package org.apache.directory.server.kerberos.kdc;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
import net.sf.ehcache.concurrent.Sync;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler;
import org.apache.directory.server.kerberos.protocol.codec.KerberosProtocolCodecFactory;
import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.replay.ReplayCacheImpl;
import org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore;
import org.apache.directory.server.protocol.shared.DirectoryBackedService;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.shared.ldap.model.name.Dn;
import org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder;
import org.apache.mina.core.service.IoAcceptor;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.apache.mina.transport.socket.DatagramAcceptor;
import org.apache.mina.transport.socket.nio.NioSocketAcceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/kerberos/kdc/KdcServer.class */
public class KdcServer extends DirectoryBackedService {
    private static final long serialVersionUID = 522567370475574165L;
    private static final int DEFAULT_IP_PORT = 88;
    private static final String DEFAULT_PID = "org.apache.directory.server.kerberos";
    private static final String DEFAULT_NAME = "ApacheDS Kerberos Service";
    private static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";
    private static final String DEFAULT_REALM = "EXAMPLE.COM";
    private static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 300000;
    private static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;
    private static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;
    private static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 86400000;
    private static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 604800000;
    private static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;
    private static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;
    private static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true;
    private static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;
    private static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true;
    private Set<EncryptionType> encryptionTypes;
    private String primaryRealm = DEFAULT_REALM;
    private String servicePrincipal = DEFAULT_PRINCIPAL;
    private long allowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;
    private boolean isPaEncTimestampRequired = true;
    private long maximumTicketLifetime = 86400000;
    private long maximumRenewableLifetime = Sync.ONE_WEEK;
    private boolean isEmptyAddressesAllowed = true;
    private boolean isForwardableAllowed = true;
    private boolean isProxiableAllowed = true;
    private boolean isPostdatedAllowed = true;
    private boolean isRenewableAllowed = true;
    private boolean isBodyChecksumVerified = true;
    private ReplayCache replayCache;
    private static final Logger LOG = LoggerFactory.getLogger(KdcServer.class.getName());
    private static final String[] DEFAULT_ENCRYPTION_TYPES = {"des-cbc-md5"};

    public KdcServer() {
        super.setServiceName(DEFAULT_NAME);
        super.setServiceId(DEFAULT_PID);
        super.setSearchBaseDn(ServerDNConstants.USER_EXAMPLE_COM_DN);
        prepareEncryptionTypes();
    }

    public long getAllowableClockSkew() {
        return this.allowableClockSkew;
    }

    public boolean isEmptyAddressesAllowed() {
        return this.isEmptyAddressesAllowed;
    }

    public boolean isForwardableAllowed() {
        return this.isForwardableAllowed;
    }

    public boolean isPostdatedAllowed() {
        return this.isPostdatedAllowed;
    }

    public boolean isProxiableAllowed() {
        return this.isProxiableAllowed;
    }

    public boolean isRenewableAllowed() {
        return this.isRenewableAllowed;
    }

    public long getMaximumRenewableLifetime() {
        return this.maximumRenewableLifetime;
    }

    public long getMaximumTicketLifetime() {
        return this.maximumTicketLifetime;
    }

    public void setAllowableClockSkew(long j) {
        this.allowableClockSkew = j;
    }

    public void setEncryptionTypes(EncryptionType[] encryptionTypeArr) {
        if (encryptionTypeArr != null) {
            this.encryptionTypes.clear();
            for (EncryptionType encryptionType : encryptionTypeArr) {
                this.encryptionTypes.add(encryptionType);
            }
        }
    }

    public void setEncryptionTypes(Set<EncryptionType> set) {
        this.encryptionTypes = set;
    }

    public void setEmptyAddressesAllowed(boolean z) {
        this.isEmptyAddressesAllowed = z;
    }

    public void setForwardableAllowed(boolean z) {
        this.isForwardableAllowed = z;
    }

    public void setPaEncTimestampRequired(boolean z) {
        this.isPaEncTimestampRequired = z;
    }

    public void setPostdatedAllowed(boolean z) {
        this.isPostdatedAllowed = z;
    }

    public void setProxiableAllowed(boolean z) {
        this.isProxiableAllowed = z;
    }

    public void setRenewableAllowed(boolean z) {
        this.isRenewableAllowed = z;
    }

