package org.apache.directory.server.core.authn;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.directory.server.core.DefaultCoreSession;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.BaseInterceptor;
import org.apache.directory.server.core.interceptor.NextInterceptor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.interceptor.context.CompareOperationContext;
import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.interceptor.context.EntryOperationContext;
import org.apache.directory.server.core.interceptor.context.GetMatchedNameOperationContext;
import org.apache.directory.server.core.interceptor.context.GetRootDSEOperationContext;
import org.apache.directory.server.core.interceptor.context.GetSuffixOperationContext;
import org.apache.directory.server.core.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.interceptor.context.ListSuffixOperationContext;
import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.interceptor.context.OperationContext;
import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
import org.apache.directory.shared.ldap.exception.LdapAuthenticationException;
import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
import org.apache.directory.shared.ldap.exception.LdapOperationNotSupportedException;
import org.apache.directory.shared.ldap.message.ResultCodeEnum;
import org.apache.directory.shared.ldap.name.LdapDN;
import org.apache.directory.shared.ldap.util.StringTools;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/apacheds-core-1.5.5.jar:org/apache/directory/server/core/authn/AuthenticationInterceptor.class */
public class AuthenticationInterceptor extends BaseInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthenticationInterceptor.class);
    private static final boolean IS_DEBUG = LOG.isDebugEnabled();
    private Set<Authenticator> authenticators;
    private final Map<String, Collection<Authenticator>> authenticatorsMapByType = new HashMap();
    private DirectoryService directoryService;

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void init(DirectoryService directoryService) throws Exception {
        this.directoryService = directoryService;
        if (this.authenticators == null) {
            setDefaultAuthenticators();
        }
        Iterator<Authenticator> it = this.authenticators.iterator();
        while (it.hasNext()) {
            register(it.next(), directoryService);
        }
    }

    private void setDefaultAuthenticators() {
        HashSet hashSet = new HashSet();
        hashSet.add(new AnonymousAuthenticator());
        hashSet.add(new SimpleAuthenticator());
        hashSet.add(new StrongAuthenticator());
        setAuthenticators(hashSet);
    }

    public Set<Authenticator> getAuthenticators() {
        return this.authenticators;
    }

    public void setAuthenticators(Set<Authenticator> set) {
        this.authenticators = set;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void destroy() {
        this.authenticatorsMapByType.clear();
        HashSet hashSet = new HashSet(this.authenticators);
        this.authenticators = null;
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            ((Authenticator) it.next()).destroy();
        }
    }

    private void register(Authenticator authenticator, DirectoryService directoryService) throws Exception {
        authenticator.init(directoryService);
        Collection<Authenticator> authenticators = getAuthenticators(authenticator.getAuthenticatorType());
        if (authenticators == null) {
            authenticators = new ArrayList();
            this.authenticatorsMapByType.put(authenticator.getAuthenticatorType(), authenticators);
        }
        authenticators.add(authenticator);
    }

    private Collection<Authenticator> getAuthenticators(String str) {
        Collection<Authenticator> collection = this.authenticatorsMapByType.get(str);
        if (collection == null || collection.size() <= 0) {
            return null;
        }
        return collection;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void add(NextInterceptor nextInterceptor, AddOperationContext addOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", addOperationContext);
        }
        checkAuthenticated(addOperationContext);
        nextInterceptor.add(addOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void delete(NextInterceptor nextInterceptor, DeleteOperationContext deleteOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", deleteOperationContext);
        }
        checkAuthenticated(deleteOperationContext);
        nextInterceptor.delete(deleteOperationContext);
        invalidateAuthenticatorCaches(deleteOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public LdapDN getMatchedName(NextInterceptor nextInterceptor, GetMatchedNameOperationContext getMatchedNameOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", getMatchedNameOperationContext);
        }
        checkAuthenticated(getMatchedNameOperationContext);
        return nextInterceptor.getMatchedName(getMatchedNameOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public ClonedServerEntry getRootDSE(NextInterceptor nextInterceptor, GetRootDSEOperationContext getRootDSEOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", getRootDSEOperationContext);
        }
        checkAuthenticated(getRootDSEOperationContext);
        return nextInterceptor.getRootDSE(getRootDSEOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public LdapDN getSuffix(NextInterceptor nextInterceptor, GetSuffixOperationContext getSuffixOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", getSuffixOperationContext);
        }
        checkAuthenticated(getSuffixOperationContext);
        return nextInterceptor.getSuffix(getSuffixOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public boolean hasEntry(NextInterceptor nextInterceptor, EntryOperationContext entryOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", entryOperationContext);
        }
        checkAuthenticated(entryOperationContext);
        return nextInterceptor.hasEntry(entryOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public EntryFilteringCursor list(NextInterceptor nextInterceptor, ListOperationContext listOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", listOperationContext);
        }
        checkAuthenticated(listOperationContext);
        return nextInterceptor.list(listOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public Set<String> listSuffixes(NextInterceptor nextInterceptor, ListSuffixOperationContext listSuffixOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", listSuffixOperationContext);
        }
        checkAuthenticated(listSuffixOperationContext);
        return nextInterceptor.listSuffixes(listSuffixOperationContext);
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public ClonedServerEntry lookup(NextInterceptor nextInterceptor, LookupOperationContext lookupOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", lookupOperationContext);
        }
        checkAuthenticated(lookupOperationContext);
        return nextInterceptor.lookup(lookupOperationContext);
    }

