package org.apache.directory.api.ldap.codec.api;

import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.directory.api.ldap.model.constants.JndiPropertyConstants;
import org.apache.directory.api.ldap.model.constants.SaslQoP;
import org.apache.mina.core.buffer.IoBuffer;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.DefaultWriteRequest;
import org.apache.mina.core.write.WriteRequest;
import org.apache.mina.proxy.handlers.http.ntlm.NTLMConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/api/ldap/codec/api/SaslFilter.class */
public class SaslFilter extends IoFilterAdapter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SaslFilter.class);
    public static final String DISABLE_SECURITY_LAYER_ONCE = SaslFilter.class.getName() + ".DisableSecurityLayerOnce";
    public static final String BYTES = SaslFilter.class.getName() + ".Buffer";
    public static final String OFFSET = SaslFilter.class.getName() + ".Offset";
    private final SaslClient saslClient;
    private final SaslServer saslServer;
    private boolean hasSecurityLayer;
    private int maxBufferSize;

    public SaslFilter(SaslClient saslClient) {
        if (saslClient == null) {
            throw new IllegalArgumentException();
        }
        this.saslServer = null;
        this.saslClient = saslClient;
        initHasSecurityLayer((String) saslClient.getNegotiatedProperty(JndiPropertyConstants.JNDI_SASL_QOP));
        initMaxBuffer((String) saslClient.getNegotiatedProperty(JndiPropertyConstants.JNDI_SASL_MAX_BUFFER));
    }

    public SaslFilter(SaslServer saslServer) {
        if (saslServer == null) {
            throw new IllegalArgumentException();
        }
        this.saslClient = null;
        this.saslServer = saslServer;
        initHasSecurityLayer((String) saslServer.getNegotiatedProperty(JndiPropertyConstants.JNDI_SASL_QOP));
        initMaxBuffer((String) saslServer.getNegotiatedProperty(JndiPropertyConstants.JNDI_SASL_MAX_BUFFER));
    }

    private void initHasSecurityLayer(String str) {
        this.hasSecurityLayer = str != null && (str.equals(SaslQoP.AUTH_INT.getValue()) || str.equals(SaslQoP.AUTH_CONF.getValue()));
    }

    private void initMaxBuffer(String str) {
        this.maxBufferSize = str != null ? Integer.parseInt(str) : NTLMConstants.FLAG_TARGET_TYPE_DOMAIN;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public synchronized void messageReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, Object obj) throws SaslException {
        LOG.debug("Message received:  {}", obj);
        if (!this.hasSecurityLayer) {
            LOG.debug("Will not use SASL on received message.");
            nextFilter.messageReceived(ioSession, obj);
            return;
        }
        IoBuffer ioBuffer = (IoBuffer) obj;
        while (ioBuffer.hasRemaining()) {
            byte[] bArr = (byte[]) ioSession.getAttribute(BYTES, null);
            int intValue = ((Integer) ioSession.getAttribute(OFFSET, -1)).intValue();
            if (bArr == null) {
                int i = ioBuffer.getInt();
                if (i > this.maxBufferSize) {
                    throw new IllegalStateException(i + " exceeds the negotiated receive buffer size limit: " + this.maxBufferSize);
                }
                bArr = new byte[i];
                intValue = 0;
            }
            int min = Math.min(bArr.length - intValue, ioBuffer.remaining());
            ioBuffer.get(bArr, intValue, min);
            int i2 = intValue + min;
            if (i2 < bArr.length) {
                LOG.debug("Partial SASL message received:  {}/{}", Integer.valueOf(i2), Integer.valueOf(bArr.length));
                ioSession.setAttribute(BYTES, bArr);
                ioSession.setAttribute(OFFSET, Integer.valueOf(i2));
                return;
            } else {
                LOG.debug("Will use SASL to unwrap received message of length:  {}", Integer.valueOf(bArr.length));
                nextFilter.messageReceived(ioSession, IoBuffer.wrap(unwrap(bArr, 0, bArr.length)));
                ioSession.removeAttribute(BYTES);
                ioSession.removeAttribute(OFFSET);
            }
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public synchronized void filterWrite(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) throws SaslException {
        LOG.debug("Filtering write request:  {}", writeRequest);
        if (ioSession.containsAttribute(DISABLE_SECURITY_LAYER_ONCE)) {
            LOG.debug("Disabling SaslFilter once; will not use SASL on write request.");
            ioSession.removeAttribute(DISABLE_SECURITY_LAYER_ONCE);
            nextFilter.filterWrite(ioSession, writeRequest);
            return;
        }
        if (!this.hasSecurityLayer) {
            LOG.debug("Will not use SASL on write request.");
            nextFilter.filterWrite(ioSession, writeRequest);
            return;
        }
        IoBuffer ioBuffer = (IoBuffer) writeRequest.getMessage();
        int remaining = ioBuffer.remaining();
        byte[] bArr = new byte[remaining];
        ioBuffer.get(bArr);
        LOG.info("Will use SASL to wrap message of length:  {}", Integer.valueOf(remaining));
        int i = this.maxBufferSize - 200;
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= remaining) {
                return;
            }
            byte[] wrap = wrap(bArr, i3, Math.min(remaining - i3, i));
            IoBuffer allocate = IoBuffer.allocate(4 + wrap.length);
            allocate.putInt(wrap.length);
            allocate.put(wrap);
            allocate.position(0);
            allocate.limit(4 + wrap.length);
            LOG.debug("Sending encrypted token of length {}.", Integer.valueOf(allocate.limit()));
            nextFilter.filterWrite(ioSession, new DefaultWriteRequest(allocate, writeRequest.getFuture()));
            i2 = i3 + i;
        }
    }

    private byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        return this.saslClient != null ? this.saslClient.wrap(bArr, i, i2) : this.saslServer.wrap(bArr, i, i2);
    }

    private byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        return this.saslClient != null ? this.saslClient.unwrap(bArr, i, i2) : this.saslServer.unwrap(bArr, i, i2);
    }
}
