package com.octetstring.vde.operation;

import com.asn1c.core.Int8;
import com.asn1c.core.OctetString;
import com.octetstring.ldapv3.AuthenticationChoice;
import com.octetstring.ldapv3.BindResponse;
import com.octetstring.ldapv3.LDAPMessage;
import com.octetstring.ldapv3.LDAPMessage_protocolOp;
import com.octetstring.ldapv3.SaslCredentials;
import com.octetstring.nls.Messages;
import com.octetstring.vde.Credentials;
import com.octetstring.vde.Entry;
import com.octetstring.vde.backend.BackendHandler;
import com.octetstring.vde.syntax.BinarySyntax;
import com.octetstring.vde.syntax.DirectoryString;
import com.octetstring.vde.syntax.Syntax;
import com.octetstring.vde.util.DirectoryBindException;
import com.octetstring.vde.util.DirectoryException;
import com.octetstring.vde.util.Logger;
import com.octetstring.vde.util.PasswordEncryptor;
import com.octetstring.vde.util.ServerConfig;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.Random;
import weblogic.marathon.server.Server;
import weblogic.xml.process.FunctionRef;

/* loaded from: input_file:weblogic.jar:com/octetstring/vde/operation/BindOperation.class */
public class BindOperation implements Operation {
    LDAPMessage request;
    LDAPMessage response = null;
    boolean success = false;
    Credentials creds = null;
    int version = 2;
    private static final byte[] hexbytes = {48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102};
    private static final DirectoryString USERPASSWORD = new DirectoryString("userpassword");
    private static final DirectoryString EMPTY_DIRSTRING = new DirectoryString("");
    private static final OctetString EMPTY_OSTRING = new OctetString(new byte[0]);
    private static final Int8 VERSION_2 = new Int8("2");
    private static final Int8 VERSION_3 = new Int8("3");

    public BindOperation(LDAPMessage lDAPMessage) {
        this.request = null;
        this.request = lDAPMessage;
    }

    public Credentials getCreds() {
        return this.creds;
    }

    public void setCreds(Credentials credentials) {
        this.creds = credentials;
        if (Logger.getInstance().isLogable(7)) {
            Logger.getInstance().log(7, this, new StringBuffer().append(Messages.getString("Set_credentials_to___3")).append(this.creds.getUser()).toString());
        }
    }

    @Override // com.octetstring.vde.operation.Operation
    public LDAPMessage getResponse() {
        return this.response;
    }

