package org.apache.directory.server.operations.bind;

import java.util.HashMap;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.OperationNotSupportedException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPException;
import netscape.ldap.LDAPUrl;
import org.apache.commons.lang.ArrayUtils;
import org.apache.directory.junit.tools.MultiThreadedMultiInvoker;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ContextEntry;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.ldap.handlers.bind.SimpleMechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.digestMD5.DigestMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmMechanismHandler;
import org.apache.directory.server.ldap.handlers.extended.StoredProcedureExtendedOperationHandler;
import org.apache.directory.shared.asn1.util.Asn1StringUtils;
import org.apache.directory.shared.ldap.model.message.Control;
import org.apache.directory.shared.ldap.model.message.controls.OpaqueControl;
import org.apache.directory.shared.ldap.util.JndiUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;

@CreateLdapServer(transports = {@CreateTransport(protocol = "LDAP")})
@RunWith(FrameworkRunner.class)
@CreateDS(allowAnonAccess = true, name = "MiscBindIT-class", partitions = {@CreatePartition(name = "example", suffix = "dc=aPache,dc=org", contextEntry = @ContextEntry(entryLdif = "dn: dc=aPache,dc=org\ndc: aPache\nobjectClass: top\nobjectClass: domain\n\n"), indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou")})})
/* loaded from: input_file:org/apache/directory/server/operations/bind/MiscBindIT.class */
public class MiscBindIT extends AbstractLdapTestUnit {

    @Rule
    public MultiThreadedMultiInvoker i = new MultiThreadedMultiInvoker(false);
    private boolean oldAnnonymousAccess;

    @Before
    public void init() throws Exception {
        getLdapServer().addExtendedOperationHandler(new StoredProcedureExtendedOperationHandler());
        HashMap hashMap = new HashMap();
        hashMap.put("PLAIN", new SimpleMechanismHandler());
        hashMap.put("CRAM-MD5", new CramMd5MechanismHandler());
        hashMap.put("DIGEST-MD5", new DigestMd5MechanismHandler());
        hashMap.put("GSSAPI", new GssapiMechanismHandler());
        NtlmMechanismHandler ntlmMechanismHandler = new NtlmMechanismHandler();
        hashMap.put("NTLM", ntlmMechanismHandler);
        hashMap.put("GSS-SPNEGO", ntlmMechanismHandler);
        getLdapServer().setSaslMechanismHandlers(hashMap);
        this.oldAnnonymousAccess = getLdapServer().getDirectoryService().isAllowAnonymousAccess();
    }

    @After
    public void revertAnonnymous() {
        getLdapServer().getDirectoryService().setAllowAnonymousAccess(this.oldAnnonymousAccess);
    }

    @Test
    public void testDisableAnonymousBinds() throws Exception {
        getLdapServer().getDirectoryService().setAllowAnonymousAccess(false);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort() + "/ou=system");
        hashtable.put("java.naming.security.authentication", "none");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        try {
            new InitialDirContext(hashtable);
            Assert.fail();
        } catch (Exception e) {
        }
        try {
            LDAPConnection.search(new LDAPUrl("localhost", getLdapServer().getPort(), "ou=system", new String[]{"vendorName"}, 0, "(ObjectClass=*)"));
            Assert.fail();
        } catch (LDAPException e2) {
        }
    }

    @Test
    public void testEnableAnonymousBindsOnRootDSE() throws Exception {
        getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort() + "/");
        hashtable.put("java.naming.security.authentication", "none");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        NamingEnumeration search = initialDirContext.search("", "(objectClass=*)", searchControls);
        SearchResult searchResult = null;
        if (search.hasMore()) {
            searchResult = (SearchResult) search.next();
        }
        Assert.assertFalse(search.hasMore());
        search.close();
        Assert.assertNotNull(searchResult);
        Assert.assertEquals("", searchResult.getName().trim());
    }

