package org.apache.directory.server.core.authn;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import org.apache.directory.server.core.DirectoryServiceConfiguration;
import org.apache.directory.server.core.configuration.AuthenticatorConfiguration;
import org.apache.directory.server.core.configuration.InterceptorConfiguration;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.jndi.LdapJndiProperties;
import org.apache.directory.server.core.jndi.ServerContext;
import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.filter.ExprNode;
import org.apache.directory.shared.ldap.message.ModificationItemImpl;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.AttributeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apacheds-core-1.0.2.jar:org/apache/directory/server/core/authn/AuthenticationService.class */
public class AuthenticationService extends BaseInterceptor {
    private static final Logger log;
    private static final boolean IS_DEBUG;
    public Map authenticators = new HashMap();
    private DirectoryServiceConfiguration factoryCfg;
    static Class class$org$apache$directory$server$core$authn$AuthenticationService;

    /* renamed from: org.apache.directory.server.core.authn.AuthenticationService$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/apacheds-core-1.0.2.jar:org/apache/directory/server/core/authn/AuthenticationService$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:WEB-INF/lib/apacheds-core-1.0.2.jar:org/apache/directory/server/core/authn/AuthenticationService$TrustedPrincipalWrapper.class */
    public final class TrustedPrincipalWrapper {
        private final LdapPrincipal principal;
        private final AuthenticationService this$0;

        private TrustedPrincipalWrapper(AuthenticationService authenticationService, LdapPrincipal ldapPrincipal) {
            this.this$0 = authenticationService;
            this.principal = ldapPrincipal;
        }

        public LdapPrincipal getPrincipal() {
            return this.principal;
        }

        TrustedPrincipalWrapper(AuthenticationService authenticationService, LdapPrincipal ldapPrincipal, AnonymousClass1 anonymousClass1) {
            this(authenticationService, ldapPrincipal);
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void init(DirectoryServiceConfiguration directoryServiceConfiguration, InterceptorConfiguration interceptorConfiguration) throws NamingException {
        this.factoryCfg = directoryServiceConfiguration;
        Iterator it = directoryServiceConfiguration.getStartupConfiguration().getAuthenticatorConfigurations().iterator();
        while (it.hasNext()) {
            try {
                register((AuthenticatorConfiguration) it.next());
            } catch (Exception e) {
                destroy();
                throw new NamingException("Failed to register authenticator.").initCause(e);
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void destroy() {
        Iterator it = new ArrayList(this.authenticators.values()).iterator();
        while (it.hasNext()) {
            Iterator it2 = new ArrayList((Collection) it.next()).iterator();
            while (it2.hasNext()) {
                unregister((Authenticator) it2.next());
            }
        }
        this.authenticators.clear();
    }

    private void register(AuthenticatorConfiguration authenticatorConfiguration) throws NamingException {
        authenticatorConfiguration.getAuthenticator().init(this.factoryCfg, authenticatorConfiguration);
        Collection authenticators = getAuthenticators(authenticatorConfiguration.getAuthenticator().getAuthenticatorType());
        if (authenticators == null) {
            authenticators = new ArrayList();
            this.authenticators.put(authenticatorConfiguration.getAuthenticator().getAuthenticatorType(), authenticators);
        }
        authenticators.add(authenticatorConfiguration.getAuthenticator());
    }

    private void unregister(Authenticator authenticator) {
        Collection authenticators = getAuthenticators(authenticator.getAuthenticatorType());
        if (authenticators == null) {
            return;
        }
        authenticators.remove(authenticator);
        try {
            authenticator.destroy();
        } catch (Throwable th) {
            log.warn("Failed to destroy an authenticator.", th);
        }
    }

    private Collection getAuthenticators(String str) {
        Collection collection = (Collection) this.authenticators.get(str);
        if (collection == null || collection.size() <= 0) {
            return null;
        }
        return collection;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void add(NextInterceptor nextInterceptor, LdapDN ldapDN, Attributes attributes) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Adding the entry ").append(AttributeUtils.toString(attributes)).append(" for DN = '").append(ldapDN.getUpName()).append("'").toString());
        }
        checkAuthenticated();
        nextInterceptor.add(ldapDN, attributes);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void delete(NextInterceptor nextInterceptor, LdapDN ldapDN) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Deleting name = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        nextInterceptor.delete(ldapDN);
        invalidateAuthenticatorCaches(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public LdapDN getMatchedName(NextInterceptor nextInterceptor, LdapDN ldapDN) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Matching name = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        return nextInterceptor.getMatchedName(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Attributes getRootDSE(NextInterceptor nextInterceptor) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Getting root DSE");
        }
        checkAuthenticated();
        return nextInterceptor.getRootDSE();
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public LdapDN getSuffix(NextInterceptor nextInterceptor, LdapDN ldapDN) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Getting suffix for name = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        return nextInterceptor.getSuffix(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public boolean hasEntry(NextInterceptor nextInterceptor, LdapDN ldapDN) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Testing if entry name = '").append(ldapDN.toString()).append("' exists").toString());
        }
        checkAuthenticated();
        return nextInterceptor.hasEntry(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public boolean isSuffix(NextInterceptor nextInterceptor, LdapDN ldapDN) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Testing suffix for name = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        return nextInterceptor.isSuffix(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration list(NextInterceptor nextInterceptor, LdapDN ldapDN) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Listing base = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        return nextInterceptor.list(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Iterator listSuffixes(NextInterceptor nextInterceptor) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Listing suffixes");
        }
        checkAuthenticated();
        return nextInterceptor.listSuffixes();
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Attributes lookup(NextInterceptor nextInterceptor, LdapDN ldapDN, String[] strArr) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Lookup name = '").append(ldapDN.toString()).append("', attributes = ").append(strArr).toString());
        }
        checkAuthenticated();
        return nextInterceptor.lookup(ldapDN, strArr);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Attributes lookup(NextInterceptor nextInterceptor, LdapDN ldapDN) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Lookup name = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        return nextInterceptor.lookup(ldapDN);
    }

