package org.forgerock.opendj.ldap.requests;

import com.forgerock.opendj.ldap.CoreMessages;
import com.forgerock.opendj.util.StaticUtils;
import java.io.Serializable;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConnectionSecurityLayer;
import org.forgerock.opendj.ldap.LdapException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.controls.Control;
import org.forgerock.opendj.ldap.responses.BindResult;
import org.forgerock.util.Reject;
import org.forgerock.util.Utils;
import org.glassfish.grizzly.memory.AbstractMemoryManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/forgerock/opendj/ldap/requests/DigestMD5SASLBindRequestImpl.class */
public final class DigestMD5SASLBindRequestImpl extends AbstractSASLBindRequest<DigestMD5SASLBindRequest> implements DigestMD5SASLBindRequest {
    private final Map<String, String> additionalAuthParams;
    private String authenticationID;
    private String authorizationID;
    private String cipher;
    private Integer maxReceiveBufferSize;
    private Integer maxSendBufferSize;
    private byte[] password;
    private final List<String> qopValues;
    private String realm;
    private Boolean serverAuth;

    /* loaded from: input_file:org/forgerock/opendj/ldap/requests/DigestMD5SASLBindRequestImpl$Client.class */
    private static final class Client extends SASLBindClientImpl {
        private final String authenticationID;
        private final ByteString password;
        private final String realm;
        private final SaslClient saslClient;

        private Client(DigestMD5SASLBindRequestImpl digestMD5SASLBindRequestImpl, String str) throws LdapException {
            super(digestMD5SASLBindRequestImpl);
            this.authenticationID = digestMD5SASLBindRequestImpl.getAuthenticationID();
            this.password = ByteString.wrap(digestMD5SASLBindRequestImpl.getPassword());
            this.realm = digestMD5SASLBindRequestImpl.getRealm();
            HashMap hashMap = new HashMap();
            List<String> qOPs = digestMD5SASLBindRequestImpl.getQOPs();
            if (!qOPs.isEmpty()) {
                hashMap.put("javax.security.sasl.qop", Utils.joinAsString(",", qOPs));
            }
            String cipher = digestMD5SASLBindRequestImpl.getCipher();
            if (cipher != null) {
                if (cipher.equalsIgnoreCase(DigestMD5SASLBindRequest.CIPHER_LOW)) {
                    hashMap.put("javax.security.sasl.strength", "high,medium,low");
                } else if (cipher.equalsIgnoreCase(DigestMD5SASLBindRequest.CIPHER_MEDIUM)) {
                    hashMap.put("javax.security.sasl.strength", "high,medium");
                } else if (cipher.equalsIgnoreCase(DigestMD5SASLBindRequest.CIPHER_HIGH)) {
                    hashMap.put("javax.security.sasl.strength", DigestMD5SASLBindRequest.CIPHER_HIGH);
                } else {
                    hashMap.put("com.sun.security.sasl.digest.cipher", cipher);
                }
            }
            Boolean valueOf = Boolean.valueOf(digestMD5SASLBindRequestImpl.isServerAuth());
            if (valueOf != null) {
                hashMap.put("javax.security.sasl.server.authentication", String.valueOf(valueOf));
            }
            Integer valueOf2 = Integer.valueOf(digestMD5SASLBindRequestImpl.getMaxReceiveBufferSize());
            if (valueOf2 != null) {
                hashMap.put("javax.security.sasl.maxbuffer", String.valueOf(valueOf2));
            }
            Integer valueOf3 = Integer.valueOf(digestMD5SASLBindRequestImpl.getMaxSendBufferSize());
            if (valueOf3 != null) {
                hashMap.put("javax.security.sasl.sendmaxbuffer", String.valueOf(valueOf3));
            }
            for (Map.Entry<String, String> entry : digestMD5SASLBindRequestImpl.getAdditionalAuthParams().entrySet()) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
            try {
                this.saslClient = Sasl.createSaslClient(new String[]{DigestMD5SASLBindRequest.SASL_MECHANISM_NAME}, digestMD5SASLBindRequestImpl.getAuthorizationID(), "ldap", str, hashMap, this);
                if (this.saslClient.hasInitialResponse()) {
                    setNextSASLCredentials(this.saslClient.evaluateChallenge(new byte[0]));
                } else {
                    setNextSASLCredentials((ByteString) null);
                }
            } catch (SaslException e) {
                throw LdapException.newLdapException(ResultCode.CLIENT_SIDE_LOCAL_ERROR, (Throwable) e);
            }
        }

        @Override // org.forgerock.opendj.ldap.requests.BindClientImpl, org.forgerock.opendj.ldap.requests.BindClient, org.forgerock.opendj.ldap.ConnectionSecurityLayer
        public void dispose() {
            try {
                this.saslClient.dispose();
            } catch (SaslException e) {
            }
        }

