package org.forgerock.opendj.ldap;

import com.forgerock.opendj.ldap.controls.AccountUsabilityResponseControl;
import com.forgerock.reactive.ServerConnectionFactoryAdapter;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.forgerock.opendj.io.ASN1;
import org.forgerock.opendj.io.ASN1Reader;
import org.forgerock.opendj.ldap.controls.Control;
import org.forgerock.opendj.ldap.controls.ControlDecoder;
import org.forgerock.opendj.ldap.requests.AbandonRequest;
import org.forgerock.opendj.ldap.requests.AddRequest;
import org.forgerock.opendj.ldap.requests.BindRequest;
import org.forgerock.opendj.ldap.requests.CompareRequest;
import org.forgerock.opendj.ldap.requests.DeleteRequest;
import org.forgerock.opendj.ldap.requests.ExtendedRequest;
import org.forgerock.opendj.ldap.requests.GenericBindRequest;
import org.forgerock.opendj.ldap.requests.ModifyDNRequest;
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Request;
import org.forgerock.opendj.ldap.requests.SearchRequest;
import org.forgerock.opendj.ldap.requests.UnbindRequest;
import org.forgerock.opendj.ldap.responses.BindResult;
import org.forgerock.opendj.ldap.responses.CompareResult;
import org.forgerock.opendj.ldap.responses.ExtendedResult;
import org.forgerock.opendj.ldap.responses.Responses;
import org.forgerock.opendj.ldap.responses.Result;
import org.forgerock.opendj.ldap.responses.SearchResultEntry;
import org.forgerock.util.Options;
import sun.security.tools.keytool.CertAndKeyGen;
import sun.security.x509.X500Name;

/* loaded from: input_file:org/forgerock/opendj/ldap/LDAPServer.class */
public class LDAPServer implements ServerConnectionFactory<LDAPClientContext, Integer> {
    private static final LDAPServer INSTANCE = new LDAPServer();
    private LDAPListener listener;
    private volatile boolean isRunning;
    private static SSLContext sslContext;
    private final ConcurrentHashMap<DN, Entry> entryMap = new ConcurrentHashMap<>();
    private final ConcurrentHashMap<Integer, AbandonableRequest> requestsInProgress = new ConcurrentHashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/opendj/ldap/LDAPServer$AbandonableRequest.class */
    public static class AbandonableRequest implements Request {
        private final Request request;
        private final AtomicBoolean isCanceled = new AtomicBoolean(false);

        AbandonableRequest(Request request) {
            this.request = request;
        }

        public Request addControl(Control control) {
            return this.request.addControl(control);
        }

        public boolean containsControl(String str) {
            return this.request.containsControl(str);
        }

        public <C extends Control> C getControl(ControlDecoder<C> controlDecoder, DecodeOptions decodeOptions) throws DecodeException {
            return (C) this.request.getControl(controlDecoder, decodeOptions);
        }

        public List<Control> getControls() {
            return this.request.getControls();
        }

        void cancel() {
            this.isCanceled.set(true);
        }

        boolean isCanceled() {
            return this.isCanceled.get();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/opendj/ldap/LDAPServer$LDAPServerConnection.class */
    public class LDAPServerConnection implements ServerConnection<Integer> {
        private final LDAPClientContext clientContext;
        private SaslServer saslServer;

        private LDAPServerConnection(LDAPClientContext lDAPClientContext) {
            this.clientContext = lDAPClientContext;
        }

        public void handleAbandon(Integer num, AbandonRequest abandonRequest) throws UnsupportedOperationException {
            AbandonableRequest abandonableRequest = (AbandonableRequest) LDAPServer.this.requestsInProgress.get(Integer.valueOf(abandonRequest.getRequestID()));
            if (abandonableRequest == null) {
                return;
            }
            abandonableRequest.cancel();
        }