    @Test
    public void testAnonymousBindsEnabledBaseSearch() throws Exception {
        getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort() + "/");
        hashtable.put("java.naming.security.authentication", "none");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        NamingEnumeration search = initialDirContext.search("dc=apache,dc=org", "(objectClass=*)", searchControls);
        SearchResult searchResult = null;
        if (search.hasMore()) {
            searchResult = (SearchResult) search.next();
        }
        Assert.assertFalse(search.hasMore());
        search.close();
        Assert.assertNotNull(searchResult);
        Assert.assertNotNull(searchResult.getAttributes().get("dc"));
    }

    @Test
    public void testAdminAccessBug() throws Exception {
        getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort());
        hashtable.put("java.naming.ldap.version", "3");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add("top");
        basicAttribute.add("organizationalUnit");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("ou", "blah");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        initialDirContext.createSubcontext("ou=blah,ou=system", basicAttributes);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(0);
        searchControls.setReturningAttributes(new String[]{"+"});
        NamingEnumeration search = initialDirContext.search("ou=blah,ou=system", "(objectClass=*)", searchControls);
        SearchResult searchResult = (SearchResult) search.next();
        search.close();
        Assert.assertEquals("", searchResult.getAttributes().get("creatorsName").get());
        initialDirContext.destroySubcontext("ou=blah,ou=system");
    }

    @Test
    public void testUserAuthOnMixedCaseSuffix() throws Exception {
        getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort() + "/dc=aPache,dc=org");
        hashtable.put("java.naming.ldap.version", "3");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        Assert.assertTrue(initialDirContext.getAttributes("").get("dc").get().equals("aPache"));
        BasicAttributes basicAttributes = new BasicAttributes("cn", "Kate Bush", true);
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add("top");
        basicAttribute.add("person");
        basicAttribute.add("organizationalPerson");
        basicAttribute.add("inetOrgPerson");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("sn", "Bush");
        basicAttributes.put("userPassword", "Aerial");
        initialDirContext.createSubcontext("cn=Kate Bush", basicAttributes);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.credentials", "Aerial");
        hashtable.put("java.naming.security.principal", "cn=Kate Bush,dc=aPache,dc=org");
        Assert.assertNotNull(new InitialDirContext(hashtable));
        initialDirContext.destroySubcontext("cn=Kate Bush");
    }

    @Test
    public void testFailureWithUnsupportedControl() throws Exception {
        Control opaqueControl = new OpaqueControl("1.1.1.1");
        opaqueControl.setCritical(true);
        getLdapServer().getDirectoryService().setAllowAnonymousAccess(true);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.provider.url", "ldap://localhost:" + getLdapServer().getPort() + "/ou=system");
        hashtable.put("java.naming.ldap.version", "3");
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.credentials", "secret");
        hashtable.put("java.naming.security.principal", "uid=admin,ou=system");
        InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (javax.naming.ldap.Control[]) null);
        BasicAttributes basicAttributes = new BasicAttributes("cn", "Kate Bush", true);
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add("top");
        basicAttribute.add("person");
        basicAttribute.add("organizationalPerson");
        basicAttribute.add("inetOrgPerson");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("sn", "Bush");
        basicAttributes.put("userPassword", "Aerial");
        initialLdapContext.setRequestControls(JndiUtils.toJndiControls(getLdapServer().getDirectoryService().getLdapCodecService(), new Control[]{opaqueControl}));
        try {
            initialLdapContext.createSubcontext("cn=Kate Bush", basicAttributes);
            Assert.fail();
        } catch (OperationNotSupportedException e) {
        }
        opaqueControl.setCritical(false);
        initialLdapContext.setRequestControls(JndiUtils.toJndiControls(getLdapServer().getDirectoryService().getLdapCodecService(), new Control[]{opaqueControl}));
        DirContext createSubcontext = initialLdapContext.createSubcontext("cn=Kate Bush", basicAttributes);
        Assert.assertNotNull(createSubcontext);
        Assert.assertTrue(ArrayUtils.isEquals(Asn1StringUtils.getBytesUtf8("Aerial"), createSubcontext.getAttributes("").get("userPassword").get()));
        initialLdapContext.destroySubcontext("cn=Kate Bush");
    }
}
