package io.milton.ldap;

import com.sun.jndi.ldap.BerDecoder;
import io.milton.common.LogUtils;
import io.milton.http.webdav.PropFindPropertyBuilder;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.util.HashMap;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslServer;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/milton/ldap/LdapConnection.class */
public class LdapConnection extends Thread {
    protected SaslServer saslServer;
    protected BufferedInputStream is;
    private final UserFactory userFactory;
    private final LdapPropertyMapper propertyMapper;
    private final LdapResponseHandler responseHandler;
    private final LdapParser ldapParser;
    private final Socket client;
    private final SearchManager searchManager;
    private final LdapTransactionManager txManager;
    private LdapPrincipal user;
    private LineReaderInputStream in;
    private final OutputStream os;
    private String userName;
    private String password;
    private static final Logger log = LoggerFactory.getLogger(LdapConnection.class);
    protected static final byte[] EMPTY_BYTE_ARRAY = new byte[0];

    public LdapConnection(Socket socket, UserFactory userFactory, SearchManager searchManager, LdapTransactionManager ldapTransactionManager, PropFindPropertyBuilder propFindPropertyBuilder) {
        super(LdapConnection.class.getSimpleName() + "-" + socket.getPort());
        this.searchManager = searchManager;
        this.client = socket;
        this.txManager = ldapTransactionManager;
        setDaemon(true);
        this.userFactory = userFactory;
        this.propertyMapper = new LdapPropertyMapper(propFindPropertyBuilder);
        try {
            this.is = new BufferedInputStream(this.client.getInputStream());
            this.os = new BufferedOutputStream(this.client.getOutputStream());
            this.responseHandler = new LdapResponseHandler(this.client, this.os);
            this.ldapParser = new LdapParser(this.propertyMapper, this.responseHandler, this.userFactory);
            System.out.println("Created LDAP Connection handler");
        } catch (IOException e) {
            close();
            throw new RuntimeException(e);
        }
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        int read;
        byte[] bArr = new byte[2048];
        while (true) {
            try {
                try {
                    int read2 = this.is.read(bArr, 0, 1);
                    if (read2 < 0) {
                        break;
                    }
                    System.out.println("read bytes: " + read2);
                    int i = 0 + 1;
                    if (bArr[0] == 48) {
                        if (this.is.read(bArr, i, 1) < 0) {
                            break;
                        }
                        int i2 = i + 1;
                        int i3 = bArr[i];
                        if ((i3 & 128) == 128) {
                            int i4 = i3 & 127;
                            int i5 = 0;
                            boolean z = false;
                            while (true) {
                                if (i5 >= i4) {
                                    break;
                                }
                                int read3 = this.is.read(bArr, i2 + i5, i4 - i5);
                                if (read3 < 0) {
                                    z = true;
                                    break;
                                }
                                i5 += read3;
                            }
                            if (z) {
                                break;
                            }
                            i3 = 0;
                            for (int i6 = 0; i6 < i4; i6++) {
                                i3 = (i3 << 8) + (bArr[i2 + i6] & 255);
                            }
                            i2 += i5;
                        }
                        int i7 = i3;
                        if (i2 + i7 > bArr.length) {
                            byte[] bArr2 = new byte[i2 + i7];
                            System.arraycopy(bArr, 0, bArr2, 0, i2);
                            bArr = bArr2;
                        }
                        while (i7 > 0 && (read = this.is.read(bArr, i2, i7)) >= 0) {
                            i2 += read;
                            i7 -= read;
                        }
                        handleRequest(bArr, i2);
                    }
                } catch (SocketException e) {
                    log.debug("LOG_CONNECTION_CLOSED");
                    this.searchManager.cancelAllSearches(this);
                    close();
                    return;
                } catch (SocketTimeoutException e2) {
                    log.debug("LOG_CLOSE_CONNECTION_ON_TIMEOUT");
                    this.searchManager.cancelAllSearches(this);
                    close();
                    return;
                } catch (Exception e3) {
                    log.error("err", e3);
                    try {
                        this.responseHandler.sendErr(0, 97, e3);
                    } catch (IOException e4) {
                        log.warn("LOG_EXCEPTION_SENDING_ERROR_TO_CLIENT", e4);
                    }
                    this.searchManager.cancelAllSearches(this);
                    close();
                    return;
                }
            } catch (Throwable th) {
                this.searchManager.cancelAllSearches(this);
                close();
                throw th;
            }
        }
        this.searchManager.cancelAllSearches(this);
        close();
    }

    protected void handleRequest(byte[] bArr, int i) throws IOException {
        try {
            this.txManager.tx(() -> {
                try {
                    _handleRequest(bArr, i);
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            });
        } catch (Throwable th) {
            if (!(th.getCause() instanceof IOException)) {
                throw new RuntimeException(th);
            }
            throw ((IOException) th.getCause());
        }
    }