    private void invalidateAuthenticatorCaches(LdapDN ldapDN) {
        Iterator it = this.authenticators.keySet().iterator();
        while (it.hasNext()) {
            Iterator it2 = getAuthenticators((String) it.next()).iterator();
            while (it2.hasNext()) {
                ((Authenticator) it2.next()).invalidateCache(getPrincipal().getJndiName());
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, LdapDN ldapDN, int i, Attributes attributes) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Modifying name = '").append(ldapDN.toString()).append("', modifs = ").append(AttributeUtils.toString(attributes)).toString());
        }
        checkAuthenticated();
        nextInterceptor.modify(ldapDN, i, attributes);
        invalidateAuthenticatorCaches(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, LdapDN ldapDN, ModificationItemImpl[] modificationItemImplArr) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Modifying name = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        nextInterceptor.modify(ldapDN, modificationItemImplArr);
        invalidateAuthenticatorCaches(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modifyRn(NextInterceptor nextInterceptor, LdapDN ldapDN, String str, boolean z) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Modifying name = '").append(ldapDN.toString()).append("', new RDN = '").append(str).append("', oldRDN = '").append(z).append("'").toString());
        }
        checkAuthenticated();
        nextInterceptor.modifyRn(ldapDN, str, z);
        invalidateAuthenticatorCaches(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, LdapDN ldapDN, LdapDN ldapDN2, String str, boolean z) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Moving name = '").append(ldapDN.toString()).append("' to name = '").append(ldapDN2).append("', new RDN = '").append(str).append("', oldRDN = '").append(z).append("'").toString());
        }
        checkAuthenticated();
        nextInterceptor.move(ldapDN, ldapDN2, str, z);
        invalidateAuthenticatorCaches(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, LdapDN ldapDN, LdapDN ldapDN2) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Moving name = '").append(ldapDN.toString()).append(" to name = '").append(ldapDN2).append("'").toString());
        }
        checkAuthenticated();
        nextInterceptor.move(ldapDN, ldapDN2);
        invalidateAuthenticatorCaches(ldapDN);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration search(NextInterceptor nextInterceptor, LdapDN ldapDN, Map map, ExprNode exprNode, SearchControls searchControls) throws NamingException {
        if (IS_DEBUG) {
            log.debug(new StringBuffer().append("Search for base = '").append(ldapDN.toString()).append("'").toString());
        }
        checkAuthenticated();
        return nextInterceptor.search(ldapDN, map, exprNode, searchControls);
    }

    private void checkAuthenticated() throws NamingException {
        ServerContext caller = InvocationStack.getInstance().peek().getCaller();
        if (caller.getPrincipal() == null) {
            throw new IllegalStateException("Attempted operation by unauthenticated caller.");
        }
        if (caller.getEnvironment().containsKey("java.naming.security.credentials")) {
            caller.removeFromEnvironment("java.naming.security.credentials");
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void bind(NextInterceptor nextInterceptor, LdapDN ldapDN, byte[] bArr, List list, String str) throws NamingException {
        ServerContext caller = InvocationStack.getInstance().peek().getCaller();
        if (caller.getPrincipal() != null) {
            if (caller.getEnvironment().containsKey("java.naming.security.credentials")) {
                caller.removeFromEnvironment("java.naming.security.credentials");
                return;
            }
            return;
        }
        Collection<Authenticator> collection = null;
        for (int i = 0; i < list.size(); i++) {
            collection = getAuthenticators((String) list.get(i));
            if (collection != null) {
                break;
            }
        }
        if (collection == null) {
            log.debug("No authenticators found, delegating bind to the nexus.");
            nextInterceptor.bind(ldapDN, bArr, list, str);
            log.debug("Nexus succeeded on bind operation.");
            caller.setPrincipal(new TrustedPrincipalWrapper(this, new LdapPrincipal(ldapDN, LdapJndiProperties.getAuthenticationLevel(caller.getEnvironment())), null));
            caller.removeFromEnvironment("java.naming.security.credentials");
            return;
        }
        for (Authenticator authenticator : collection) {
            try {
                caller.setPrincipal(new TrustedPrincipalWrapper(this, authenticator.authenticate(ldapDN, caller), null));
                caller.removeFromEnvironment("java.naming.security.credentials");
                return;
            } catch (Exception e) {
                if (log.isWarnEnabled()) {
                    log.warn(new StringBuffer().append("Unexpected exception from ").append(authenticator.getClass()).append(" for principal ").append(ldapDN).toString(), (Throwable) e);
                }
            } catch (LdapAuthenticationException e2) {
                if (log.isInfoEnabled()) {
                    log.info(new StringBuffer().append("Authenticator ").append(authenticator.getClass()).append(" failed to authenticate ").append(ldapDN).toString());
                }
            }
        }
        throw new LdapAuthenticationException();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$directory$server$core$authn$AuthenticationService == null) {
            cls = class$("org.apache.directory.server.core.authn.AuthenticationService");
            class$org$apache$directory$server$core$authn$AuthenticationService = cls;
        } else {
            cls = class$org$apache$directory$server$core$authn$AuthenticationService;
        }
        log = LoggerFactory.getLogger(cls);
        IS_DEBUG = log.isDebugEnabled();
    }
}
