package org.apache.directory.server.core.authn;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.lang.ArrayUtils;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.entry.ClonedServerEntry;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.shared.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.model.constants.LdapSecurityConstants;
import org.apache.directory.shared.ldap.model.entry.Attribute;
import org.apache.directory.shared.ldap.model.entry.Entry;
import org.apache.directory.shared.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.model.exception.LdapException;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.apache.directory.shared.util.Base64;
import org.apache.directory.shared.util.StringConstants;
import org.apache.directory.shared.util.Strings;
import org.apache.directory.shared.util.UnixCrypt;
import org.apache.mina.core.session.IoSession;

/* loaded from: input_file:org/apache/directory/server/core/authn/SimpleAuthenticator.class */
public class SimpleAuthenticator extends AbstractAuthenticator {
    private static final boolean IS_DEBUG = LOG.isDebugEnabled();
    private final LRUMap credentialCache;
    private static final int DEFAULT_CACHE_SIZE = 100;

    public SimpleAuthenticator() {
        super(AuthenticationLevel.SIMPLE);
        this.credentialCache = new LRUMap(DEFAULT_CACHE_SIZE);
    }

    public SimpleAuthenticator(int i) {
        super(AuthenticationLevel.SIMPLE);
        this.credentialCache = new LRUMap(i > 0 ? i : DEFAULT_CACHE_SIZE);
    }

    private LdapPrincipal getStoredPassword(BindOperationContext bindOperationContext) throws LdapException {
        LdapPrincipal ldapPrincipal = null;
        if (!getDirectoryService().isPwdPolicyEnabled()) {
            synchronized (this.credentialCache) {
                ldapPrincipal = (LdapPrincipal) this.credentialCache.get(bindOperationContext.getDn().getNormName());
            }
        }
        if (ldapPrincipal == null) {
            byte[] lookupUserPassword = lookupUserPassword(bindOperationContext);
            if (lookupUserPassword == null) {
                lookupUserPassword = ArrayUtils.EMPTY_BYTE_ARRAY;
            }
            ldapPrincipal = new LdapPrincipal(getDirectoryService().getSchemaManager(), bindOperationContext.getDn(), AuthenticationLevel.SIMPLE, lookupUserPassword);
            if (!getDirectoryService().isPwdPolicyEnabled()) {
                synchronized (this.credentialCache) {
                    this.credentialCache.put(bindOperationContext.getDn().getNormName(), ldapPrincipal);
                }
            }
        }
        return ldapPrincipal;
    }

    @Override // org.apache.directory.server.core.authn.Authenticator
    public LdapPrincipal authenticate(BindOperationContext bindOperationContext) throws LdapException {
        if (IS_DEBUG) {
            LOG.debug("Authenticating {}", bindOperationContext.getDn());
        }
        byte[] credentials = bindOperationContext.getCredentials();
        LdapPrincipal storedPassword = getStoredPassword(bindOperationContext);
        IoSession ioSession = bindOperationContext.getIoSession();
        if (ioSession != null) {
            storedPassword.setClientAddress(ioSession.getRemoteAddress());
            storedPassword.setServerAddress(ioSession.getServiceAddress());
        }
        if (PasswordUtil.compareCredentials(credentials, storedPassword.getUserPassword())) {
            if (IS_DEBUG) {
                LOG.debug("{} Authenticated", bindOperationContext.getDn());
            }
            return storedPassword;
        }
        String err = I18n.err(I18n.ERR_230, new Object[]{bindOperationContext.getDn().getName()});
        LOG.info(err);
        throw new LdapAuthenticationException(err);
    }

    private byte[] lookupUserPassword(BindOperationContext bindOperationContext) throws LdapException {
        try {
            LookupOperationContext lookupOperationContext = new LookupOperationContext(getDirectoryService().getAdminSession(), bindOperationContext.getDn());
            lookupOperationContext.addAttrsId("*");
            lookupOperationContext.addAttrsId("+");
            Entry lookup = getDirectoryService().getPartitionNexus().lookup(lookupOperationContext);
            if (lookup == null) {
                Dn dn = bindOperationContext.getDn();
                throw new LdapAuthenticationException(I18n.err(I18n.ERR_231, new Object[]{dn == null ? "" : dn.getName()}));
            }
            checkPwdPolicy(lookup);
            Attribute attribute = lookup.get("userPassword");
            bindOperationContext.setEntry(new ClonedServerEntry(lookup));
            return attribute == null ? StringConstants.EMPTY_BYTES : attribute.get().getBytes();
        } catch (Exception e) {
            LOG.error(I18n.err(I18n.ERR_6, new Object[]{e.getLocalizedMessage()}));
            LdapAuthenticationException ldapAuthenticationException = new LdapAuthenticationException(e.getLocalizedMessage());
            ldapAuthenticationException.initCause(ldapAuthenticationException);
            throw ldapAuthenticationException;
        }
    }

    protected String getAlgorithmForHashedPassword(byte[] bArr) throws IllegalArgumentException {
        String str = null;
        String utf8ToString = Strings.utf8ToString(bArr);
        int indexOf = utf8ToString.indexOf(125);
        if (utf8ToString.length() > 2 && utf8ToString.charAt(0) == '{' && indexOf > -1) {
            String substring = utf8ToString.substring(1, indexOf);
            if (LdapSecurityConstants.HASH_METHOD_CRYPT.getName().equalsIgnoreCase(substring)) {
                return substring;
            }
            try {
                MessageDigest.getInstance(substring);
                str = substring;
            } catch (NoSuchAlgorithmException e) {
                LOG.warn("Unknown message digest algorithm in password: " + substring, e);
            }
        }
        return str;
    }

    protected String createDigestedPassword(String str, byte[] bArr) throws IllegalArgumentException {
        try {
            return LdapSecurityConstants.HASH_METHOD_CRYPT.getName().equalsIgnoreCase(str) ? '{' + str + '}' + Arrays.toString(Strings.getBytesUtf8(UnixCrypt.crypt(Strings.utf8ToString(bArr), "").substring(2))) : '{' + str + '}' + new String(Base64.encode(MessageDigest.getInstance(str).digest(bArr)));
        } catch (NoSuchAlgorithmException e) {
            LOG.error(I18n.err(I18n.ERR_7, new Object[]{str}));
            throw new IllegalArgumentException(e.getLocalizedMessage());
        }
    }

    @Override // org.apache.directory.server.core.authn.AbstractAuthenticator, org.apache.directory.server.core.authn.Authenticator
    public void invalidateCache(Dn dn) {
        synchronized (this.credentialCache) {
            this.credentialCache.remove(dn.getNormName());
        }
    }
}