    @Override // com.octetstring.vde.operation.Operation
    public void perform() throws DirectoryBindException {
        String str;
        String replicaUser;
        if (this.request.getProtocolOp().getBindRequest().getVersion() == VERSION_2) {
            this.creds.setLdap2(true);
        } else {
            this.creds.setLdap2(false);
        }
        this.response = new LDAPMessage();
        LDAPMessage_protocolOp lDAPMessage_protocolOp = new LDAPMessage_protocolOp();
        BindResponse bindResponse = new BindResponse();
        bindResponse.setResultCode(LDAPResult.SUCCESS);
        bindResponse.setMatchedDN(EMPTY_OSTRING);
        bindResponse.setErrorMessage(EMPTY_OSTRING);
        bindResponse.setServerSaslCreds(EMPTY_OSTRING);
        lDAPMessage_protocolOp.setBindResponse(bindResponse);
        this.response.setMessageID(this.request.getMessageID());
        this.response.setProtocolOp(lDAPMessage_protocolOp);
        if (this.request.getProtocolOp().getBindRequest() != null) {
            this.creds.setRoot(false);
            DirectoryString directoryString = this.request.getProtocolOp().getBindRequest().getName() != null ? new DirectoryString(this.request.getProtocolOp().getBindRequest().getName().toByteArray()) : EMPTY_DIRSTRING;
            if (directoryString.equals(EMPTY_DIRSTRING)) {
                if (Logger.getInstance().isLogable(7)) {
                    Logger.getInstance().log(7, this, Messages.getString("Bound_as_Anonymous_4"));
                }
                this.creds.setUser(EMPTY_DIRSTRING);
                return;
            }
            AuthenticationChoice authentication = this.request.getProtocolOp().getBindRequest().getAuthentication();
            if (authentication.getSelector() == 0) {
                String str2 = new String(authentication.getSimple().toByteArray());
                if (str2 == null || str2.equals("")) {
                    this.creds.setUser(EMPTY_DIRSTRING);
                    return;
                }
                if (new DirectoryString((String) ServerConfig.getInstance().get(ServerConfig.VDE_ROOTUSER)).equals(directoryString)) {
                    if (PasswordEncryptor.compare(str2, (String) ServerConfig.getInstance().get(ServerConfig.VDE_ROOTPW))) {
                        this.creds.setUser(directoryString);
                        this.creds.setRoot(true);
                        return;
                    } else {
                        this.creds.setUser(EMPTY_DIRSTRING);
                        bindResponse.setResultCode(LDAPResult.INVALID_CREDENTIALS);
                        return;
                    }
                }
                String replicaUser2 = BackendHandler.getInstance().getReplicaUser(directoryString);
                if (replicaUser2 != null) {
                    if (replicaUser2.equals(str2)) {
                        this.creds.setUser(directoryString);
                        return;
                    } else {
                        this.creds.setUser(EMPTY_DIRSTRING);
                        return;
                    }
                }
                if (BackendHandler.getInstance().doBind(directoryString)) {
                    if (BackendHandler.getInstance().bind(directoryString, new BinarySyntax(str2.getBytes()))) {
                        this.creds.setUser(directoryString);
                        return;
                    } else {
                        this.creds.setUser(EMPTY_DIRSTRING);
                        bindResponse.setResultCode(LDAPResult.INVALID_CREDENTIALS);
                        return;
                    }
                }
                Entry entry = null;
                try {
                    entry = BackendHandler.getInstance().map(BackendHandler.getInstance().getByDN(null, directoryString));
                } catch (DirectoryException e) {
                }
                if (entry == null || !entry.containsKey(USERPASSWORD)) {
                    bindResponse.setResultCode(LDAPResult.INVALID_CREDENTIALS);
                    return;
                } else if (PasswordEncryptor.compare(str2, new String(((Syntax) entry.get(USERPASSWORD).elementAt(0)).getValue()))) {
                    this.creds.setUser(directoryString);
                    return;
                } else {
                    this.creds.setUser(EMPTY_DIRSTRING);
                    bindResponse.setResultCode(LDAPResult.INVALID_CREDENTIALS);
                    return;
                }
            }
            if (authentication.getSelector() != 1) {
                this.creds.setUser(EMPTY_DIRSTRING);
                bindResponse.setResultCode(LDAPResult.AUTH_METHOD_NOT_SUPPORTED);
                return;
            }
            SaslCredentials saslCredentials = (SaslCredentials) authentication.getValue();
            String str3 = new String(saslCredentials.getMechanism().toByteArray());
            if (!str3.equalsIgnoreCase("CRAM-MD5")) {
                if (str3.equals("EXTERNAL")) {
                    return;
                }
                bindResponse.setResultCode(LDAPResult.AUTH_METHOD_NOT_SUPPORTED);
                return;
