package org.apache.directory.server.core.authn;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchResult;
import org.apache.directory.server.core.DirectoryServiceConfiguration;
import org.apache.directory.server.core.configuration.AuthenticatorConfiguration;
import org.apache.directory.server.core.configuration.InterceptorConfiguration;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.interceptor.context.EntryOperationContext;
import org.apache.directory.server.core.interceptor.context.GetMatchedNameOperationContext;
import org.apache.directory.server.core.interceptor.context.GetRootDSEOperationContext;
import org.apache.directory.server.core.interceptor.context.GetSuffixOperationContext;
import org.apache.directory.server.core.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.interceptor.context.ListSuffixOperationContext;
import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.invocation.InvocationStack;
import org.apache.directory.server.core.jndi.LdapJndiProperties;
import org.apache.directory.server.core.jndi.ServerContext;
import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.exception.LdapConfigurationException;
import org.apache.directory.shared.ldap.message.MessageTypeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.AttributeUtils;
import org.apache.directory.shared.ldap.util.StringTools;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/core/authn/AuthenticationService.class */
public class AuthenticationService extends BaseInterceptor {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationService.class);
    private static final boolean IS_DEBUG = log.isDebugEnabled();
    public Map<String, Collection<Authenticator>> authenticators = new HashMap();
    private DirectoryServiceConfiguration factoryCfg;

    /* loaded from: input_file:org/apache/directory/server/core/authn/AuthenticationService$TrustedPrincipalWrapper.class */
    public final class TrustedPrincipalWrapper {
        private final LdapPrincipal principal;

        private TrustedPrincipalWrapper(LdapPrincipal ldapPrincipal) {
            this.principal = ldapPrincipal;
        }

        public LdapPrincipal getPrincipal() {
            return this.principal;
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void init(DirectoryServiceConfiguration directoryServiceConfiguration, InterceptorConfiguration interceptorConfiguration) throws NamingException {
        this.factoryCfg = directoryServiceConfiguration;
        Iterator<AuthenticatorConfiguration> it = directoryServiceConfiguration.getStartupConfiguration().getAuthenticatorConfigurations().iterator();
        while (it.hasNext()) {
            try {
                register(it.next());
            } catch (Exception e) {
                destroy();
                throw new NamingException("Failed to register authenticator.").initCause(e);
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void destroy() {
        HashSet<Collection> hashSet = new HashSet();
        hashSet.addAll(this.authenticators.values());
        for (Collection collection : hashSet) {
            HashSet hashSet2 = new HashSet();
            hashSet2.addAll(collection);
            Iterator it = hashSet2.iterator();
            while (it.hasNext()) {
                unregister((Authenticator) it.next());
            }
        }
        this.authenticators.clear();
    }

    private Authenticator instantiateAuthenticator(AuthenticatorConfiguration authenticatorConfiguration) throws NamingException {
        if (authenticatorConfiguration == null) {
            throw new IllegalStateException("Cannot get instance of authenticator without a proper configuration.");
        }
        try {
            try {
                return (Authenticator) Class.forName(authenticatorConfiguration.getAuthenticatorClassName()).newInstance();
            } catch (IllegalAccessException e) {
                String str = "Default constructor for authenticator implementation class '" + authenticatorConfiguration.getAuthenticatorClassName() + "' for authenticator with name " + authenticatorConfiguration.getName() + " is not publicly accessible.";
                log.error(str);
                throw new LdapConfigurationException(str, e);
            } catch (InstantiationException e2) {
                String str2 = "No default constructor in authenticator implementation class '" + authenticatorConfiguration.getAuthenticatorClassName() + "' for authenticator with name " + authenticatorConfiguration.getName();
                log.error(str2);
                throw new LdapConfigurationException(str2, e2);
            }
        } catch (ClassNotFoundException e3) {
            String str3 = "Could not load authenticator implementation class '" + authenticatorConfiguration.getAuthenticatorClassName() + "' for authenticator with name " + authenticatorConfiguration.getName();
            log.error(str3);
            throw new LdapConfigurationException(str3, e3);
        }
    }

    private void register(AuthenticatorConfiguration authenticatorConfiguration) throws NamingException {
        Authenticator instantiateAuthenticator = instantiateAuthenticator(authenticatorConfiguration);
        instantiateAuthenticator.init(this.factoryCfg, authenticatorConfiguration);
        Collection<Authenticator> authenticators = getAuthenticators(instantiateAuthenticator.getAuthenticatorType());
        if (authenticators == null) {
            authenticators = new ArrayList();
            this.authenticators.put(instantiateAuthenticator.getAuthenticatorType(), authenticators);
        }
        authenticators.add(instantiateAuthenticator);
    }