        public void handleAdd(Integer num, AddRequest addRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler<Result> ldapResultHandler) throws UnsupportedOperationException {
            AbandonableRequest abandonableRequest = new AbandonableRequest(addRequest);
            LDAPServer.this.requestsInProgress.put(num, abandonableRequest);
            DN name = addRequest.getName();
            if (LDAPServer.this.entryMap.containsKey(name)) {
                ldapResultHandler.handleException(LdapException.newLdapException(Responses.newResult(ResultCode.ENTRY_ALREADY_EXISTS)));
                LDAPServer.this.requestsInProgress.remove(num);
                return;
            }
            SearchResultEntry newSearchResultEntry = Responses.newSearchResultEntry(name);
            Iterator it = addRequest.getControls().iterator();
            while (it.hasNext()) {
                newSearchResultEntry.addControl((Control) it.next());
            }
            Iterator it2 = addRequest.getAllAttributes().iterator();
            while (it2.hasNext()) {
                newSearchResultEntry.addAttribute((Attribute) it2.next());
            }
            if (abandonableRequest.isCanceled()) {
                ldapResultHandler.handleException(LdapException.newLdapException(Responses.newResult(ResultCode.CANCELLED)));
                LDAPServer.this.requestsInProgress.remove(num);
            } else {
                LDAPServer.this.entryMap.put(name, newSearchResultEntry);
                LDAPServer.this.requestsInProgress.remove(num);
                ldapResultHandler.handleResult(Responses.newResult(ResultCode.SUCCESS));
            }
        }

        public void handleBind(Integer num, int i, BindRequest bindRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler<BindResult> ldapResultHandler) throws UnsupportedOperationException {
            LDAPServer.this.requestsInProgress.put(num, new AbandonableRequest(bindRequest));
            if (bindRequest.getAuthenticationType() == -93 && (bindRequest instanceof GenericBindRequest)) {
                ASN1Reader reader = ASN1.getReader(((GenericBindRequest) bindRequest).getAuthenticationValue());
                try {
                    String readOctetStringAsString = reader.readOctetStringAsString();
                    ByteString readOctetString = reader.hasNextElement() ? reader.readOctetString() : ByteString.empty();
                    if (this.saslServer == null || !this.saslServer.getMechanismName().equalsIgnoreCase(readOctetStringAsString)) {
                        HashMap hashMap = new HashMap();
                        hashMap.put("javax.security.sasl.qop", "auth-conf,auth-int,auth");
                        this.saslServer = Sasl.createSaslServer(readOctetStringAsString, "ldap", ((InetSocketAddress) LDAPServer.this.listener.getSocketAddresses().iterator().next()).getHostName(), hashMap, new CallbackHandler() { // from class: org.forgerock.opendj.ldap.LDAPServer.LDAPServerConnection.1
                            @Override // javax.security.auth.callback.CallbackHandler
                            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                                for (Callback callback : callbackArr) {
                                    if (!(callback instanceof NameCallback)) {
                                        if (callback instanceof PasswordCallback) {
                                            ((PasswordCallback) callback).setPassword("password".toCharArray());
                                        } else if (callback instanceof AuthorizeCallback) {
                                            ((AuthorizeCallback) callback).setAuthorized(true);
                                        } else if (!(callback instanceof RealmCallback)) {
                                            throw new UnsupportedCallbackException(callback);
                                        }
                                    }
                                }
                            }
                        });
                    }
                    byte[] evaluateResponse = this.saslServer.evaluateResponse(readOctetString.toByteArray());
                    if (this.saslServer.isComplete()) {
                        BindResult newBindResult = Responses.newBindResult(ResultCode.SUCCESS);
                        if (evaluateResponse != null) {
                            newBindResult.setServerSASLCredentials(ByteString.wrap(evaluateResponse));
                        }
                        ldapResultHandler.handleResult(newBindResult);
                        String str = (String) this.saslServer.getNegotiatedProperty("javax.security.sasl.qop");
                        if ("auth-int".equalsIgnoreCase(str) || "auth-conf".equalsIgnoreCase(str)) {
                            this.clientContext.enableSASL(this.saslServer);
                        }
                    } else {
                        ldapResultHandler.handleResult(Responses.newBindResult(ResultCode.SASL_BIND_IN_PROGRESS).setServerSASLCredentials(ByteString.wrap(evaluateResponse)));
                    }
                } catch (Exception e) {
                    ldapResultHandler.handleException(LdapException.newLdapException(Responses.newBindResult(ResultCode.OPERATIONS_ERROR).setCause(e).setDiagnosticMessage(e.toString())));
                }
            } else {
                ldapResultHandler.handleResult(Responses.newBindResult(ResultCode.SUCCESS));
            }
            LDAPServer.this.requestsInProgress.remove(num);
        }

