package org.apache.directory.server.kerberos.protocol;

import java.net.InetAddress;
import java.net.InetSocketAddress;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.api.ldap.model.constants.Loggers;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.kerberos.kdc.KdcServer;
import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService;
import org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingContext;
import org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.components.KdcReq;
import org.apache.directory.shared.kerberos.components.PrincipalName;
import org.apache.directory.shared.kerberos.exceptions.ErrorType;
import org.apache.directory.shared.kerberos.exceptions.KerberosException;
import org.apache.directory.shared.kerberos.messages.KrbError;
import org.apache.mina.core.service.IoHandler;
import org.apache.mina.core.session.IdleStatus;
import org.apache.mina.core.session.IoSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/apacheds-all-2.0.0-M18.jar:org/apache/directory/server/kerberos/protocol/KerberosProtocolHandler.class */
public class KerberosProtocolHandler implements IoHandler {
    private static final Logger LOG = LoggerFactory.getLogger(KerberosProtocolHandler.class);
    private static final Logger LOG_KRB = LoggerFactory.getLogger(Loggers.KERBEROS_LOG.getName());
    private KdcServer kdcServer;
    private PrincipalStore store;
    private static final String CONTEXT_KEY = "context";

    public KerberosProtocolHandler(KdcServer kdcServer, PrincipalStore principalStore) {
        this.kdcServer = kdcServer;
        this.store = principalStore;
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionCreated(IoSession ioSession) throws Exception {
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} CREATED:  {}", ioSession.getRemoteAddress(), ioSession.getTransportMetadata());
        }
        if (LOG_KRB.isDebugEnabled()) {
            LOG_KRB.debug("{} CREATED:  {}", ioSession.getRemoteAddress(), ioSession.getTransportMetadata());
        }
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionOpened(IoSession ioSession) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} OPENED", ioSession.getRemoteAddress());
        }
        if (LOG_KRB.isDebugEnabled()) {
            LOG_KRB.debug("{} OPENED", ioSession.getRemoteAddress());
        }
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionClosed(IoSession ioSession) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} CLOSED", ioSession.getRemoteAddress());
        }
        if (LOG_KRB.isDebugEnabled()) {
            LOG_KRB.debug("{} CLOSED", ioSession.getRemoteAddress());
        }
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void sessionIdle(IoSession ioSession, IdleStatus idleStatus) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} IDLE ({})", ioSession.getRemoteAddress(), idleStatus);
        }
        if (LOG_KRB.isDebugEnabled()) {
            LOG_KRB.debug("{} IDLE ({})", ioSession.getRemoteAddress(), idleStatus);
        }
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void exceptionCaught(IoSession ioSession, Throwable th) {
        LOG.error("{} EXCEPTION", ioSession.getRemoteAddress(), th);
        LOG_KRB.error("{} EXCEPTION", ioSession.getRemoteAddress(), th);
        ioSession.close(true);
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void messageReceived(IoSession ioSession, Object obj) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} RCVD: {}", ioSession.getRemoteAddress(), obj);
        }
        if (LOG_KRB.isDebugEnabled()) {
            LOG_KRB.debug("{} RCVD: {}", ioSession.getRemoteAddress(), obj);
        }
        InetAddress address = ((InetSocketAddress) ioSession.getRemoteAddress()).getAddress();
        if (!(obj instanceof KdcReq)) {
            LOG.error(I18n.err(I18n.ERR_152, ErrorType.KRB_AP_ERR_BADDIRECTION));
            LOG_KRB.error(I18n.err(I18n.ERR_152, ErrorType.KRB_AP_ERR_BADDIRECTION));
            ioSession.write(getErrorMessage(this.kdcServer.getConfig().getServicePrincipal(), new KerberosException(ErrorType.KRB_AP_ERR_BADDIRECTION)));
            return;
        }
        KdcReq kdcReq = (KdcReq) obj;
        try {
            switch (kdcReq.getMessageType()) {
                case AS_REQ:
                    AuthenticationContext authenticationContext = new AuthenticationContext();
                    authenticationContext.setConfig(this.kdcServer.getConfig());
                    authenticationContext.setStore(this.store);
                    authenticationContext.setClientAddress(address);
                    authenticationContext.setRequest(kdcReq);
                    ioSession.setAttribute(CONTEXT_KEY, authenticationContext);
                    AuthenticationService.execute(authenticationContext);
                    LOG_KRB.debug("AuthenticationContext for AS_REQ : \n{}", authenticationContext);
                    ioSession.write(authenticationContext.getReply());
                    break;
                case TGS_REQ:
                    TicketGrantingContext ticketGrantingContext = new TicketGrantingContext();
                    ticketGrantingContext.setConfig(this.kdcServer.getConfig());
                    ticketGrantingContext.setReplayCache(this.kdcServer.getReplayCache());
                    ticketGrantingContext.setStore(this.store);
                    ticketGrantingContext.setClientAddress(address);
                    ticketGrantingContext.setRequest(kdcReq);
                    ioSession.setAttribute(CONTEXT_KEY, ticketGrantingContext);
                    TicketGrantingService.execute(ticketGrantingContext);
                    LOG_KRB.debug("TGSContext for TGS_REQ : \n {}", ticketGrantingContext);
                    ioSession.write(ticketGrantingContext.getReply());
                    break;
                case AS_REP:
                case TGS_REP:
                    throw new KerberosException(ErrorType.KRB_AP_ERR_BADDIRECTION);
                default:
                    throw new KerberosException(ErrorType.KRB_AP_ERR_MSG_TYPE);
            }
        } catch (KerberosException e) {
            String str = e.getLocalizedMessage() + " (" + e.getErrorCode() + ")";
            LOG.warn(str);
            LOG_KRB.warn(str);
            KrbError errorMessage = getErrorMessage(this.kdcServer.getConfig().getServicePrincipal(), e);
            logErrorMessage(errorMessage);
            ioSession.write(errorMessage);
        } catch (Exception e2) {
            LOG.error(I18n.err(I18n.ERR_152, e2.getLocalizedMessage()), (Throwable) e2);
            LOG_KRB.error(I18n.err(I18n.ERR_152, e2.getLocalizedMessage()), (Throwable) e2);
            ioSession.write(getErrorMessage(this.kdcServer.getConfig().getServicePrincipal(), new KerberosException(ErrorType.KDC_ERR_SVC_UNAVAILABLE)));
        }
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void messageSent(IoSession ioSession, Object obj) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("{} SENT:  {}", ioSession.getRemoteAddress(), obj);
        }
        if (LOG_KRB.isDebugEnabled()) {
            LOG_KRB.debug("{} SENT:  {}", ioSession.getRemoteAddress(), obj);
        }
    }

