package org.apache.directory.server.ldap.handlers.sasl.ntlm;

import javax.naming.InvalidNameException;
import javax.security.sasl.SaslException;
import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
import org.apache.directory.api.ldap.model.constants.JndiPropertyConstants;
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
import org.apache.directory.api.ldap.model.message.BindRequest;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.core.api.CoreSession;
import org.apache.directory.server.core.api.LdapPrincipal;
import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.ldap.handlers.sasl.AbstractSaslServer;
import org.apache.directory.server.ldap.handlers.sasl.SaslConstants;

/* loaded from: input_file:org/apache/directory/server/ldap/handlers/sasl/ntlm/NtlmSaslServer.class */
public class NtlmSaslServer extends AbstractSaslServer {
    private NegotiationState state;
    private final NtlmProvider provider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/directory/server/ldap/handlers/sasl/ntlm/NtlmSaslServer$NegotiationState.class */
    public enum NegotiationState {
        INITIALIZED,
        TYPE_1_RECEIVED,
        TYPE_2_SENT,
        TYPE_3_RECEIVED,
        COMPLETED
    }

    public NtlmSaslServer(NtlmProvider ntlmProvider, BindRequest bindRequest, LdapSession ldapSession, CoreSession coreSession) {
        super(ldapSession, coreSession, bindRequest);
        this.state = NegotiationState.INITIALIZED;
        this.provider = ntlmProvider;
    }

    public String getMechanismName() {
        return SupportedSaslMechanisms.NTLM;
    }

    protected void responseRecieved() {
        switch (this.state) {
            case INITIALIZED:
                this.state = NegotiationState.TYPE_1_RECEIVED;
                return;
            case TYPE_1_RECEIVED:
                throw new IllegalStateException(I18n.err(I18n.ERR_660, new Object[0]));
            case TYPE_2_SENT:
                this.state = NegotiationState.TYPE_3_RECEIVED;
                return;
            case TYPE_3_RECEIVED:
                throw new IllegalStateException(I18n.err(I18n.ERR_661, new Object[0]));
            case COMPLETED:
                throw new IllegalStateException(I18n.err(I18n.ERR_662, new Object[0]));
            default:
                return;
        }
    }

    protected void responseSent() {
        switch (this.state) {
            case INITIALIZED:
                throw new IllegalStateException(I18n.err(I18n.ERR_663, new Object[0]));
            case TYPE_1_RECEIVED:
                this.state = NegotiationState.TYPE_2_SENT;
                return;
            case TYPE_2_SENT:
                throw new IllegalStateException(I18n.err(I18n.ERR_664, new Object[0]));
            case TYPE_3_RECEIVED:
                this.state = NegotiationState.COMPLETED;
                return;
            case COMPLETED:
                throw new IllegalStateException(I18n.err(I18n.ERR_662, new Object[0]));
            default:
                return;
        }
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (bArr == null) {
            throw new IllegalArgumentException(I18n.err(I18n.ERR_666, new Object[0]));
        }
        if (bArr.length == 0) {
            throw new IllegalArgumentException(I18n.err(I18n.ERR_667, new Object[0]));
        }
        responseRecieved();
        byte[] bArr2 = null;
        switch (this.state) {
            case TYPE_1_RECEIVED:
                try {
                    bArr2 = this.provider.generateChallenge(getLdapSession().getIoSession(), bArr);
                    break;
                } catch (Exception e) {
                    throw new SaslException(I18n.err(I18n.ERR_668, new Object[0]), e);
                }
            case TYPE_3_RECEIVED:
                try {
                    boolean authenticate = this.provider.authenticate(getLdapSession().getIoSession(), bArr);
                    Dn dn = getBindRequest().getDn();
                    dn.apply(getLdapSession().getLdapServer().getDirectoryService().getSchemaManager());
                    getLdapSession().putSaslProperty(SaslConstants.SASL_AUTHENT_USER, new LdapPrincipal(getAdminSession().getDirectoryService().getSchemaManager(), dn, AuthenticationLevel.STRONG));
                    getLdapSession().putSaslProperty(JndiPropertyConstants.JNDI_SECURITY_PRINCIPAL, getBindRequest().getName().toString());
                    if (!authenticate) {
                        throw new SaslException(I18n.err(I18n.ERR_670, new Object[0]));
                    }
                } catch (Exception e2) {
                    throw new SaslException(I18n.err(I18n.ERR_669, new Object[0]), e2);
                }
                break;
        }
        responseSent();
        return bArr2;
    }

    private CoreSession authenticate(String str, String str2) throws InvalidNameException, Exception {
        BindOperationContext bindOperationContext = new BindOperationContext(getLdapSession().getCoreSession());
        bindOperationContext.setDn(new Dn(str));
        bindOperationContext.setCredentials(Strings.getBytesUtf8(str2));
        getAdminSession().getDirectoryService().getOperationManager().bind(bindOperationContext);
        return bindOperationContext.getSession();
    }

    public boolean isComplete() {
        return this.state == NegotiationState.COMPLETED;
    }
}