        public void handleConnectionClosed(Integer num, UnbindRequest unbindRequest) {
            close();
        }

        private void close() {
            if (this.saslServer != null) {
                try {
                    this.saslServer.dispose();
                } catch (SaslException e) {
                    e.printStackTrace();
                }
            }
        }

        public void handleConnectionDisconnected(ResultCode resultCode, String str) {
            close();
        }

        public void handleConnectionError(Throwable th) {
            close();
        }

        public void handleCompare(Integer num, CompareRequest compareRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler<CompareResult> ldapResultHandler) throws UnsupportedOperationException {
            AbandonableRequest abandonableRequest = new AbandonableRequest(compareRequest);
            LDAPServer.this.requestsInProgress.put(num, abandonableRequest);
            DN name = compareRequest.getName();
            if (!LDAPServer.this.entryMap.containsKey(name)) {
                ldapResultHandler.handleException(LdapException.newLdapException(Responses.newCompareResult(ResultCode.NO_SUCH_ATTRIBUTE)));
                LDAPServer.this.requestsInProgress.remove(num);
                return;
            }
            Iterator it = ((Entry) LDAPServer.this.entryMap.get(name)).getAllAttributes(compareRequest.getAttributeDescription()).iterator();
            while (it.hasNext()) {
                for (ByteString byteString : (Attribute) it.next()) {
                    if (abandonableRequest.isCanceled()) {
                        ldapResultHandler.handleException(LdapException.newLdapException(Responses.newResult(ResultCode.CANCELLED)));
                        LDAPServer.this.requestsInProgress.remove(num);
                        return;
                    } else if (byteString.equals(compareRequest.getAssertionValue())) {
                        ldapResultHandler.handleResult(Responses.newCompareResult(ResultCode.COMPARE_TRUE));
                        LDAPServer.this.requestsInProgress.remove(num);
                        return;
                    }
                }
            }
            ldapResultHandler.handleResult(Responses.newCompareResult(ResultCode.COMPARE_FALSE));
            LDAPServer.this.requestsInProgress.remove(num);
        }

        public void handleDelete(Integer num, DeleteRequest deleteRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler<Result> ldapResultHandler) throws UnsupportedOperationException {
            AbandonableRequest abandonableRequest = new AbandonableRequest(deleteRequest);
            LDAPServer.this.requestsInProgress.put(num, abandonableRequest);
            DN name = deleteRequest.getName();
            if (!LDAPServer.this.entryMap.containsKey(name)) {
                ldapResultHandler.handleException(LdapException.newLdapException(Responses.newResult(ResultCode.NO_SUCH_OBJECT)));
                LDAPServer.this.requestsInProgress.remove(num);
            } else if (abandonableRequest.isCanceled()) {
                ldapResultHandler.handleException(LdapException.newLdapException(Responses.newResult(ResultCode.CANCELLED)));
                LDAPServer.this.requestsInProgress.remove(num);
            } else {
                LDAPServer.this.entryMap.remove(name);
                LDAPServer.this.requestsInProgress.remove(num);
                ldapResultHandler.handleResult(Responses.newResult(ResultCode.SUCCESS));
            }
        }