            }
            Credentials creds = getCreds();
            if (creds == null || creds.getSaslTmp() == null || creds.getSaslMech() == null || !creds.getSaslMech().equalsIgnoreCase("CRAM-MD5")) {
                this.creds.setUser(EMPTY_DIRSTRING);
                this.creds.setSaslTmpDN(directoryString.toString());
                long time = new Date().getTime();
                byte[] bArr = new byte[6];
                new Random().nextBytes(bArr);
                try {
                    str = InetAddress.getLocalHost().getHostName();
                } catch (UnknownHostException e2) {
                    str = Server.DEFAULT_HOST;
                }
                String str4 = new String(new StringBuffer().append("<").append(bArr).append(".").append(time).append("@").append(str).append(">").toString());
                bindResponse.setServerSaslCreds(new OctetString(str4.getBytes()));
                this.creds.setSaslMech(str3);
                this.creds.setSaslTmp(str4);
                bindResponse.setResultCode(LDAPResult.SASL_BIND_IN_PROGRESS);
            } else {
                Object saslTmp = creds.getSaslTmp();
                if (saslTmp instanceof String) {
                    Entry entry2 = null;
                    DirectoryString directoryString2 = new DirectoryString(creds.getSaslTmpDN());
                    if (new DirectoryString((String) ServerConfig.getInstance().get(ServerConfig.VDE_ROOTUSER)).equals(directoryString2)) {
                        replicaUser = (String) ServerConfig.getInstance().get(ServerConfig.VDE_ROOTPW);
                    } else {
                        replicaUser = BackendHandler.getInstance().getReplicaUser(directoryString2);
                        if (replicaUser == null) {
                            try {
                                entry2 = BackendHandler.getInstance().map(BackendHandler.getInstance().getByDN(null, directoryString2));
                            } catch (DirectoryException e3) {
                            }
                            if (entry2 != null && entry2.containsKey(USERPASSWORD)) {
                                replicaUser = new String(((Syntax) entry2.get(USERPASSWORD).elementAt(0)).getValue());
                            }
                        }
                    }
                    if (!replicaUser.startsWith(FunctionRef.FUNCTION_OPEN_BRACE)) {
                        try {
                            if (new String(saslCredentials.getCredentials().toByteArray()).equals(new StringBuffer().append("dn: ").append(directoryString2).append(" ").append(HMAC_MD5(replicaUser, (String) saslTmp)).toString())) {
                                if (directoryString2.equals(new DirectoryString((String) ServerConfig.getInstance().get(ServerConfig.VDE_ROOTUSER)))) {
                                    this.creds.setRoot(true);
                                }
                                this.creds.setUser(directoryString2);
                                this.creds.setSaslMech(creds.getSaslMech());
                                this.creds.setSaslTmp(null);
                            } else {
                                this.creds.setUser(EMPTY_DIRSTRING);
                                this.creds.setSaslMech(null);
                                this.creds.setSaslTmp(null);
                            }
                        } catch (NoSuchAlgorithmException e4) {
                            Logger.getInstance().log(0, this, Messages.getString("Missing_MD5_Capability_11"));
                        }
                    }
                }
            }
            if (getCreds() == null) {
                this.creds.setSaslMech(null);
                this.creds.setSaslTmp(null);
                this.creds.setUser(EMPTY_DIRSTRING);
                bindResponse.setResultCode(LDAPResult.INVALID_CREDENTIALS);
            }
        }
    }

    public static String HMAC_MD5(String str, String str2) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        byte[] bArr = new byte[64];
        byte[] bArr2 = new byte[64];
        byte[] bytes = str.getBytes();
        if (bytes.length > 64) {
            bytes = messageDigest.digest(bytes);
        }
        int i = 0;
        while (i < bytes.length) {
            bArr[i] = (byte) (54 ^ bytes[i]);
            bArr2[i] = (byte) (92 ^ bytes[i]);
            i++;
        }
        while (i < 64) {
            bArr[i] = 54;
            int i2 = i;
            i++;
            bArr2[i2] = 92;
        }
        messageDigest.update(bArr);
        byte[] digest = messageDigest.digest(str2.getBytes());
        messageDigest.update(bArr2);
        return hexToString(messageDigest.digest(digest), false);
    }

    private static String hexToString(byte[] bArr, boolean z) {
        StringBuffer stringBuffer = new StringBuffer(64);
        stringBuffer.append("0x");
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append((int) hexbytes[(bArr[i] & 239) >> 4]);
            stringBuffer.append((int) hexbytes[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    public int getVersion() {
        return this.version;
    }
}
