ConfigurationConstants.LDAP_SERVER_COMMON_NAME, "ldap", partitionInfo.getLdapServerPrinciplePassword(), getLDAPPrincipleName(partitionInfo)));
                if (initialDirContext != null) {
                    try {
                        initialDirContext.close();
                    } catch (NamingException e) {
                        logger.error("Error closing LDAP context.", e);
                    }
                }
            } catch (NamingException e2) {
                logger.error("Unable to add server principles for KDC and LDAP. Incorrect domain names.", e2);
                throw new DirectoryServerException("Unable to add server principles for KDC and LDAP. Incorrect domain names.", e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                    logger.error("Error closing LDAP context.", e3);
                }
            }
            throw th;
        }
    }

    private String getKDCPrincipleName(PartitionInfo partitionInfo) {
        return "krbtgt/" + partitionInfo.getRealm() + "@" + partitionInfo.getRealm();
    }

    private String getLDAPPrincipleName(PartitionInfo partitionInfo) {
        return "ldap/localhost@" + partitionInfo.getRealm();
    }

    protected Attributes getPrincipalAttributes(String str, String str2, String str3, String str4, String str5) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute(SchemaConstants.OBJECT_CLASS_AT);
        basicAttribute.add(SchemaConstants.TOP_OC);
        basicAttribute.add(SchemaConstants.PERSON_OC);
        basicAttribute.add(SchemaConstants.INET_ORG_PERSON_OC);
        basicAttribute.add("krb5principal");
        basicAttribute.add("krb5kdcentry");
        basicAttributes.put(basicAttribute);
        basicAttributes.put(SchemaConstants.CN_AT, str2);
        basicAttributes.put(SchemaConstants.SN_AT, str);
        basicAttributes.put(SchemaConstants.UID_AT, str3);
        basicAttributes.put(SchemaConstants.USER_PASSWORD_AT, str4);
        basicAttributes.put(KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, str5);
        basicAttributes.put(KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, "0");
        return basicAttributes;
    }

    private void setSchemaContext(KdcConfiguration kdcConfiguration, DirectoryService directoryService, String str) throws DirectoryServerException {
        Hashtable hashtable = new Hashtable();
        hashtable.put(DirectoryService.JNDI_KEY, directoryService);
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, str);
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_CREDENTIALS, kdcConfiguration.getSystemAdminPassword());
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_AUTHENTICATION, ConfigurationConstants.SIMPLE_AUTHENTICATION);
        hashtable.put(JndiPropertyConstants.JNDI_FACTORY_INITIAL, CoreContextFactory.class.getName());
        hashtable.put(JndiPropertyConstants.JNDI_PROVIDER_URL, SchemaConstants.OU_SCHEMA);
        try {
            this.schemaRoot = new InitialLdapContext(hashtable, (Control[]) null);
        } catch (NamingException e) {
            throw new DirectoryServerException("Unable to create Schema context with user " + str, e);
        }
    }

    @Override // org.wso2.carbon.apacheds.KDCServer
    public void start() throws DirectoryServerException {
        try {
            this.kdcServer.start();
            logger.info("KDC server started ...");
        } catch (IOException e) {
            logger.error("Could not start KDC server due to an IOException", (Throwable) e);
            throw new DirectoryServerException("Could not start KDC server due to an IOException", e);
        } catch (LdapInvalidDnException e2) {
            logger.error("Could not start KDC server due to an error in a domain name.", (Throwable) e2);
            throw new DirectoryServerException("Could not start KDC server due to an error in a domain name.", e2);
        }
    }

    @Override // org.wso2.carbon.apacheds.KDCServer
    public boolean isKDCServerStarted() {
        return this.kdcServer.isStarted();
    }

    @Override // org.wso2.carbon.apacheds.KDCServer
    public void stop() throws DirectoryServerException {
        this.kdcServer.stop();
        logger.info("KDC server stopped ...");
    }

    private void configureTransportHandlers(KdcConfiguration kdcConfiguration) {
        int serverPort = getServerPort(kdcConfiguration);
        if (kdcConfiguration.getKdcCommunicationProtocol() == KdcConfiguration.ProtocolType.UDP_PROTOCOL) {
            logger.info("Starting KDC on UDP mode at port - " + serverPort + " at host - " + kdcConfiguration.getKdcHostAddress());
            this.kdcServer.addTransports(new UdpTransport(serverPort));
        } else {
            logger.info("Starting KDC on a TCP port " + serverPort + " at host " + kdcConfiguration.getKdcHostAddress());
            this.kdcServer.addTransports(new TcpTransport(kdcConfiguration.getKdcHostAddress(), serverPort, kdcConfiguration.getNumberOfThreads(), kdcConfiguration.getBackLogCount()));
        }
    }

    private int getServerPort(KdcConfiguration kdcConfiguration) {
        int kdcCommunicationPort = kdcConfiguration.getKdcCommunicationPort();
        if (kdcCommunicationPort == -1) {
            kdcCommunicationPort = AvailablePortFinder.getNextAvailable(START_PORT);
        }
        return kdcCommunicationPort;
    }
}