        public <R extends ExtendedResult> void handleExtendedRequest(Integer num, ExtendedRequest<R> extendedRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler<R> ldapResultHandler) throws UnsupportedOperationException {
            if (extendedRequest.getOID().equals("1.3.6.1.4.1.1466.20037")) {
                SSLEngine createSSLEngine = LDAPServer.sslContext.createSSLEngine();
                createSSLEngine.setEnabledCipherSuites(LDAPServer.sslContext.getServerSocketFactory().getSupportedCipherSuites());
                createSSLEngine.setNeedClientAuth(false);
                createSSLEngine.setUseClientMode(false);
                this.clientContext.enableTLS(createSSLEngine, true);
                ldapResultHandler.handleResult(extendedRequest.getResultDecoder().newExtendedErrorResult(ResultCode.SUCCESS, "", ""));
            }
        }

        public void handleModify(Integer num, ModifyRequest modifyRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler<Result> ldapResultHandler) throws UnsupportedOperationException {
        }

        public void handleModifyDN(Integer num, ModifyDNRequest modifyDNRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler<Result> ldapResultHandler) throws UnsupportedOperationException {
        }

        public void handleSearch(Integer num, SearchRequest searchRequest, IntermediateResponseHandler intermediateResponseHandler, SearchResultHandler searchResultHandler, LdapResultHandler<Result> ldapResultHandler) throws UnsupportedOperationException {
            AbandonableRequest abandonableRequest = new AbandonableRequest(searchRequest);
            LDAPServer.this.requestsInProgress.put(num, abandonableRequest);
            DN name = searchRequest.getName();
            if (!LDAPServer.this.entryMap.containsKey(name)) {
                ldapResultHandler.handleException(LdapException.newLdapException(Responses.newResult(ResultCode.NO_SUCH_OBJECT)));
                LDAPServer.this.requestsInProgress.remove(num);
                return;
            }
            if (abandonableRequest.isCanceled()) {
                ldapResultHandler.handleException(LdapException.newLdapException(Responses.newResult(ResultCode.CANCELLED)));
                LDAPServer.this.requestsInProgress.remove(num);
                return;
            }
            SearchResultEntry newSearchResultEntry = Responses.newSearchResultEntry(new LinkedHashMapEntry((Entry) LDAPServer.this.entryMap.get(name)));
            Iterator it = searchRequest.getControls().iterator();
            while (it.hasNext()) {
                if (((Control) it.next()).getOID().equals("1.3.6.1.4.1.42.2.27.9.5.8")) {
                    newSearchResultEntry.addControl(AccountUsabilityResponseControl.newControl(false, false, false, 10, false, 0));
                }
            }
            searchResultHandler.handleEntry(newSearchResultEntry);
            ldapResultHandler.handleResult(Responses.newResult(ResultCode.SUCCESS));
            LDAPServer.this.requestsInProgress.remove(num);
        }

        public /* bridge */ /* synthetic */ void handleSearch(Object obj, SearchRequest searchRequest, IntermediateResponseHandler intermediateResponseHandler, SearchResultHandler searchResultHandler, LdapResultHandler ldapResultHandler) {
            handleSearch((Integer) obj, searchRequest, intermediateResponseHandler, searchResultHandler, (LdapResultHandler<Result>) ldapResultHandler);
        }

        public /* bridge */ /* synthetic */ void handleModifyDN(Object obj, ModifyDNRequest modifyDNRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler ldapResultHandler) {
            handleModifyDN((Integer) obj, modifyDNRequest, intermediateResponseHandler, (LdapResultHandler<Result>) ldapResultHandler);
        }

        public /* bridge */ /* synthetic */ void handleModify(Object obj, ModifyRequest modifyRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler ldapResultHandler) {
            handleModify((Integer) obj, modifyRequest, intermediateResponseHandler, (LdapResultHandler<Result>) ldapResultHandler);
        }