    protected void _handleRequest(byte[] bArr, int i) throws IOException {
        byte[] evaluateResponse;
        int i2;
        BerDecoder berDecoder = new BerDecoder(bArr, 0, i);
        int i3 = 0;
        try {
            berDecoder.parseSeq((int[]) null);
            i3 = berDecoder.parseInt();
            int peekByte = berDecoder.peekByte();
            if (peekByte == 96) {
                berDecoder.parseSeq((int[]) null);
                this.responseHandler.setVersion(berDecoder.parseInt());
                this.userName = berDecoder.parseString(this.responseHandler.isLdapV3());
                log.info("Bind user name: " + this.userName);
                if (berDecoder.peekByte() == 163) {
                    berDecoder.parseSeq((int[]) null);
                    String parseString = berDecoder.parseString(this.responseHandler.isLdapV3());
                    CallbackHandler callbackHandler = callbackArr -> {
                        for (Callback callback : callbackArr) {
                            if (callback instanceof NameCallback) {
                                this.userName = ((NameCallback) callback).getDefaultName();
                                this.password = this.userFactory.getUserPassword(this.userName);
                            }
                        }
                        for (Callback callback2 : callbackArr) {
                            if (callback2 instanceof AuthorizeCallback) {
                                ((AuthorizeCallback) callback2).setAuthorized(true);
                            } else if ((callback2 instanceof PasswordCallback) && this.password != null) {
                                ((PasswordCallback) callback2).setPassword(this.password.toCharArray());
                            }
                        }
                    };
                    if (berDecoder.bytesLeft() <= 0 || this.saslServer == null) {
                        HashMap hashMap = new HashMap();
                        hashMap.put("javax.security.sasl.qop", "auth,auth-int");
                        this.saslServer = Sasl.createSaslServer(parseString, "ldap", this.client.getLocalAddress().getHostAddress(), hashMap, callbackHandler);
                        evaluateResponse = this.saslServer.evaluateResponse(EMPTY_BYTE_ARRAY);
                        i2 = 14;
                    } else {
                        evaluateResponse = this.saslServer.evaluateResponse(berDecoder.parseOctetString(4, (int[]) null));
                        i2 = 0;
                        LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_BIND_USER", Integer.valueOf(i3), this.userName});
                        this.user = this.userFactory.getUser(this.userName, this.password);
                        if (this.user != null) {
                            LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_BIND_SUCCESS"});
                        } else {
                            LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_BIND", "No user! " + this.userName});
                        }
                    }
                    this.responseHandler.sendBindResponse(i3, i2, evaluateResponse);
                } else {
                    this.password = berDecoder.parseStringWithTag(128, this.responseHandler.isLdapV3(), (int[]) null);
                    if (this.userName.length() <= 0 || this.password.length() <= 0) {
                        LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_BIND_ANONYMOUS", Integer.valueOf(i3)});
                        this.responseHandler.sendClient(i3, 97, 0, "");
                    } else {
                        LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_BIND_USER", Integer.valueOf(i3), this.userName});
                        try {
                            this.user = this.userFactory.getUser(this.userName, this.password);
                            LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_BIND_SUCCESS"});
                            this.responseHandler.sendClient(i3, 97, 0, "");
                        } catch (IOException e) {
                            LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_BIND_INVALID_CREDENTIALS"});
                            this.responseHandler.sendClient(i3, 97, 49, "");
                        }
                    }
                }
            } else if (peekByte == 66) {
                LogUtils.debug(log, new Object[]{"LOG_LDAP_REQ_UNBIND", Integer.valueOf(i3)});
                if (this.user != null) {
                    this.user = null;
                }
            } else if (peekByte == 99) {
                berDecoder.parseSeq((int[]) null);
                String parseString2 = berDecoder.parseString(this.responseHandler.isLdapV3());
                log.info("Parsed DN: " + parseString2);
                int parseEnumeration = berDecoder.parseEnumeration();
                berDecoder.parseEnumeration();
                int parseInt = berDecoder.parseInt();
                if (parseInt > 100 || parseInt == 0) {
                    parseInt = 100;
                }
                int parseInt2 = berDecoder.parseInt();
                berDecoder.parseBoolean();
                SearchRunnable searchRunnable = new SearchRunnable(this.userFactory, this.propertyMapper, i3, parseString2, parseEnumeration, parseInt, parseInt2, this.ldapParser.parseFilter(berDecoder, this.user, this.userName), this.ldapParser.parseReturningAttributes(berDecoder), this.responseHandler, this.user, this.searchManager);
                if ("ou=people".equalsIgnoreCase(parseString2) || "cn=users, o=od".equalsIgnoreCase(parseString2) || "cn=users, ou=people".equalsIgnoreCase(parseString2)) {
                    this.searchManager.beginAsyncSearch(this, i3, searchRunnable);
                } else {
                    this.searchManager.search(this, searchRunnable);
                }
            } else if (peekByte == 80) {
                this.searchManager.abandonSearch(this, i3, berDecoder);
            } else {
                LogUtils.debug(log, new Object[]{"LOG_LDAP_UNSUPPORTED_OPERATION", Integer.valueOf(peekByte)});
                this.responseHandler.sendClient(i3, 101, 80, "Unsupported operation");
            }
        } catch (IOException e2) {
            this.responseHandler.dumpBer(bArr, i);
            try {
                this.responseHandler.sendErr(i3, 101, e2);
            } catch (IOException e3) {
                log.debug("LOG_EXCEPTION_SENDING_ERROR_TO_CLIENT", e3);
            }
            throw e2;
        }
    }

    public final void close() {
        IOUtils.closeQuietly(this.in);
        IOUtils.closeQuietly(this.os);
        try {
            this.client.close();
        } catch (IOException e) {
            log.warn("LOG_EXCEPTION_CLOSING_CLIENT_SOCKET", e);
        }
    }
}
