package com.datastax.driver.dse.auth;

import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.HashMap;
import java.util.UUID;
import org.apache.directory.api.ldap.model.csn.CsnFactory;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager;
import org.apache.directory.server.core.DefaultDirectoryService;
import org.apache.directory.server.core.api.CacheService;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.InstanceLayout;
import org.apache.directory.server.core.api.schema.SchemaPartition;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
import org.apache.directory.server.core.partition.ldif.LdifPartition;
import org.apache.directory.server.core.shared.DefaultDnFactory;
import org.apache.directory.server.kerberos.KerberosConfig;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.handlers.sasl.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.digestMD5.DigestMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.gssapi.GssapiMechanismHandler;
import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.apache.directory.server.protocol.shared.transport.UdpTransport;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/driver/dse/auth/EmbeddedADS.class */
public class EmbeddedADS {
    Logger logger;
    private final String dn;
    private final String realm;
    private int kdcPort;
    private int ldapPort;
    private final boolean kerberos;
    private InetAddress address;
    private String hostname;
    private File confDir;
    private volatile boolean isInit;
    private DirectoryService service;
    private LdapServer ldapServer;
    private KdcServer kdcServer;
    private Dn usersDN;
    private File krb5Conf;

    /* loaded from: input_file:com/datastax/driver/dse/auth/EmbeddedADS$Builder.class */
    public static class Builder {
        private String dn;
        private String realm;
        private boolean kerberos;
        private int kdcPort;
        private int ldapPort;
        private String address;
        private File confDir;

        private Builder() {
            this.dn = "dc=datastax,dc=com";
            this.realm = "DATASTAX.COM";
            this.kerberos = false;
            this.kdcPort = -1;
            this.ldapPort = -1;
            this.address = "127.0.0.1";
            this.confDir = null;
        }

        public EmbeddedADS build() {
            return new EmbeddedADS(this.dn, this.realm, this.address, this.ldapPort, this.kerberos, this.kdcPort, this.confDir);
        }

        public Builder withBaseDn(String str) {
            this.dn = str;
            return this;
        }

        public Builder withRealm(String str) {
            this.realm = str;
            return this;
        }

        public Builder withConfDir(File file) {
            this.confDir = file;
            return this;
        }

        public Builder withLdapPort(int i) {
            Preconditions.checkArgument(i > 0);
            this.ldapPort = i;
            return this;
        }

        public Builder withKerberos(int i) {
            Preconditions.checkArgument(i > 0);
            this.kdcPort = i;
            return withKerberos();
        }

        public Builder withKerberos() {
            this.kerberos = true;
            return this;
        }

        public Builder withAddress(String str) {
            this.address = str;
            return this;
        }
    }

    private EmbeddedADS(String str, String str2, String str3, int i, boolean z, int i2, File file) {
        this.logger = LoggerFactory.getLogger(EmbeddedADS.class);
        this.isInit = false;
        this.dn = str;
        this.realm = str2;
        try {
            this.address = InetAddress.getByName(str3);
        } catch (UnknownHostException e) {
            this.logger.error("Failure resolving address '{}', falling back to loopback.", str3, e);
            this.address = InetAddress.getLoopbackAddress();
        }
        this.hostname = this.address.getHostName().toLowerCase();
        this.ldapPort = i;
        this.kerberos = z;
        this.kdcPort = i2;
        this.confDir = file;
    }