        public /* bridge */ /* synthetic */ void handleDelete(Object obj, DeleteRequest deleteRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler ldapResultHandler) {
            handleDelete((Integer) obj, deleteRequest, intermediateResponseHandler, (LdapResultHandler<Result>) ldapResultHandler);
        }

        public /* bridge */ /* synthetic */ void handleCompare(Object obj, CompareRequest compareRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler ldapResultHandler) {
            handleCompare((Integer) obj, compareRequest, intermediateResponseHandler, (LdapResultHandler<CompareResult>) ldapResultHandler);
        }

        public /* bridge */ /* synthetic */ void handleBind(Object obj, int i, BindRequest bindRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler ldapResultHandler) {
            handleBind((Integer) obj, i, bindRequest, intermediateResponseHandler, (LdapResultHandler<BindResult>) ldapResultHandler);
        }

        public /* bridge */ /* synthetic */ void handleAdd(Object obj, AddRequest addRequest, IntermediateResponseHandler intermediateResponseHandler, LdapResultHandler ldapResultHandler) {
            handleAdd((Integer) obj, addRequest, intermediateResponseHandler, (LdapResultHandler<Result>) ldapResultHandler);
        }
    }

    public static LDAPServer getInstance() {
        return INSTANCE;
    }

    private LDAPServer() {
        this.entryMap.put(DN.rootDN(), Entries.unmodifiableEntry(new LinkedHashMapEntry()));
        for (int i = 0; i < 1000; i++) {
            String format = String.format("uid=user.%d,ou=people,o=test", Integer.valueOf(i));
            this.entryMap.put(DN.valueOf(format), Entries.unmodifiableEntry(new LinkedHashMapEntry(new String[]{"dn: " + format, "objectclass: person", "objectclass: inetorgperson", "objectclass: top", String.format("cn: user.%d", Integer.valueOf(i)), String.format("sn: %d", Integer.valueOf(i)), String.format("uid: user.%d", Integer.valueOf(i)), String.format("mail: user.%d@example.com", Integer.valueOf(i))})));
        }
    }

    public ServerConnection<Integer> handleAccept(LDAPClientContext lDAPClientContext) {
        return new LDAPServerConnection(lDAPClientContext);
    }

    public boolean isRunning() {
        return this.isRunning;
    }

    public synchronized void start() throws Exception {
        if (this.isRunning) {
            return;
        }
        this.listener = new LDAPListener(Collections.singleton(TestCaseUtils.loopbackWithDynamicPort()), new ServerConnectionFactoryAdapter((DecodeOptions) Options.defaultOptions().get(LDAPListener.LDAP_DECODE_OPTIONS), getInstance()), Options.defaultOptions().set(LDAPListener.CONNECT_MAX_BACKLOG, 4096));
        this.isRunning = true;
    }

    public synchronized void stop() {
        if (this.isRunning) {
            this.listener.close();
            this.isRunning = false;
        }
    }

    public synchronized InetSocketAddress getSocketAddress() {
        if (this.isRunning) {
            return this.listener.firstSocketAddress();
        }
        throw new IllegalStateException("Server is not running");
    }

    static {
        try {
            CertAndKeyGen certAndKeyGen = new CertAndKeyGen("RSA", "SHA1WithRSA", (String) null);
            certAndKeyGen.generate(2048);
            X509Certificate[] x509CertificateArr = {certAndKeyGen.getSelfCertificate(new X500Name("CN=localhost"), 3600L)};
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            keyStore.setKeyEntry("localhost", certAndKeyGen.getPrivateKey(), "keypassword".toCharArray(), x509CertificateArr);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, "keypassword".toCharArray());
            sslContext = new SSLContextBuilder().setKeyManager(keyManagerFactory.getKeyManagers()[0]).getSSLContext();
        } catch (Exception e) {
            new RuntimeException("generate self-signed certificate", e);
        }
    }
}
