package org.infinispan.server.test.core.ldap;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.ldif.LdifEntry;
import org.apache.directory.api.ldap.model.ldif.LdifReader;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.AnnotationUtils;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.factory.DSAnnotationProcessor;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.factory.ServerAnnotationProcessor;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadmin;
import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.keytab.KeytabEntry;
import org.apache.kerby.kerberos.kerb.server.KdcConfig;
import org.apache.kerby.kerberos.kerb.server.KdcConfigKey;
import org.apache.kerby.kerberos.kerb.server.KdcServer;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.infinispan.commons.util.Util;
import org.infinispan.server.security.AbstractAuthenticationKeyCloak;

/* loaded from: input_file:org/infinispan/server/test/core/ldap/ApacheLdapServer.class */
public class ApacheLdapServer implements LdapServer {
    private static final String LDAP_HOST = "0.0.0.0";
    public static final int KDC_PORT = 6088;
    public static final int LDAP_PORT = 10389;
    public static final int LDAPS_PORT = 10636;
    public static final String DOMAIN = "dc=infinispan,dc=org";
    public static final String REALM = "INFINISPAN.ORG";
    private DirectoryService directoryService;
    private org.apache.directory.server.ldap.LdapServer ldapServer;
    private KdcServer kdcServer;
    private final boolean withKdc;
    private final String initLDIF;
    private LocalKadmin kadmin;

    public ApacheLdapServer(boolean z, String str) {
        this.withKdc = z;
        this.initLDIF = str;
    }

    @CreateDS(name = "InfinispanDS", partitions = {@CreatePartition(name = AbstractAuthenticationKeyCloak.INFINISPAN_REALM, suffix = DOMAIN, contextEntry = @ContextEntry(entryLdif = "dn: dc=infinispan,dc=org\ndc: infinispan\nobjectClass: top\nobjectClass: domain\n\n"), indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou"), @CreateIndex(attribute = "uid")})})
    public void createDs() throws Exception {
        this.directoryService = DSAnnotationProcessor.getDirectoryService();
        this.directoryService.getChangeLog().setEnabled(false);
        this.directoryService.addLast(new KeyDerivationInterceptor());
    }

    @CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP", port = LDAP_PORT, address = LDAP_HOST), @CreateTransport(protocol = "LDAPS", port = LDAPS_PORT, address = LDAP_HOST, ssl = true)})
    public void createLdap(String str) throws Exception {
        this.ldapServer = ServerAnnotationProcessor.instantiateLdapServer((CreateLdapServer) AnnotationUtils.getInstance(CreateLdapServer.class), this.directoryService);
        this.ldapServer.setKeystoreFile(str);
        this.ldapServer.setCertificatePassword("secret");
        Arrays.stream(this.ldapServer.getTransports()).filter((v0) -> {
            return v0.isSSLEnabled();
        }).map(transport -> {
            return (TcpTransport) transport;
        }).forEach(tcpTransport -> {
            tcpTransport.setEnabledProtocols(Arrays.asList("TLSv1.3", "TLSv1.2"));
        });
    }

    @Override // org.infinispan.server.test.core.ldap.LdapServer
    public void start(String str, File file) throws Exception {
        createDs();
        createLdap(str);
        this.ldapServer.start();
        if (this.withKdc) {
            startKdc();
        }
        loadLDIF(file);
    }

    @Override // org.infinispan.server.test.core.ldap.LdapServer
    public void stop() throws Exception {
        try {
            if (this.kdcServer != null) {
                this.kdcServer.stop();
                this.kdcServer = null;
            }
            this.ldapServer.stop();
            this.directoryService.shutdown();
        } finally {
            Util.recursiveFileRemove(this.directoryService.getInstanceLayout().getInstanceDirectory());
        }
    }

    private void loadLDIF(File file) throws IOException, LdapException, KrbException {
        SchemaManager schemaManager = this.directoryService.getSchemaManager();
        CoreSession adminSession = this.directoryService.getAdminSession();
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(this.initLDIF);
        try {
            Iterator it = new LdifReader(resourceAsStream).iterator();
            while (it.hasNext()) {
                LdifEntry ldifEntry = (LdifEntry) it.next();
                adminSession.add(new DefaultEntry(schemaManager, ldifEntry.getEntry()));
                Attribute attribute = ldifEntry.get("krb5PrincipalName");
                if (attribute != null && this.kadmin != null) {
                    String string = attribute.getString();
                    String string2 = ldifEntry.get("userPassword").getString();
                    this.kadmin.addPrincipal(string, string2);
                    if (string.contains("/")) {
                        generateKeyTab(new File(file, string.substring(0, string.indexOf(47)).toLowerCase() + ".keytab"), string, string2);
                    }
                }
            }
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void startKdc() throws KrbException {
        createKdc();
        this.kdcServer.init();
        this.kadmin = new LocalKadminImpl(this.kdcServer.getKdcSetting(), this.kdcServer.getIdentityService());
        this.kdcServer.start();
    }

    private void createKdc() {
        this.kdcServer = new KdcServer();
        this.kdcServer.setKdcRealm(REALM);
        this.kdcServer.setAllowUdp(true);
        this.kdcServer.setKdcPort(KDC_PORT);
        KdcConfig kdcConfig = this.kdcServer.getKdcConfig();
        kdcConfig.setString(KdcConfigKey.KDC_SERVICE_NAME, "TestKDCServer");
        kdcConfig.setLong(KdcConfigKey.MAXIMUM_TICKET_LIFETIME, 86400000L);
        kdcConfig.setLong(KdcConfigKey.MAXIMUM_RENEWABLE_LIFETIME, 604800000L);
        kdcConfig.setBoolean(KdcConfigKey.PA_ENC_TIMESTAMP_REQUIRED, false);
    }

    public static void generateKeyTab(File file, String... strArr) {
        ArrayList arrayList = new ArrayList();
        KerberosTime kerberosTime = new KerberosTime();
        int i = 0;
        while (i < strArr.length) {
            int i2 = i;
            int i3 = i + 1;
            String str = strArr[i2];
            i = i3 + 1;
            for (Map.Entry entry : KerberosKeyFactory.getKerberosKeys(str, strArr[i3]).entrySet()) {
                arrayList.add(new KeytabEntry(new PrincipalName(str), kerberosTime, (byte) ((EncryptionKey) entry.getValue()).getKeyVersion(), new org.apache.kerby.kerberos.kerb.type.base.EncryptionKey(EncryptionType.fromValue(Integer.valueOf(((org.apache.directory.shared.kerberos.codec.types.EncryptionType) entry.getKey()).getValue())), ((EncryptionKey) entry.getValue()).getKeyValue())));
            }
        }
        Keytab keytab = new Keytab();
        keytab.addKeytabEntries(arrayList);
        try {
            keytab.store(file);
        } catch (IOException e) {
            throw new IllegalStateException("Cannot create keytab: " + String.valueOf(file), e);
        }
    }
}