    public void setKdcPrincipal(String str) {
        this.servicePrincipal = str;
    }

    public void setMaximumRenewableLifetime(long j) {
        this.maximumRenewableLifetime = j;
    }

    public void setMaximumTicketLifetime(long j) {
        this.maximumTicketLifetime = j;
    }

    public void setPrimaryRealm(String str) {
        this.primaryRealm = str;
    }

    public String getPrimaryRealm() {
        return this.primaryRealm;
    }

    public KerberosPrincipal getServicePrincipal() {
        return new KerberosPrincipal(this.servicePrincipal);
    }

    public Set<EncryptionType> getEncryptionTypes() {
        return this.encryptionTypes;
    }

    public boolean isPaEncTimestampRequired() {
        return this.isPaEncTimestampRequired;
    }

    public boolean isBodyChecksumVerified() {
        return this.isBodyChecksumVerified;
    }

    public void setBodyChecksumVerified(boolean z) {
        this.isBodyChecksumVerified = z;
    }

    public ReplayCache getReplayCache() {
        return this.replayCache;
    }

    @Override // org.apache.directory.server.protocol.shared.ProtocolService
    public void start() throws IOException, LdapInvalidDnException {
        DirectoryPrincipalStore directoryPrincipalStore = new DirectoryPrincipalStore(getDirectoryService(), new Dn(getSearchBaseDn()));
        LOG.debug("initializing the kerberos replay cache");
        this.replayCache = new ReplayCacheImpl(getDirectoryService().getCacheService().getCache("kdcReplayCache"), this.allowableClockSkew);
        if (this.transports == null || this.transports.size() == 0) {
            UdpTransport udpTransport = new UdpTransport(88);
            setTransports(udpTransport);
            DatagramAcceptor acceptor = udpTransport.getAcceptor();
            DefaultIoFilterChainBuilder defaultIoFilterChainBuilder = new DefaultIoFilterChainBuilder();
            defaultIoFilterChainBuilder.addFirst("codec", new ProtocolCodecFilter(KerberosProtocolCodecFactory.getInstance()));
            acceptor.setFilterChainBuilder(defaultIoFilterChainBuilder);
            acceptor.setHandler(new KerberosProtocolHandler(this, directoryPrincipalStore));
            acceptor.bind();
        } else {
            for (Transport transport : this.transports) {
                IoAcceptor acceptor2 = transport.getAcceptor();
                DefaultIoFilterChainBuilder defaultIoFilterChainBuilder2 = new DefaultIoFilterChainBuilder();
                if (transport instanceof TcpTransport) {
                    acceptor2.setCloseOnDeactivation(false);
                    ((NioSocketAcceptor) acceptor2).getSessionConfig().setTcpNoDelay(true);
                    ((NioSocketAcceptor) acceptor2).setReuseAddress(true);
                }
                defaultIoFilterChainBuilder2.addFirst("codec", new ProtocolCodecFilter(KerberosProtocolCodecFactory.getInstance()));
                acceptor2.setFilterChainBuilder(defaultIoFilterChainBuilder2);
                acceptor2.setHandler(new KerberosProtocolHandler(this, directoryPrincipalStore));
                acceptor2.bind();
            }
        }
        LOG.info("Kerberos service started.");
    }

    @Override // org.apache.directory.server.protocol.shared.ProtocolService
    public void stop() {
        for (Transport transport : getTransports()) {
            IoAcceptor acceptor = transport.getAcceptor();
            if (acceptor != null) {
                acceptor.dispose();
            }
        }
        if (this.replayCache != null) {
            this.replayCache.clear();
        }
        LOG.info("Kerberos service stopped.");
    }

    private void prepareEncryptionTypes() {
        String[] strArr = DEFAULT_ENCRYPTION_TYPES;
        this.encryptionTypes = new HashSet();
        for (String str : strArr) {
            for (EncryptionType encryptionType : EncryptionType.getEncryptionTypes()) {
                if (encryptionType.getName().equalsIgnoreCase(str)) {
                    this.encryptionTypes.add(encryptionType);
                }
            }
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("KDCServer[").append(getServiceName()).append("], listening on :").append('\n');
        if (getTransports() != null) {
            for (Transport transport : getTransports()) {
                sb.append("    ").append(transport).append('\n');
            }
        }
        return sb.toString();
    }
}
