package org.apache.directory.server.ldap.handlers.bind.plain;

import java.io.IOException;
import javax.naming.InvalidNameException;
import javax.security.sasl.SaslException;
import org.apache.directory.server.core.CoreSession;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.ldap.handlers.bind.AbstractSaslServer;
import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
import org.apache.directory.shared.ldap.message.internal.InternalBindRequest;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.schema.PrepareString;
import org.apache.directory.shared.ldap.util.StringTools;

/* loaded from: input_file:resources/libs/apacheds-protocol-ldap-1.5.7.jar:org/apache/directory/server/ldap/handlers/bind/plain/PlainSaslServer.class */
public class PlainSaslServer extends AbstractSaslServer {
    public static final String SASL_PLAIN_AUTHZID = "authzid";
    public static final String SASL_PLAIN_AUTHCID = "authcid";
    public static final String SASL_PLAIN_PASSWORD = "password";
    private NegotiationState state;

    /* loaded from: input_file:resources/libs/apacheds-protocol-ldap-1.5.7.jar:org/apache/directory/server/ldap/handlers/bind/plain/PlainSaslServer$InitialResponse.class */
    private enum InitialResponse {
        AUTHZID_EXPECTED,
        AUTHCID_EXPECTED,
        PASSWORD_EXPECTED
    }

    /* loaded from: input_file:resources/libs/apacheds-protocol-ldap-1.5.7.jar:org/apache/directory/server/ldap/handlers/bind/plain/PlainSaslServer$NegotiationState.class */
    private enum NegotiationState {
        INITIALIZED,
        MECH_RECEIVED,
        COMPLETED
    }

    public PlainSaslServer(LdapSession ldapSession, CoreSession coreSession, InternalBindRequest internalBindRequest) {
        super(ldapSession, coreSession, internalBindRequest);
        this.state = NegotiationState.INITIALIZED;
        getLdapSession().removeSaslProperty(SASL_PLAIN_AUTHZID);
        getLdapSession().removeSaslProperty(SASL_PLAIN_AUTHCID);
        getLdapSession().removeSaslProperty(SASL_PLAIN_PASSWORD);
    }

    public String getMechanismName() {
        return SupportedSaslMechanisms.PLAIN;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (StringTools.isEmpty(bArr)) {
            this.state = NegotiationState.MECH_RECEIVED;
            return null;
        }
        InitialResponse initialResponse = InitialResponse.AUTHZID_EXPECTED;
        String str = null;
        int i = 0;
        int i2 = 0;
        try {
            for (byte b : bArr) {
                if (b != 0) {
                    i2++;
                } else if (i - i2 != 0) {
                    int i3 = i + 1;
                    String str2 = new String(bArr, i3, (i2 - i3) + 1, "UTF-8");
                    switch (initialResponse) {
                        case AUTHZID_EXPECTED:
                            initialResponse = InitialResponse.AUTHCID_EXPECTED;
                            PrepareString.normalize(str2, PrepareString.StringType.CASE_EXACT_IA5);
                            i2++;
                            i = i2;
                            break;
                        case AUTHCID_EXPECTED:
                            initialResponse = InitialResponse.PASSWORD_EXPECTED;
                            str = PrepareString.normalize(str2, PrepareString.StringType.DIRECTORY_STRING);
                            i2++;
                            i = i2;
                            break;
                        default:
                            throw new IllegalArgumentException(I18n.err(I18n.ERR_672, new Object[0]));
                    }
                } else {
                    if (initialResponse != InitialResponse.AUTHZID_EXPECTED) {
                        throw new IllegalArgumentException(I18n.err(I18n.ERR_671, new Object[0]));
                    }
                    initialResponse = InitialResponse.AUTHCID_EXPECTED;
                }
            }
            if (i == i2) {
                throw new IllegalArgumentException(I18n.err(I18n.ERR_671, new Object[0]));
            }
            int i4 = i + 1;
            String normalize = PrepareString.normalize(StringTools.utf8ToString(bArr, i4, (i2 - i4) + 1), PrepareString.StringType.CASE_EXACT_IA5);
            if (str == null || normalize == null) {
                throw new IllegalArgumentException(I18n.err(I18n.ERR_671, new Object[0]));
            }
            getLdapSession().setCoreSession(authenticate(str, normalize));
            this.state = NegotiationState.COMPLETED;
            return StringTools.EMPTY_BYTES;
        } catch (IOException e) {
            throw new IllegalArgumentException(I18n.err(I18n.ERR_674, new Object[0]));
        } catch (InvalidNameException e2) {
            throw new IllegalArgumentException(I18n.err(I18n.ERR_675, new Object[0]));
        } catch (Exception e3) {
            throw new SaslException(I18n.err(I18n.ERR_676, null));
        }
    }

    public boolean isComplete() {
        return this.state == NegotiationState.COMPLETED;
    }

    private CoreSession authenticate(String str, String str2) throws InvalidNameException, Exception {
        BindOperationContext bindOperationContext = new BindOperationContext(getLdapSession().getCoreSession());
        bindOperationContext.setDn(new DN(str));
        bindOperationContext.setCredentials(StringTools.getBytesUtf8(str2));
        getAdminSession().getDirectoryService().getOperationManager().bind(bindOperationContext);
        return bindOperationContext.getSession();
    }
}