    public void start() throws Exception {
        if (this.isInit) {
            return;
        }
        this.isInit = true;
        File createTempDir = Files.createTempDir();
        if (this.confDir == null) {
            this.confDir = createTempDir;
        }
        if (this.kerberos) {
            this.kdcPort = this.kdcPort != -1 ? this.kdcPort : findAvailablePort(60088);
            this.krb5Conf = createKrb5Conf();
            System.setProperty("java.security.krb5.conf", this.krb5Conf.getAbsolutePath());
        }
        this.service = new DefaultDirectoryService();
        InstanceLayout instanceLayout = new InstanceLayout(createTempDir);
        this.service.setInstanceLayout(instanceLayout);
        this.service.getChangeLog().setEnabled(false);
        this.service.setDenormalizeOpAttrsEnabled(true);
        CacheService cacheService = new CacheService();
        cacheService.initialize(instanceLayout);
        DefaultSchemaManager defaultSchemaManager = new DefaultSchemaManager();
        this.service.setSchemaManager(defaultSchemaManager);
        defaultSchemaManager.loadAllEnabled();
        SchemaPartition schemaPartition = new SchemaPartition(defaultSchemaManager);
        LdifPartition ldifPartition = new LdifPartition(defaultSchemaManager, this.service.getDnFactory());
        ldifPartition.setPartitionPath(new File(instanceLayout.getPartitionsDirectory(), "schema").toURI());
        schemaPartition.setWrappedPartition(ldifPartition);
        this.service.setSchemaPartition(schemaPartition);
        DefaultDnFactory defaultDnFactory = new DefaultDnFactory(defaultSchemaManager, cacheService.getCache("dnCache"));
        this.service.setDnFactory(defaultDnFactory);
        this.service.setSystemPartition(createPartition("system", defaultDnFactory.create("ou=system")));
        this.service.startup();
        Dn create = defaultDnFactory.create(this.dn);
        String string = create.getRdn().getValue().getString();
        JdbmPartition createPartition = createPartition(string, create);
        Entry newEntry = this.service.newEntry(create);
        newEntry.add("objectClass", new String[]{"top", "domain", "extensibleObject"});
        newEntry.add(create.getRdn().getType(), new String[]{string});
        createPartition.setContextEntry(newEntry);
        this.service.addPartition(createPartition);
        this.usersDN = create.add(defaultDnFactory.create("ou=users"));
        Entry newEntry2 = this.service.newEntry(this.usersDN);
        newEntry2.add("objectClass", new String[]{"organizationalUnit", "top"});
        newEntry2.add("ou", new String[]{"users"});
        if (this.kerberos) {
            newEntry2 = kerberize(newEntry2);
        }
        this.service.getAdminSession().add(newEntry2);
        startLdap();
        if (this.kerberos) {
            Dn add = this.usersDN.add(defaultDnFactory.create("uid=krbtgt"));
            String str = "krbtgt/" + this.realm + "@" + this.realm;
            Entry newEntry3 = this.service.newEntry(add);
            newEntry3.add("objectClass", new String[]{"person", "inetOrgPerson", "top", "krb5KDCEntry", "uidObject", "krb5Principal"});
            newEntry3.add("krb5KeyVersionNumber", new String[]{"0"});
            newEntry3.add("krb5PrincipalName", new String[]{str});
            newEntry3.add("uid", new String[]{"krbtgt"});
            newEntry3.add("userPassword", new String[]{"secret"});
            newEntry3.add("sn", new String[]{"Service"});
            newEntry3.add("cn", new String[]{"KDC Service"});
            this.service.getAdminSession().add(kerberize(newEntry3));
            String str2 = "ldap/" + this.hostname + "@" + this.realm;
            this.ldapServer.setSaslPrincipal(str2);
            Entry newEntry4 = this.service.newEntry(this.usersDN.add(defaultDnFactory.create("uid=ldap")));
            newEntry4.add("objectClass", new String[]{"top", "person", "inetOrgPerson", "krb5KDCEntry", "uidObject", "krb5Principal"});
            newEntry4.add("krb5KeyVersionNumber", new String[]{"0"});
            newEntry4.add("krb5PrincipalName", new String[]{str2});
            newEntry4.add("uid", new String[]{"ldap"});
            newEntry4.add("userPassword", new String[]{"secret"});
            newEntry4.add("sn", new String[]{"Service"});
            newEntry4.add("cn", new String[]{"LDAP Service"});
            this.service.getAdminSession().add(kerberize(newEntry4));
            startKDC(str);
        }
    }

    public boolean isStarted() {
        return this.isInit;
    }

    private File createKrb5Conf() throws IOException {
        File file = new File(this.confDir, "krb5.conf");
        String format = String.format("[libdefaults]%ndefault_realm = %s%ndefault_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96%n%n[realms]%n%s = {%n  kdc = %s:%d%n  admin_server = %s:%d%n}%n", this.realm, this.realm, this.hostname, Integer.valueOf(this.kdcPort), this.hostname, Integer.valueOf(this.kdcPort));
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            PrintWriter printWriter = new PrintWriter(fileOutputStream);
            printWriter.write(format);
            printWriter.close();
            fileOutputStream.close();
            return file;
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    public File getKrb5Conf() {
        return this.krb5Conf;
    }

    public File addUserAndCreateKeytab(String str, String str2, String str3) throws IOException, LdapException {
        addUser(str, str2, str3);
        return createKeytab(str, str2, str3);
    }

    public File createKeytab(String str, String str2, String str3) throws IOException {
        File file = new File(this.confDir, str + ".keytab");
        Keytab keytab = Keytab.getInstance();
        keytab.setEntries(Collections.singletonList(new KeytabEntry(str3, 0, new KerberosTime(System.currentTimeMillis()), (byte) 0, (EncryptionKey) KerberosKeyFactory.getKerberosKeys(str3, str2).get(EncryptionType.AES128_CTS_HMAC_SHA1_96))));
        keytab.write(file);
        return file;
    }