    private void unregister(Authenticator authenticator) {
        Collection<Authenticator> authenticators = getAuthenticators(authenticator.getAuthenticatorType());
        if (authenticators == null) {
            return;
        }
        authenticators.remove(authenticator);
        try {
            authenticator.destroy();
        } catch (Throwable th) {
            log.warn("Failed to destroy an authenticator.", th);
        }
    }

    private Collection<Authenticator> getAuthenticators(String str) {
        Collection<Authenticator> collection = this.authenticators.get(str);
        if (collection == null || collection.size() <= 0) {
            return null;
        }
        return collection;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void add(NextInterceptor nextInterceptor, AddOperationContext addOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Adding the entry " + AttributeUtils.toString(addOperationContext.getEntry()) + " for DN = '" + addOperationContext.getDn().getUpName() + "'");
        }
        checkAuthenticated(MessageTypeEnum.ADD_REQUEST);
        nextInterceptor.add(addOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void delete(NextInterceptor nextInterceptor, DeleteOperationContext deleteOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Deleting name = '" + deleteOperationContext.getDn().getUpName() + "'");
        }
        checkAuthenticated(MessageTypeEnum.DEL_REQUEST);
        nextInterceptor.delete(deleteOperationContext);
        invalidateAuthenticatorCaches(deleteOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public LdapDN getMatchedName(NextInterceptor nextInterceptor, GetMatchedNameOperationContext getMatchedNameOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Matching name = '" + getMatchedNameOperationContext.getDn().getUpName() + "'");
        }
        checkAuthenticated();
        return nextInterceptor.getMatchedName(getMatchedNameOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Attributes getRootDSE(NextInterceptor nextInterceptor, GetRootDSEOperationContext getRootDSEOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Getting root DSE");
        }
        checkAuthenticated();
        return nextInterceptor.getRootDSE(getRootDSEOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public LdapDN getSuffix(NextInterceptor nextInterceptor, GetSuffixOperationContext getSuffixOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Getting suffix for name = '" + getSuffixOperationContext.getDn().getUpName() + "'");
        }
        checkAuthenticated();
        return nextInterceptor.getSuffix(getSuffixOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public boolean hasEntry(NextInterceptor nextInterceptor, EntryOperationContext entryOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Testing if entry name = '" + entryOperationContext.getDn().getUpName() + "' exists");
        }
        checkAuthenticated();
        return nextInterceptor.hasEntry(entryOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration<SearchResult> list(NextInterceptor nextInterceptor, ListOperationContext listOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Listing base = '" + listOperationContext.getDn().getUpName() + "'");
        }
        checkAuthenticated();
        return nextInterceptor.list(listOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Iterator<String> listSuffixes(NextInterceptor nextInterceptor, ListSuffixOperationContext listSuffixOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Listing suffixes");
        }
        checkAuthenticated();
        return nextInterceptor.listSuffixes(listSuffixOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Attributes lookup(NextInterceptor nextInterceptor, LookupOperationContext lookupOperationContext) throws NamingException {
        if (IS_DEBUG) {
            List<String> attrsId = lookupOperationContext.getAttrsId();
            if (attrsId == null || attrsId.size() == 0) {
                log.debug("Lookup name = '" + lookupOperationContext.getDn().getUpName() + "', no attributes ");
            } else {
                log.debug("Lookup name = '" + lookupOperationContext.getDn().getUpName() + "', attributes = " + StringTools.listToString(attrsId));
            }
        }
        checkAuthenticated();
        return nextInterceptor.lookup(lookupOperationContext);
    }

