package org.opends.server.extensions;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.List;
import javax.security.sasl.SaslException;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.config.server.ConfigurationChangeListener;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.server.config.meta.DigestMD5SASLMechanismHandlerCfgDefn;
import org.forgerock.opendj.server.config.server.DigestMD5SASLMechanismHandlerCfg;
import org.forgerock.opendj.server.config.server.SASLMechanismHandlerCfg;
import org.opends.messages.ExtensionMessages;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.IdentityMapper;
import org.opends.server.api.SASLMechanismHandler;
import org.opends.server.core.BindOperation;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.InitializationException;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:WEB-INF/lib/opendj.jar:org/opends/server/extensions/DigestMD5SASLMechanismHandler.class */
public class DigestMD5SASLMechanismHandler extends SASLMechanismHandler<DigestMD5SASLMechanismHandlerCfg> implements ConfigurationChangeListener<DigestMD5SASLMechanismHandlerCfg> {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private DigestMD5SASLMechanismHandlerCfg configuration;
    private IdentityMapper<?> identityMapper;
    private HashMap<String, String> saslProps;
    private String serverFQDN;
    private DN configEntryDN;
    private static final String REALM_PROPERTY = "com.sun.security.sasl.digest.realm";

    @Override // org.opends.server.api.SASLMechanismHandler
    public void initializeSASLMechanismHandler(DigestMD5SASLMechanismHandlerCfg digestMD5SASLMechanismHandlerCfg) throws ConfigException, InitializationException {
        digestMD5SASLMechanismHandlerCfg.addDigestMD5ChangeListener(this);
        this.configEntryDN = digestMD5SASLMechanismHandlerCfg.dn();
        try {
            this.identityMapper = DirectoryServer.getIdentityMapper(digestMD5SASLMechanismHandlerCfg.getIdentityMapperDN());
            this.serverFQDN = getFQDN(digestMD5SASLMechanismHandlerCfg);
            logger.info(ExtensionMessages.NOTE_DIGEST_MD5_SERVER_FQDN.get(this.serverFQDN));
            String qop = getQOP(digestMD5SASLMechanismHandlerCfg);
            this.saslProps = new HashMap<>();
            this.saslProps.put("javax.security.sasl.qop", qop);
            String realm = getRealm(digestMD5SASLMechanismHandlerCfg);
            if (realm != null) {
                logger.error(ExtensionMessages.INFO_DIGEST_MD5_REALM.get(realm));
                this.saslProps.put(REALM_PROPERTY, getRealm(digestMD5SASLMechanismHandlerCfg));
            }
            this.configuration = digestMD5SASLMechanismHandlerCfg;
            DirectoryServer.registerSASLMechanismHandler("DIGEST-MD5", this);
        } catch (UnknownHostException e) {
            logger.traceException(e);
            throw new InitializationException(ExtensionMessages.ERR_SASL_CANNOT_GET_SERVER_FQDN.get(this.configEntryDN, StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public void finalizeSASLMechanismHandler() {
        this.configuration.removeDigestMD5ChangeListener(this);
        DirectoryServer.deregisterSASLMechanismHandler("DIGEST-MD5");
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public void processSASLBind(BindOperation bindOperation) {
        if (bindOperation.getClientConnection() == null) {
            bindOperation.setAuthFailureReason(ExtensionMessages.ERR_SASLGSSAPI_NO_CLIENT_CONNECTION.get());
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
            return;
        }
        ClientConnection clientConnection = bindOperation.getClientConnection();
        SASLContext sASLContext = (SASLContext) clientConnection.getSASLAuthStateInfo();
        if (sASLContext != null) {
            sASLContext.evaluateFinalStage(bindOperation);
            return;
        }
        try {
            SASLContext.createSASLContext(this.saslProps, this.serverFQDN, "DIGEST-MD5", this.identityMapper).evaluateInitialStage(bindOperation);
        } catch (SaslException e) {
            logger.traceException(e);
            LocalizableMessage localizableMessage = ExtensionMessages.ERR_SASL_CONTEXT_CREATE_ERROR.get("DIGEST-MD5", StaticUtils.getExceptionMessage(e));
            clientConnection.setSASLAuthStateInfo(null);
            bindOperation.setAuthFailureReason(localizableMessage);
            bindOperation.setResultCode(ResultCode.INVALID_CREDENTIALS);
        }
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isPasswordBased(String str) {
        return true;
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isSecure(String str) {
        return true;
    }

