package org.apache.directory.server.kerberos.changepwd.protocol;

import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.changepwd.ChangePasswordServer;
import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswdErrorType;
import org.apache.directory.server.kerberos.changepwd.exceptions.ChangePasswordException;
import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordError;
import org.apache.directory.server.kerberos.changepwd.messages.ChangePasswordRequest;
import org.apache.directory.server.kerberos.changepwd.service.ChangePasswordContext;
import org.apache.directory.server.kerberos.changepwd.service.ChangePasswordService;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.components.PrincipalName;
import org.apache.directory.shared.kerberos.exceptions.ErrorType;
import org.apache.directory.shared.kerberos.exceptions.KerberosException;
import org.apache.directory.shared.kerberos.messages.KrbError;
import org.apache.mina.core.service.IoHandler;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.filter.codec.ProtocolCodecFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:resources/libs/apacheds-service-2.0.0-M11.jar:org/apache/directory/server/kerberos/changepwd/protocol/ChangePasswordProtocolHandler.class */
public class ChangePasswordProtocolHandler implements IoHandler {
    private static final Logger log = LoggerFactory.getLogger(ChangePasswordProtocolHandler.class);
    private ChangePasswordServer server;
    private PrincipalStore store;
    private String contextKey = "context";

    public ChangePasswordProtocolHandler(ChangePasswordServer changePasswordServer, PrincipalStore principalStore) {
        this.server = changePasswordServer;
        this.store = principalStore;
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionCreated(IoSession ioSession) throws Exception {
        if (log.isDebugEnabled()) {
            log.debug("{} CREATED:  {}", ioSession.getRemoteAddress(), ioSession.getTransportMetadata());
        }
        ioSession.getFilterChain().addFirst("codec", new ProtocolCodecFilter(ChangePasswordProtocolCodecFactory.getInstance()));
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionOpened(IoSession ioSession) {
        log.debug("{} OPENED", ioSession.getRemoteAddress());
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionClosed(IoSession ioSession) {
        log.debug("{} CLOSED", ioSession.getRemoteAddress());
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionIdle(IoSession ioSession, IdleStatus idleStatus) {
        log.debug("{} IDLE ({})", ioSession.getRemoteAddress(), idleStatus);
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void exceptionCaught(IoSession ioSession, Throwable th) {
        log.debug(ioSession.getRemoteAddress() + " EXCEPTION", th);
        ioSession.close(true);
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void messageReceived(IoSession ioSession, Object obj) {
        log.debug("{} RCVD:  {}", ioSession.getRemoteAddress(), obj);
        InetAddress address = ((InetSocketAddress) ioSession.getRemoteAddress()).getAddress();
        ChangePasswordRequest changePasswordRequest = (ChangePasswordRequest) obj;
        try {
            ChangePasswordContext changePasswordContext = new ChangePasswordContext();
            changePasswordContext.setConfig(this.server.getConfig());
            changePasswordContext.setStore(this.store);
            changePasswordContext.setClientAddress(address);
            changePasswordContext.setRequest(changePasswordRequest);
            changePasswordContext.setReplayCache(this.server.getReplayCache());
            ioSession.setAttribute(getContextKey(), changePasswordContext);
            ChangePasswordService.execute(ioSession, changePasswordContext);
            ioSession.write(changePasswordContext.getReply());
        } catch (KerberosException e) {
            if (log.isDebugEnabled()) {
                log.warn(e.getLocalizedMessage(), (Throwable) e);
            } else {
                log.warn(e.getLocalizedMessage());
            }
            ioSession.write(new ChangePasswordError(changePasswordRequest.getVersionNumber(), getErrorMessage(this.server.getConfig().getServicePrincipal(), e)));
        } catch (Exception e2) {
            log.error(I18n.err(I18n.ERR_152, e2.getLocalizedMessage()), (Throwable) e2);
            ioSession.write(new ChangePasswordError(changePasswordRequest.getVersionNumber(), getErrorMessage(this.server.getConfig().getServicePrincipal(), new ChangePasswordException(ChangePasswdErrorType.KRB5_KPASSWD_UNKNOWN_ERROR))));
        }
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void messageSent(IoSession ioSession, Object obj) {
        if (log.isDebugEnabled()) {
            log.debug("{} SENT:  {}", ioSession.getRemoteAddress(), obj);
        }
    }

    protected String getContextKey() {
        return this.contextKey;
    }

    private KrbError getErrorMessage(KerberosPrincipal kerberosPrincipal, KerberosException kerberosException) {
        KrbError krbError = new KrbError();
        KerberosTime kerberosTime = new KerberosTime();
        krbError.setErrorCode(ErrorType.KRB_ERR_GENERIC);
        krbError.setEText(kerberosException.getLocalizedMessage());
        krbError.setSName(new PrincipalName(kerberosPrincipal));
        krbError.setSTime(kerberosTime);
        krbError.setSusec(0);
        krbError.setEData(buildExplanatoryData(kerberosException));
        return krbError;
    }

    private byte[] buildExplanatoryData(KerberosException kerberosException) {
        short errorCode = (short) kerberosException.getErrorCode();
        byte[] bArr = {0};
        if (kerberosException.getExplanatoryData() == null || kerberosException.getExplanatoryData().length == 0) {
            try {
                bArr = kerberosException.getLocalizedMessage().getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                log.error(e.getLocalizedMessage());
            }
        } else {
            bArr = kerberosException.getExplanatoryData();
        }
        ByteBuffer allocate = ByteBuffer.allocate(2 + bArr.length);
        allocate.putShort(errorCode);
        allocate.put(bArr);
        return allocate.array();
    }
}
