package org.apache.directory.server.kerberos;

import java.util.HashSet;
import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
import net.sf.ehcache.concurrent.Sync;
import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.directory.shared.kerberos.KerberosUtils;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.codec.types.PrincipalNameType;

/* loaded from: input_file:resources/libs/apacheds-service-2.0.0-M14.jar:org/apache/directory/server/kerberos/KerberosConfig.class */
public class KerberosConfig {
    public static final String DEFAULT_PRINCIPAL = "krbtgt/EXAMPLE.COM@EXAMPLE.COM";
    public static final String DEFAULT_REALM = "EXAMPLE.COM";
    public static final long DEFAULT_ALLOWABLE_CLOCKSKEW = 300000;
    public static final boolean DEFAULT_EMPTY_ADDRESSES_ALLOWED = true;
    public static final boolean DEFAULT_PA_ENC_TIMESTAMP_REQUIRED = true;
    public static final int DEFAULT_TGS_MAXIMUM_TICKET_LIFETIME = 86400000;
    public static final int DEFAULT_TGS_MINIMUM_TICKET_LIFETIME = 240000;
    public static final int DEFAULT_TGS_MAXIMUM_RENEWABLE_LIFETIME = 604800000;
    public static final boolean DEFAULT_TGS_FORWARDABLE_ALLOWED = true;
    public static final boolean DEFAULT_TGS_PROXIABLE_ALLOWED = true;
    public static final boolean DEFAULT_TGS_POSTDATED_ALLOWED = true;
    public static final boolean DEFAULT_TGS_RENEWABLE_ALLOWED = true;
    public static final boolean DEFAULT_VERIFY_BODY_CHECKSUM = true;
    public static final String[] DEFAULT_ENCRYPTION_TYPES = {"aes128-cts-hmac-sha1-96", "des-cbc-md5", "des3-cbc-sha1-kd"};
    private String primaryRealm = DEFAULT_REALM;
    private String servicePrincipal = DEFAULT_PRINCIPAL;
    private long allowableClockSkew = DEFAULT_ALLOWABLE_CLOCKSKEW;
    private boolean isPaEncTimestampRequired = true;
    private long maximumTicketLifetime = 86400000;
    private long minimumTicketLifetime = 240000;
    private long maximumRenewableLifetime = Sync.ONE_WEEK;
    private boolean isEmptyAddressesAllowed = true;
    private boolean isForwardableAllowed = true;
    private boolean isProxiableAllowed = true;
    private boolean isPostdatedAllowed = true;
    private boolean isRenewableAllowed = true;
    private boolean isBodyChecksumVerified = true;
    private Set<EncryptionType> encryptionTypes;
    private KerberosPrincipal srvPrincipal;
    private String searchBaseDn;

    public KerberosConfig() {
        setSearchBaseDn(ServerDNConstants.USER_EXAMPLE_COM_DN);
        prepareEncryptionTypes();
    }

    public long getAllowableClockSkew() {
        return this.allowableClockSkew;
    }

    public boolean isEmptyAddressesAllowed() {
        return this.isEmptyAddressesAllowed;
    }

    public boolean isForwardableAllowed() {
        return this.isForwardableAllowed;
    }

    public boolean isPostdatedAllowed() {
        return this.isPostdatedAllowed;
    }

    public boolean isProxiableAllowed() {
        return this.isProxiableAllowed;
    }

    public boolean isRenewableAllowed() {
        return this.isRenewableAllowed;
    }

    public long getMaximumRenewableLifetime() {
        return this.maximumRenewableLifetime;
    }

    public long getMaximumTicketLifetime() {
        return this.maximumTicketLifetime;
    }

    public void setAllowableClockSkew(long j) {
        this.allowableClockSkew = j;
    }

    public void setEncryptionTypes(EncryptionType[] encryptionTypeArr) {
        if (encryptionTypeArr != null) {
            this.encryptionTypes.clear();
            for (EncryptionType encryptionType : encryptionTypeArr) {
                this.encryptionTypes.add(encryptionType);
            }
        }
        this.encryptionTypes = KerberosUtils.orderEtypesByStrength(this.encryptionTypes);
    }

    public void setEncryptionTypes(Set<EncryptionType> set) {
        this.encryptionTypes = KerberosUtils.orderEtypesByStrength(set);
    }

    public void setEmptyAddressesAllowed(boolean z) {
        this.isEmptyAddressesAllowed = z;
    }

    public void setForwardableAllowed(boolean z) {
        this.isForwardableAllowed = z;
    }

    public void setPaEncTimestampRequired(boolean z) {
        this.isPaEncTimestampRequired = z;
    }

    public void setPostdatedAllowed(boolean z) {
        this.isPostdatedAllowed = z;
    }

    public void setProxiableAllowed(boolean z) {
        this.isProxiableAllowed = z;
    }

    public void setRenewableAllowed(boolean z) {
        this.isRenewableAllowed = z;
    }

    public void setServicePrincipal(String str) {
        this.servicePrincipal = str;
    }

    public void setMaximumRenewableLifetime(long j) {
        this.maximumRenewableLifetime = j;
    }

    public void setMaximumTicketLifetime(long j) {
        this.maximumTicketLifetime = j;
    }

    public void setPrimaryRealm(String str) {
        this.primaryRealm = str;
    }

    public String getPrimaryRealm() {
        return this.primaryRealm;
    }

    public KerberosPrincipal getServicePrincipal() {
        if (this.srvPrincipal == null) {
            this.srvPrincipal = new KerberosPrincipal(this.servicePrincipal, PrincipalNameType.KRB_NT_SRV_INST.getValue());
        }
        return this.srvPrincipal;
    }

    public Set<EncryptionType> getEncryptionTypes() {
        return this.encryptionTypes;
    }

    public boolean isPaEncTimestampRequired() {
        return this.isPaEncTimestampRequired;
    }

    public boolean isBodyChecksumVerified() {
        return this.isBodyChecksumVerified;
    }

    public void setBodyChecksumVerified(boolean z) {
        this.isBodyChecksumVerified = z;
    }

    public String getSearchBaseDn() {
        return this.searchBaseDn;
    }

    public void setSearchBaseDn(String str) {
        this.searchBaseDn = str;
    }

    public long getMinimumTicketLifetime() {
        return this.minimumTicketLifetime;
    }

    public void setMinimumTicketLifetime(long j) {
        this.minimumTicketLifetime = j;
    }

    private void prepareEncryptionTypes() {
        String[] strArr = DEFAULT_ENCRYPTION_TYPES;
        this.encryptionTypes = new HashSet();
        for (String str : strArr) {
            for (EncryptionType encryptionType : EncryptionType.getEncryptionTypes()) {
                if (encryptionType.getName().equalsIgnoreCase(str)) {
                    this.encryptionTypes.add(encryptionType);
                }
            }
        }
        this.encryptionTypes = KerberosUtils.orderEtypesByStrength(this.encryptionTypes);
    }
}