    private void invalidateAuthenticatorCaches(LdapDN ldapDN) {
        Iterator<String> it = this.authenticators.keySet().iterator();
        while (it.hasNext()) {
            Iterator<Authenticator> it2 = getAuthenticators(it.next()).iterator();
            while (it2.hasNext()) {
                it2.next().invalidateCache(ldapDN);
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, ModifyOperationContext modifyOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug(modifyOperationContext.toString());
        }
        checkAuthenticated(MessageTypeEnum.MODIFY_REQUEST);
        nextInterceptor.modify(modifyOperationContext);
        invalidateAuthenticatorCaches(modifyOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void rename(NextInterceptor nextInterceptor, RenameOperationContext renameOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Modifying name = '" + renameOperationContext.getDn().getUpName() + "', new RDN = '" + renameOperationContext.getNewRdn() + "', oldRDN = '" + renameOperationContext.getDelOldDn() + "'");
        }
        checkAuthenticated(MessageTypeEnum.MOD_DN_REQUEST);
        nextInterceptor.rename(renameOperationContext);
        invalidateAuthenticatorCaches(renameOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void moveAndRename(NextInterceptor nextInterceptor, MoveAndRenameOperationContext moveAndRenameOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Moving name = '" + moveAndRenameOperationContext.getDn().getUpName() + "' to name = '" + moveAndRenameOperationContext.getParent() + "', new RDN = '" + moveAndRenameOperationContext.getNewRdn() + "', oldRDN = '" + moveAndRenameOperationContext.getDelOldDn() + "'");
        }
        checkAuthenticated(MessageTypeEnum.MOD_DN_REQUEST);
        nextInterceptor.moveAndRename(moveAndRenameOperationContext);
        invalidateAuthenticatorCaches(moveAndRenameOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, MoveOperationContext moveOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Moving name = '" + moveOperationContext.getDn().getUpName() + " to name = '" + moveOperationContext.getParent().getUpName() + "'");
        }
        checkAuthenticated(MessageTypeEnum.MOD_DN_REQUEST);
        nextInterceptor.move(moveOperationContext);
        invalidateAuthenticatorCaches(moveOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public NamingEnumeration<SearchResult> search(NextInterceptor nextInterceptor, SearchOperationContext searchOperationContext) throws NamingException {
        if (IS_DEBUG) {
            log.debug("Search for base = '" + searchOperationContext.getDn().getUpName() + "'");
        }
        checkAuthenticated(MessageTypeEnum.SEARCH_REQUEST);
        return nextInterceptor.search(searchOperationContext);
    }

    private void checkAuthenticated(MessageTypeEnum messageTypeEnum) throws NamingException {
        try {
            checkAuthenticated();
        } catch (IllegalStateException e) {
            log.error("Attempted operation {} by unauthenticated caller.", messageTypeEnum.name());
            throw new IllegalStateException("Attempted operation by unauthenticated caller.");
        }
    }

    private void checkAuthenticated() throws NamingException {
        ServerContext caller = InvocationStack.getInstance().peek().getCaller();
        if (caller.getPrincipal() == null) {
            throw new IllegalStateException("Attempted operation by unauthenticated caller.");
        }
        if (caller.getEnvironment().containsKey("java.naming.security.credentials")) {
            caller.removeFromEnvironment("java.naming.security.credentials");
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void bind(NextInterceptor nextInterceptor, BindOperationContext bindOperationContext) throws NamingException {
        LdapDN dn = bindOperationContext.getDn();
        String upName = dn.getUpName();
        if (IS_DEBUG) {
            log.debug("Bind operation. bindDn: " + upName);
        }
        ServerContext caller = InvocationStack.getInstance().peek().getCaller();
        if (IS_DEBUG) {
            log.debug("bind: principal: " + caller.getPrincipal());
        }
        if (caller.getPrincipal() != null) {
            if (caller.getEnvironment().containsKey("java.naming.security.credentials")) {
                caller.removeFromEnvironment("java.naming.security.credentials");
                return;
            }
            return;
        }
        Collection<Authenticator> collection = null;
        Iterator<String> it = bindOperationContext.getMechanisms().iterator();
        while (it.hasNext()) {
            collection = getAuthenticators(it.next());
            if (collection != null) {
                break;
            }
        }
        if (collection == null) {
            log.debug("No authenticators found, delegating bind to the nexus.");
            nextInterceptor.bind(bindOperationContext);
            log.debug("Nexus succeeded on bind operation.");
            caller.setPrincipal(new TrustedPrincipalWrapper(new LdapPrincipal(dn, LdapJndiProperties.getAuthenticationLevel(caller.getEnvironment()))));
            caller.removeFromEnvironment("java.naming.security.credentials");
            return;
        }
        for (Authenticator authenticator : collection) {
            try {
                caller.setPrincipal(new TrustedPrincipalWrapper(authenticator.authenticate(dn, caller)));
                caller.removeFromEnvironment("java.naming.security.credentials");
                return;
            } catch (Exception e) {
                if (log.isWarnEnabled()) {
                    log.warn("Unexpected exception from " + authenticator.getClass() + " for principal " + upName, e);
                }
            } catch (LdapAuthenticationException e2) {
                if (log.isInfoEnabled()) {
                    log.info("Authenticator " + authenticator.getClass() + " failed to authenticate " + upName);
                }
            }
        }
        if (log.isInfoEnabled()) {
            log.info("Cannot bind to the server ");
        }
        throw new LdapAuthenticationException();
    }
}
