package org.apache.directory.server.ldap.handlers.bind;

import java.util.Hashtable;
import javax.naming.NamingException;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.partition.PartitionNexus;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.constants.JndiPropertyConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.directory.shared.ldap.message.LdapResult;
import org.apache.directory.shared.ldap.message.MutableControl;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.ExceptionUtils;
import org.apache.directory.shared.ldap.util.StringTools;
import org.apache.mina.common.IoSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/ldap/handlers/bind/AbstractSaslCallbackHandler.class */
public abstract class AbstractSaslCallbackHandler implements CallbackHandler {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractSaslCallbackHandler.class);
    private static final MutableControl[] EMPTY = new MutableControl[0];
    private String username;
    private String realm;
    protected LdapSession ldapSession;
    protected CoreSession adminSession;
    protected final DirectoryService directoryService;
    protected final BindRequest bindRequest;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractSaslCallbackHandler(DirectoryService directoryService, BindRequest bindRequest) {
        this.directoryService = directoryService;
        this.bindRequest = bindRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUsername() {
        return this.username;
    }

    protected String getRealm() {
        return this.realm;
    }

    protected abstract EntryAttribute lookupPassword(String str, String str2);

    protected abstract void authorize(AuthorizeCallback authorizeCallback) throws Exception;

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) {
        for (int i = 0; i < callbackArr.length; i++) {
            Callback callback = callbackArr[i];
            if (LOG.isDebugEnabled()) {
                LOG.debug("Processing callback {} of {}: {}" + callback.getClass(), Integer.valueOf(i + 1), Integer.valueOf(callbackArr.length));
            }
            if (callback instanceof NameCallback) {
                NameCallback nameCallback = (NameCallback) callback;
                LOG.debug("NameCallback default name:  {}", nameCallback.getDefaultName());
                this.username = nameCallback.getDefaultName();
            } else if (callback instanceof RealmCallback) {
                RealmCallback realmCallback = (RealmCallback) callback;
                LOG.debug("RealmCallback default text:  {}", realmCallback.getDefaultText());
                this.realm = realmCallback.getDefaultText();
            } else if (callback instanceof PasswordCallback) {
                PasswordCallback passwordCallback = (PasswordCallback) callback;
                EntryAttribute lookupPassword = lookupPassword(getUsername(), getRealm());
                if (lookupPassword != null) {
                    passwordCallback.setPassword(StringTools.utf8ToString((byte[]) lookupPassword.get().get()).toCharArray());
                }
            } else if (callback instanceof AuthorizeCallback) {
                AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                LOG.debug("AuthorizeCallback authnID:  {}", authorizeCallback.getAuthenticationID());
                LOG.debug("AuthorizeCallback authzID:  {}", authorizeCallback.getAuthorizationID());
                LOG.debug("AuthorizeCallback authorizedID:  {}", authorizeCallback.getAuthorizedID());
                LOG.debug("AuthorizeCallback isAuthorized:  {}", Boolean.valueOf(authorizeCallback.isAuthorized()));
                try {
                    authorize(authorizeCallback);
                } catch (Exception e) {
                    throw new RuntimeException("Failed authorization in callback handler.", e);
                }
            } else {
                continue;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LdapContext getContext(IoSession ioSession, BindRequest bindRequest, Hashtable<String, Object> hashtable) {
        ResultCodeEnum bestEstimate;
        InitialLdapContext initialLdapContext;
        LdapResult ldapResult = bindRequest.getResultResponse().getLdapResult();
        try {
            MutableControl[] mutableControlArr = (MutableControl[]) bindRequest.getControls().values().toArray(EMPTY);
            hashtable.put(DirectoryService.JNDI_KEY, this.directoryService);
            initialLdapContext = new InitialLdapContext(hashtable, mutableControlArr);
        } catch (NamingException e) {
            if (e instanceof LdapException) {
                bestEstimate = ((LdapException) e).getResultCode();
                ldapResult.setResultCode(bestEstimate);
            } else {
                bestEstimate = ResultCodeEnum.getBestEstimate(e, bindRequest.getType());
                ldapResult.setResultCode(bestEstimate);
            }
            String str = "Bind failed: " + e.getMessage();
            if (LOG.isDebugEnabled()) {
                str = (str + ":\n" + ExceptionUtils.getStackTrace(e)) + "\n\nBindRequest = \n" + bindRequest.toString();
            }
            if (e.getResolvedName() != null && (bestEstimate == ResultCodeEnum.NO_SUCH_OBJECT || bestEstimate == ResultCodeEnum.ALIAS_PROBLEM || bestEstimate == ResultCodeEnum.INVALID_DN_SYNTAX || bestEstimate == ResultCodeEnum.ALIAS_DEREFERENCING_PROBLEM)) {
                ldapResult.setMatchedDn((LdapDN) e.getResolvedName());
            }
            ldapResult.setErrorMessage(str);
            ioSession.write(bindRequest.getResultResponse());
            initialLdapContext = null;
        }
        return initialLdapContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Hashtable<String, Object> getEnvironment(IoSession ioSession) {
        Hashtable<String, Object> hashtable = new Hashtable<>();
        hashtable.put(JndiPropertyConstants.JNDI_PROVIDER_URL, ioSession.getAttribute("baseDn"));
        hashtable.put(JndiPropertyConstants.JNDI_FACTORY_INITIAL, "org.apache.directory.server.core.jndi.CoreContextFactory");
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, ServerDNConstants.ADMIN_SYSTEM_DN);
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_CREDENTIALS, PartitionNexus.ADMIN_PASSWORD_STRING);
        hashtable.put(JndiPropertyConstants.JNDI_SECURITY_AUTHENTICATION, AuthenticationLevel.SIMPLE.toString());
        return hashtable;
    }
}
