package io.undertow.server.security;

import io.undertow.testutils.DefaultServer;
import io.undertow.util.SubstringMapTestCase;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.ldif.LdifEntry;
import org.apache.directory.api.ldap.model.ldif.LdifReader;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
import org.apache.directory.server.core.factory.DirectoryServiceFactory;
import org.apache.directory.server.core.factory.PartitionFactory;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;

/* loaded from: input_file:io/undertow/server/security/KerberosKDCUtil.class */
class KerberosKDCUtil {
    private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
    static final int LDAP_PORT = 11389;
    static final int KDC_PORT = 6088;
    private static final String DIRECTORY_NAME = "Test Service";
    private static boolean initialised;
    private static Path workingDir;
    private static DirectoryService directoryService;
    private static LdapServer ldapServer;
    private static KdcServer kdcServer;

    /* loaded from: input_file:io/undertow/server/security/KerberosKDCUtil$UsernamePasswordCBH.class */
    private static class UsernamePasswordCBH implements CallbackHandler {
        private final String username;
        private final char[] password;

        private UsernamePasswordCBH(String str, char[] cArr) {
            this.username = str;
            this.password = cArr;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.username);
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((PasswordCallback) callback).setPassword(this.password);
                }
            }
        }
    }

    KerberosKDCUtil() {
    }

    public static boolean startServer() throws Exception {
        if (initialised) {
            return false;
        }
        setupEnvironment();
        startLdapServer();
        startKDC();
        initialised = true;
        return true;
    }

    private static void startLdapServer() throws Exception {
        createWorkingDir();
        DefaultDirectoryServiceFactory defaultDirectoryServiceFactory = new DefaultDirectoryServiceFactory();
        defaultDirectoryServiceFactory.init(DIRECTORY_NAME);
        directoryService = defaultDirectoryServiceFactory.getDirectoryService();
        directoryService.addLast(new KeyDerivationInterceptor());
        directoryService.getChangeLog().setEnabled(false);
        SchemaManager schemaManager = directoryService.getSchemaManager();
        createPartition(defaultDirectoryServiceFactory, schemaManager, "users", "ou=users,dc=undertow,dc=io");
        CoreSession adminSession = directoryService.getAdminSession();
        Map singletonMap = Collections.singletonMap("hostname", DefaultServer.getDefaultServerAddress().getHostString());
        processLdif(schemaManager, adminSession, "partition.ldif", singletonMap);
        processLdif(schemaManager, adminSession, "krbtgt.ldif", singletonMap);
        processLdif(schemaManager, adminSession, "user.ldif", singletonMap);
        processLdif(schemaManager, adminSession, "server.ldif", singletonMap);
        ldapServer = new LdapServer();
        ldapServer.setServiceName("DefaultLDAP");
        ldapServer.addTransports(new Transport[]{new TcpTransport("0.0.0.0", LDAP_PORT, 3, 5)});
        ldapServer.setDirectoryService(directoryService);
        ldapServer.start();
    }

    private static void createPartition(DirectoryServiceFactory directoryServiceFactory, SchemaManager schemaManager, String str, String str2) throws Exception {
        PartitionFactory partitionFactory = directoryServiceFactory.getPartitionFactory();
        Partition createPartition = partitionFactory.createPartition(schemaManager, str, str2, SubstringMapTestCase.NUM_TEST_VALUES, workingDir.toFile());
        partitionFactory.addIndex(createPartition, "krb5PrincipalName", 10);
        createPartition.initialize();
        directoryService.addPartition(createPartition);
    }