    protected KrbError getErrorMessage(KerberosPrincipal kerberosPrincipal, KerberosException kerberosException) {
        KrbError krbError = new KrbError();
        KerberosTime kerberosTime = new KerberosTime();
        krbError.setErrorCode(ErrorType.getTypeByValue(kerberosException.getErrorCode()));
        krbError.setEText(kerberosException.getLocalizedMessage());
        krbError.setSName(new PrincipalName(kerberosPrincipal));
        krbError.setRealm(kerberosPrincipal.getRealm());
        krbError.setSTime(kerberosTime);
        krbError.setSusec(0);
        krbError.setEData(kerberosException.getExplanatoryData());
        return krbError;
    }

    protected void logErrorMessage(KrbError krbError) {
        try {
            StringBuilder sb = new StringBuilder();
            sb.append("Responding to request with error:");
            sb.append("\n\texplanatory text:      " + krbError.getEText());
            sb.append("\n\terror code:            " + krbError.getErrorCode());
            sb.append("\n\tclientPrincipal:       " + krbError.getCName()).append("@").append(krbError.getCRealm());
            sb.append("\n\tclient time:           " + krbError.getCTime());
            sb.append("\n\tserverPrincipal:       " + krbError.getSName()).append("@").append(krbError.getRealm());
            sb.append("\n\tserver time:           " + krbError.getSTime());
            String sb2 = sb.toString();
            LOG.debug(sb2);
            LOG_KRB.debug(sb2);
        } catch (Exception e) {
            LOG.error(I18n.err(I18n.ERR_155, new Object[0]), (Throwable) e);
            LOG_KRB.error(I18n.err(I18n.ERR_155, new Object[0]), (Throwable) e);
        }
    }

    @Override // org.apache.mina.core.service.IoHandler
    public void inputClosed(IoSession ioSession) {
    }
}
