package org.apache.directory.server.core.authn;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.jndi.ServerContext;
import org.apache.directory.shared.ldap.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.name.LdapName;
import org.apache.directory.shared.ldap.util.ArrayUtils;
import org.apache.directory.shared.ldap.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/authn/SimpleAuthenticator.class */
public class SimpleAuthenticator extends AbstractAuthenticator {
    private static final Logger log;
    private static final Collection USERLOOKUP_BYPASS;
    static Class class$org$apache$directory$server$core$authn$SimpleAuthenticator;

    public SimpleAuthenticator() {
        super("simple");
    }

    @Override // org.apache.directory.server.core.authn.AbstractAuthenticator, org.apache.directory.server.core.authn.Authenticator
    public LdapPrincipal authenticate(ServerContext serverContext) throws NamingException {
        Object obj;
        Object obj2 = serverContext.getEnvironment().get("java.naming.security.credentials");
        if (obj2 == null) {
            obj2 = ArrayUtils.EMPTY_BYTE_ARRAY;
        } else if (obj2 instanceof String) {
            obj2 = ((String) obj2).getBytes();
        }
        if (!serverContext.getEnvironment().containsKey("java.naming.security.principal")) {
            throw new LdapAuthenticationException();
        }
        String str = (String) serverContext.getEnvironment().get("java.naming.security.principal");
        if (str == null) {
            throw new LdapAuthenticationException();
        }
        Name ldapName = new LdapName(str);
        try {
            Attributes lookup = InvocationStack.getInstance().peek().getProxy().lookup(ldapName, new String[]{"userPassword"}, USERLOOKUP_BYPASS);
            if (lookup == null) {
                throw new LdapAuthenticationException(new StringBuffer().append("Failed to lookup user for authentication: ").append(str).toString());
            }
            Attribute attribute = lookup.get("userPassword");
            boolean z = false;
            if (attribute == null) {
                obj = ArrayUtils.EMPTY_BYTE_ARRAY;
            } else {
                obj = attribute.get();
                if (obj instanceof String) {
                    obj = ((String) obj).getBytes();
                }
            }
            if (isPasswordOneWayEncrypted(obj)) {
                try {
                    z = ArrayUtils.isEquals(createDigestedPassword(getAlgorithmForHashedPassword(obj), obj2).getBytes(), obj);
                } catch (IllegalArgumentException e) {
                    log.warn("Exception during authentication", e);
                } catch (NoSuchAlgorithmException e2) {
                    log.warn("Password stored with unknown algorithm.", e2);
                }
            } else {
                z = ArrayUtils.isEquals(obj2, obj);
            }
            if (z) {
                return new LdapPrincipal(ldapName, AuthenticationLevel.SIMPLE);
            }
            throw new LdapAuthenticationException();
        } catch (Exception e3) {
            log.error(new StringBuffer().append("Authentication error : ").append(e3.getMessage()).toString());
            LdapAuthenticationException ldapAuthenticationException = new LdapAuthenticationException();
            ldapAuthenticationException.setRootCause(ldapAuthenticationException);
            throw ldapAuthenticationException;
        }
    }

    protected boolean isPasswordOneWayEncrypted(Object obj) {
        boolean z = false;
        try {
            z = getAlgorithmForHashedPassword(obj) != null;
        } catch (IllegalArgumentException e) {
        }
        return z;
    }

    protected String getAlgorithmForHashedPassword(Object obj) throws IllegalArgumentException {
        String str;
        String str2 = null;
        if (obj instanceof byte[]) {
            str = new String((byte[]) obj);
        } else {
            if (!(obj instanceof String)) {
                throw new IllegalArgumentException("password is neither a String nor a byte-Array.");
            }
            str = (String) obj;
        }
        if (str != null && str.length() > 2 && str.charAt(0) == '{' && str.indexOf(125) > -1) {
            String substring = str.substring(1, str.indexOf(125));
            try {
                MessageDigest.getInstance(substring);
                str2 = substring;
            } catch (NoSuchAlgorithmException e) {
                log.warn(new StringBuffer().append("Unknown message digest algorithm in password: ").append(substring).toString(), e);
            }
        }
        return str2;
    }

    protected String createDigestedPassword(String str, Object obj) throws NoSuchAlgorithmException, IllegalArgumentException {
        byte[] bytes;
        if (obj instanceof byte[]) {
            bytes = (byte[]) obj;
        } else {
            if (!(obj instanceof String)) {
                throw new IllegalArgumentException("password is neither a String nor a byte-Array.");
            }
            bytes = ((String) obj).getBytes();
        }
        try {
            char[] encode = Base64.encode(MessageDigest.getInstance(str).digest(bytes));
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append('{');
            stringBuffer.append(str);
            stringBuffer.append('}');
            stringBuffer.append(encode);
            return stringBuffer.toString();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$directory$server$core$authn$SimpleAuthenticator == null) {
            cls = class$("org.apache.directory.server.core.authn.SimpleAuthenticator");
            class$org$apache$directory$server$core$authn$SimpleAuthenticator = cls;
        } else {
            cls = class$org$apache$directory$server$core$authn$SimpleAuthenticator;
        }
        log = LoggerFactory.getLogger(cls);
        HashSet hashSet = new HashSet();
        hashSet.add("authenticationService");
        hashSet.add("authorizationService");
        hashSet.add("defaultAuthorizationService");
        hashSet.add("schemaService");
        hashSet.add("subentryService");
        hashSet.add("operationalAttributeService");
        hashSet.add("eventService");
        USERLOOKUP_BYPASS = Collections.unmodifiableCollection(hashSet);
    }
}