    @Override // org.opends.server.api.SASLMechanismHandler
    public boolean isConfigurationAcceptable(SASLMechanismHandlerCfg sASLMechanismHandlerCfg, List<LocalizableMessage> list) {
        return isConfigurationChangeAcceptable2((DigestMD5SASLMechanismHandlerCfg) sASLMechanismHandlerCfg, list);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(DigestMD5SASLMechanismHandlerCfg digestMD5SASLMechanismHandlerCfg, List<LocalizableMessage> list) {
        return true;
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(DigestMD5SASLMechanismHandlerCfg digestMD5SASLMechanismHandlerCfg) {
        ConfigChangeResult configChangeResult = new ConfigChangeResult();
        try {
            this.identityMapper = DirectoryServer.getIdentityMapper(digestMD5SASLMechanismHandlerCfg.getIdentityMapperDN());
            this.serverFQDN = getFQDN(digestMD5SASLMechanismHandlerCfg);
            logger.info(ExtensionMessages.NOTE_DIGEST_MD5_SERVER_FQDN.get(this.serverFQDN));
            String qop = getQOP(digestMD5SASLMechanismHandlerCfg);
            this.saslProps = new HashMap<>();
            this.saslProps.put("javax.security.sasl.qop", qop);
            String realm = getRealm(digestMD5SASLMechanismHandlerCfg);
            if (realm != null) {
                logger.error(ExtensionMessages.INFO_DIGEST_MD5_REALM.get(realm));
                this.saslProps.put(REALM_PROPERTY, getRealm(digestMD5SASLMechanismHandlerCfg));
            }
            this.configuration = digestMD5SASLMechanismHandlerCfg;
        } catch (UnknownHostException e) {
            logger.traceException(e);
            configChangeResult.setResultCode(ResultCode.OPERATIONS_ERROR);
            configChangeResult.addMessage(ExtensionMessages.ERR_SASL_CANNOT_GET_SERVER_FQDN.get(this.configEntryDN, StaticUtils.getExceptionMessage(e)));
        }
        return configChangeResult;
    }

    private String getQOP(DigestMD5SASLMechanismHandlerCfg digestMD5SASLMechanismHandlerCfg) {
        DigestMD5SASLMechanismHandlerCfgDefn.QualityOfProtection qualityOfProtection = digestMD5SASLMechanismHandlerCfg.getQualityOfProtection();
        return qualityOfProtection.equals(DigestMD5SASLMechanismHandlerCfgDefn.QualityOfProtection.CONFIDENTIALITY) ? "auth-conf" : qualityOfProtection.equals(DigestMD5SASLMechanismHandlerCfgDefn.QualityOfProtection.INTEGRITY) ? "auth-int" : "auth";
    }

    private String getFQDN(DigestMD5SASLMechanismHandlerCfg digestMD5SASLMechanismHandlerCfg) throws UnknownHostException {
        String serverFqdn = digestMD5SASLMechanismHandlerCfg.getServerFqdn();
        if (serverFqdn == null) {
            serverFqdn = InetAddress.getLocalHost().getCanonicalHostName();
        }
        return serverFqdn;
    }

    private String getRealm(DigestMD5SASLMechanismHandlerCfg digestMD5SASLMechanismHandlerCfg) {
        return digestMD5SASLMechanismHandlerCfg.getRealm();
    }

    @Override // org.forgerock.opendj.config.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(DigestMD5SASLMechanismHandlerCfg digestMD5SASLMechanismHandlerCfg, List list) {
        return isConfigurationChangeAcceptable2(digestMD5SASLMechanismHandlerCfg, (List<LocalizableMessage>) list);
    }
}