    private void invalidateAuthenticatorCaches(LdapDN ldapDN) {
        Iterator<String> it = this.authenticatorsMapByType.keySet().iterator();
        while (it.hasNext()) {
            Iterator<Authenticator> it2 = getAuthenticators(it.next()).iterator();
            while (it2.hasNext()) {
                it2.next().invalidateCache(ldapDN);
            }
        }
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void modify(NextInterceptor nextInterceptor, ModifyOperationContext modifyOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", modifyOperationContext);
        }
        checkAuthenticated(modifyOperationContext);
        nextInterceptor.modify(modifyOperationContext);
        invalidateAuthenticatorCaches(modifyOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void rename(NextInterceptor nextInterceptor, RenameOperationContext renameOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", renameOperationContext);
        }
        checkAuthenticated(renameOperationContext);
        nextInterceptor.rename(renameOperationContext);
        invalidateAuthenticatorCaches(renameOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public boolean compare(NextInterceptor nextInterceptor, CompareOperationContext compareOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", compareOperationContext);
        }
        checkAuthenticated(compareOperationContext);
        boolean compare = nextInterceptor.compare(compareOperationContext);
        invalidateAuthenticatorCaches(compareOperationContext.getDn());
        return compare;
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void moveAndRename(NextInterceptor nextInterceptor, MoveAndRenameOperationContext moveAndRenameOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", moveAndRenameOperationContext);
        }
        checkAuthenticated(moveAndRenameOperationContext);
        nextInterceptor.moveAndRename(moveAndRenameOperationContext);
        invalidateAuthenticatorCaches(moveAndRenameOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void move(NextInterceptor nextInterceptor, MoveOperationContext moveOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", moveOperationContext);
        }
        checkAuthenticated(moveOperationContext);
        nextInterceptor.move(moveOperationContext);
        invalidateAuthenticatorCaches(moveOperationContext.getDn());
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public EntryFilteringCursor search(NextInterceptor nextInterceptor, SearchOperationContext searchOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", searchOperationContext);
        }
        checkAuthenticated(searchOperationContext);
        return nextInterceptor.search(searchOperationContext);
    }

    private void checkAuthenticated(OperationContext operationContext) throws Exception {
        if (!operationContext.getSession().isAnonymous() || this.directoryService.isAllowAnonymousAccess() || operationContext.getDn().isEmpty()) {
            return;
        }
        LOG.error("Attempted operation {} by unauthenticated caller.", operationContext.getName());
        throw new LdapNoPermissionException("Attempted operation by unauthenticated caller.");
    }

    @Override // org.apache.directory.server.core.interceptor.BaseInterceptor, org.apache.directory.server.core.interceptor.Interceptor
    public void bind(NextInterceptor nextInterceptor, BindOperationContext bindOperationContext) throws Exception {
        if (IS_DEBUG) {
            LOG.debug("Operation Context: {}", bindOperationContext);
        }
        if (bindOperationContext.getSession() != null && bindOperationContext.getSession().getEffectivePrincipal() != null) {
            bindOperationContext.setCredentials(null);
        }
        AuthenticationLevel authenticationLevel = bindOperationContext.getAuthenticationLevel();
        if (authenticationLevel == AuthenticationLevel.UNAUTHENT) {
            throw new LdapOperationNotSupportedException("Cannot Bind for DN " + bindOperationContext.getDn().getUpName(), ResultCodeEnum.UNWILLING_TO_PERFORM);
        }
        Collection<Authenticator> authenticators = getAuthenticators(authenticationLevel.getName());
        if (authenticators == null) {
            LOG.debug("No authenticators found, delegating bind to the nexus.");
            nextInterceptor.bind(bindOperationContext);
            LOG.debug("Nexus succeeded on bind operation.");
            bindOperationContext.setSession(new DefaultCoreSession(new LdapPrincipal(bindOperationContext.getDn(), AuthenticationLevel.SIMPLE), this.directoryService));
            bindOperationContext.setCredentials(null);
            return;
        }
        for (Authenticator authenticator : authenticators) {
            try {
                LdapPrincipal ldapPrincipal = (LdapPrincipal) authenticator.authenticate(bindOperationContext).clone();
                bindOperationContext.setCredentials(null);
                ldapPrincipal.setUserPassword(StringTools.EMPTY_BYTES);
                bindOperationContext.setSession(new DefaultCoreSession(ldapPrincipal, this.directoryService));
                return;
            } catch (Exception e) {
                if (LOG.isWarnEnabled()) {
                    LOG.info("Unexpected failure for Authenticator {} : {}", authenticator, bindOperationContext);
                }
            } catch (LdapAuthenticationException e2) {
                if (LOG.isInfoEnabled()) {
                    LOG.info("Authenticator {} failed to authenticate: {}", authenticator, bindOperationContext);
                }
            }
        }
        if (LOG.isInfoEnabled()) {
            LOG.info("Cannot bind to the server ");
        }
        LdapDN dn = bindOperationContext.getDn();
        throw new LdapAuthenticationException("Cannot authenticate user " + (dn == null ? "" : dn.getUpName()));
    }
}