    private static void processLdif(SchemaManager schemaManager, CoreSession coreSession, String str, Map<String, String> map) throws Exception {
        int read;
        InputStream resourceAsStream = KerberosKDCUtil.class.getResourceAsStream("/ldif/" + str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(resourceAsStream.available());
        while (true) {
            int read2 = resourceAsStream.read();
            if (read2 == -1) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                LdifReader ldifReader = new LdifReader(byteArrayInputStream);
                Iterator it = ldifReader.iterator();
                while (it.hasNext()) {
                    coreSession.add(new DefaultEntry(schemaManager, ((LdifEntry) it.next()).getEntry()));
                }
                ldifReader.close();
                byteArrayInputStream.close();
                return;
            }
            if (read2 == 36) {
                int read3 = resourceAsStream.read();
                if (read3 == 123) {
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    while (true) {
                        read = resourceAsStream.read();
                        if (read == -1 || read == 125) {
                            break;
                        } else {
                            byteArrayOutputStream2.write(read);
                        }
                    }
                    if (read == -1) {
                        byteArrayOutputStream.write(read);
                        byteArrayOutputStream.write(read3);
                        byteArrayOutputStream.write(byteArrayOutputStream2.toByteArray());
                    }
                    String str2 = new String(byteArrayOutputStream2.toByteArray(), StandardCharsets.UTF_8);
                    if (!map.containsKey(str2)) {
                        throw new IllegalArgumentException(String.format("No mapping found for '%s'", str2));
                    }
                    byteArrayOutputStream.write(map.get(str2).getBytes());
                } else {
                    byteArrayOutputStream.write(read2);
                    byteArrayOutputStream.write(read3);
                }
            } else {
                byteArrayOutputStream.write(read2);
            }
        }
    }

    private static void startKDC() throws Exception {
        kdcServer = new KdcServer();
        kdcServer.setServiceName("Test KDC");
        kdcServer.setSearchBaseDn("ou=users,dc=undertow,dc=io");
        KerberosConfig config = kdcServer.getConfig();
        config.setServicePrincipal("krbtgt/UNDERTOW.IO@UNDERTOW.IO");
        config.setPrimaryRealm("UNDERTOW.IO");
        config.setPaEncTimestampRequired(false);
        kdcServer.addTransports(new Transport[]{new UdpTransport("0.0.0.0", KDC_PORT)});
        kdcServer.setDirectoryService(directoryService);
        kdcServer.start();
    }

    private static void setupEnvironment() {
        System.setProperty("java.security.krb5.conf", KerberosKDCUtil.class.getResource("/krb5.conf").getFile());
    }

    private static void createWorkingDir() throws IOException {
        if (workingDir == null) {
            workingDir = Paths.get(".", "target", "apacheds_working");
            if (!Files.exists(workingDir, new LinkOption[0])) {
                Files.createDirectories(workingDir, new FileAttribute[0]);
            }
        }
        DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(workingDir);
        try {
            Iterator<Path> it = newDirectoryStream.iterator();
            while (it.hasNext()) {
                Files.delete(it.next());
            }
            if (newDirectoryStream != null) {
                newDirectoryStream.close();
            }
        } catch (Throwable th) {
            if (newDirectoryStream != null) {
                try {
                    newDirectoryStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Subject login(String str, char[] cArr) throws LoginException {
        Subject subject = new Subject();
        new LoginContext("KDC", subject, new UsernamePasswordCBH(str, cArr), createJaasConfiguration()).login();
        return subject;
    }

    private static Configuration createJaasConfiguration() {
        return new Configuration() { // from class: io.undertow.server.security.KerberosKDCUtil.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                if (!"KDC".equals(str)) {
                    throw new IllegalArgumentException("Unexpected name '" + str + "'");
                }
                AppConfigurationEntry[] appConfigurationEntryArr = new AppConfigurationEntry[1];
                HashMap hashMap = new HashMap();
                hashMap.put("debug", "true");
                hashMap.put("refreshKrb5Config", "true");
                if (KerberosKDCUtil.IS_IBM) {
                    hashMap.put("noAddress", "true");
                    hashMap.put("credsType", "both");
                    appConfigurationEntryArr[0] = new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
                } else {
                    hashMap.put("storeKey", "true");
                    hashMap.put("isInitiator", "true");
                    appConfigurationEntryArr[0] = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
                }
                return appConfigurationEntryArr;
            }
        };
    }
}