    public void addUser(String str, String str2) throws LdapException {
        addUser(str, str2, null);
    }

    public void addUser(String str, String str2, String str3) throws LdapException {
        Preconditions.checkState(this.isInit);
        Entry newEntry = this.service.newEntry(this.usersDN.add("uid=" + str));
        if (!this.kerberos || str3 == null) {
            newEntry.add("objectClass", new String[]{"organizationalPerson", "person", "extensibleObject", "inetOrgPerson", "top", "uidObject"});
        } else {
            newEntry.add("objectClass", new String[]{"organizationalPerson", "person", "extensibleObject", "inetOrgPerson", "top", "krb5KDCEntry", "uidObject", "krb5Principal"});
            newEntry.add("krb5KeyVersionNumber", new String[]{"0"});
            newEntry.add("krb5PrincipalName", new String[]{str3});
            newEntry = kerberize(newEntry);
        }
        newEntry.add("uid", new String[]{str});
        newEntry.add("sn", new String[]{str});
        newEntry.add("cn", new String[]{str});
        newEntry.add("userPassword", new String[]{str2});
        this.service.getAdminSession().add(newEntry);
    }

    public void stop() {
        if (this.ldapServer != null) {
            this.ldapServer.stop();
        }
        if (this.kdcServer != null) {
            this.kdcServer.stop();
        }
    }

    public String getHostname() {
        return this.hostname;
    }

    private Entry kerberize(Entry entry) throws LdapException {
        entry.add("entryCSN", new String[]{new CsnFactory(0).newInstance().toString()});
        entry.add("entryUUID", new String[]{UUID.randomUUID().toString()});
        return entry;
    }

    private JdbmPartition createPartition(String str, Dn dn) throws LdapInvalidDnException {
        JdbmPartition jdbmPartition = new JdbmPartition(this.service.getSchemaManager(), this.service.getDnFactory());
        jdbmPartition.setId(str);
        jdbmPartition.setPartitionPath(new File(this.service.getInstanceLayout().getPartitionsDirectory(), str).toURI());
        jdbmPartition.setSuffixDn(dn);
        jdbmPartition.setSchemaManager(this.service.getSchemaManager());
        return jdbmPartition;
    }

    private void startLdap() throws Exception {
        this.ldapServer = new LdapServer();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("PLAIN", new PlainMechanismHandler());
        newHashMap.put("CRAM-MD5", new CramMd5MechanismHandler());
        newHashMap.put("DIGEST-MD5", new DigestMd5MechanismHandler());
        newHashMap.put("GSSAPI", new GssapiMechanismHandler());
        this.ldapServer.setSaslMechanismHandlers(newHashMap);
        this.ldapServer.setSaslHost(this.hostname);
        this.ldapServer.setSaslRealms(Collections.singletonList(this.realm));
        this.ldapServer.setSearchBaseDn(this.dn);
        this.ldapPort = this.ldapPort != -1 ? this.ldapPort : findAvailablePort(10389);
        this.ldapServer.setTransports(new Transport[]{new TcpTransport(this.address.getHostAddress(), this.ldapPort)});
        this.ldapServer.setDirectoryService(this.service);
        if (this.kerberos) {
            KeyDerivationInterceptor keyDerivationInterceptor = new KeyDerivationInterceptor();
            keyDerivationInterceptor.init(this.service);
            this.service.addLast(keyDerivationInterceptor);
        }
        this.ldapServer.start();
    }

    private void startKDC(String str) throws Exception {
        KerberosConfig kerberosConfig = new KerberosConfig();
        kerberosConfig.setEncryptionTypes(Sets.newHashSet(new EncryptionType[]{EncryptionType.AES128_CTS_HMAC_SHA1_96}));
        kerberosConfig.setSearchBaseDn(this.dn);
        kerberosConfig.setServicePrincipal(str);
        this.kdcServer = new KdcServer(kerberosConfig);
        this.kdcServer.setDirectoryService(this.service);
        this.kdcServer.setTransports(new Transport[]{new TcpTransport(this.address.getHostAddress(), this.kdcPort), new UdpTransport(this.address.getHostAddress(), this.kdcPort)});
        this.kdcServer.start();
    }

    public static Builder builder() {
        return new Builder();
    }

    private static int findAvailablePort(int i) {
        IOException iOException = null;
        for (int i2 = i; i2 < i + 100; i2++) {
            try {
                new ServerSocket(i2).close();
                return i2;
            } catch (IOException e) {
                iOException = e;
            }
        }
        throw new RuntimeException("Could not acquire an available port", iOException);
    }
}