        @Override // org.forgerock.opendj.ldap.requests.BindClientImpl, org.forgerock.opendj.ldap.requests.BindClient
        public boolean evaluateResult(BindResult bindResult) throws LdapException {
            if (this.saslClient.isComplete()) {
                return true;
            }
            try {
                setNextSASLCredentials(this.saslClient.evaluateChallenge(bindResult.getServerSASLCredentials() == null ? new byte[0] : bindResult.getServerSASLCredentials().toByteArray()));
                return this.saslClient.isComplete();
            } catch (SaslException e) {
                throw LdapException.newLdapException(ResultCode.CLIENT_SIDE_LOCAL_ERROR, "An error occurred during multi-stage authentication", e);
            }
        }

        @Override // org.forgerock.opendj.ldap.requests.BindClientImpl, org.forgerock.opendj.ldap.requests.BindClient
        public ConnectionSecurityLayer getConnectionSecurityLayer() {
            String str = (String) this.saslClient.getNegotiatedProperty("javax.security.sasl.qop");
            if (str.equalsIgnoreCase("auth-int") || str.equalsIgnoreCase("auth-conf")) {
                return this;
            }
            return null;
        }

        @Override // org.forgerock.opendj.ldap.requests.BindClientImpl, org.forgerock.opendj.ldap.ConnectionSecurityLayer
        public byte[] unwrap(byte[] bArr, int i, int i2) throws LdapException {
            try {
                return this.saslClient.unwrap(bArr, i, i2);
            } catch (SaslException e) {
                throw LdapException.newLdapException(ResultCode.CLIENT_SIDE_DECODING_ERROR, CoreMessages.ERR_SASL_PROTOCOL_ERROR.get(DigestMD5SASLBindRequest.SASL_MECHANISM_NAME, StaticUtils.getExceptionMessage(e)).toString(), e);
            }
        }

        @Override // org.forgerock.opendj.ldap.requests.BindClientImpl, org.forgerock.opendj.ldap.ConnectionSecurityLayer
        public byte[] wrap(byte[] bArr, int i, int i2) throws LdapException {
            try {
                return this.saslClient.wrap(bArr, i, i2);
            } catch (SaslException e) {
                throw LdapException.newLdapException(ResultCode.CLIENT_SIDE_ENCODING_ERROR, CoreMessages.ERR_SASL_PROTOCOL_ERROR.get(DigestMD5SASLBindRequest.SASL_MECHANISM_NAME, StaticUtils.getExceptionMessage(e)).toString(), e);
            }
        }

        @Override // org.forgerock.opendj.ldap.requests.SASLBindClientImpl
        void handle(NameCallback nameCallback) throws UnsupportedCallbackException {
            nameCallback.setName(this.authenticationID);
        }

        @Override // org.forgerock.opendj.ldap.requests.SASLBindClientImpl
        void handle(PasswordCallback passwordCallback) throws UnsupportedCallbackException {
            passwordCallback.setPassword(this.password.toString().toCharArray());
        }

        @Override // org.forgerock.opendj.ldap.requests.SASLBindClientImpl
        void handle(RealmCallback realmCallback) throws UnsupportedCallbackException {
            realmCallback.setText(this.realm != null ? this.realm : realmCallback.getDefaultText());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigestMD5SASLBindRequestImpl(DigestMD5SASLBindRequest digestMD5SASLBindRequest) {
        super(digestMD5SASLBindRequest);
        this.additionalAuthParams = new LinkedHashMap();
        this.qopValues = new LinkedList();
        this.additionalAuthParams.putAll(digestMD5SASLBindRequest.getAdditionalAuthParams());
        this.qopValues.addAll(digestMD5SASLBindRequest.getQOPs());
        this.cipher = digestMD5SASLBindRequest.getCipher();
        this.serverAuth = Boolean.valueOf(digestMD5SASLBindRequest.isServerAuth());
        this.maxReceiveBufferSize = Integer.valueOf(digestMD5SASLBindRequest.getMaxReceiveBufferSize());
        this.maxSendBufferSize = Integer.valueOf(digestMD5SASLBindRequest.getMaxSendBufferSize());
        this.authenticationID = digestMD5SASLBindRequest.getAuthenticationID();
        this.authorizationID = digestMD5SASLBindRequest.getAuthorizationID();
        this.password = StaticUtils.copyOfBytes(digestMD5SASLBindRequest.getPassword());
        this.realm = digestMD5SASLBindRequest.getRealm();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public DigestMD5SASLBindRequestImpl(String str, byte[] bArr) {
        this.additionalAuthParams = new LinkedHashMap();
        this.qopValues = new LinkedList();
        Reject.ifNull((Object[]) new Serializable[]{str, bArr});
        this.authenticationID = str;
        this.password = bArr;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest addAdditionalAuthParam(String str, String str2) {
        Reject.ifNull(str, str2);
        this.additionalAuthParams.put(str, str2);
        return this;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest addQOP(String... strArr) {
        for (String str : strArr) {
            this.qopValues.add(Reject.checkNotNull(str));
        }
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.BindRequest
    public BindClient createBindClient(String str) throws LdapException {
        return new Client(str);
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public Map<String, String> getAdditionalAuthParams() {
        return this.additionalAuthParams;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public String getAuthenticationID() {
        return this.authenticationID;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public String getAuthorizationID() {
        return this.authorizationID;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public String getCipher() {
        return this.cipher;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public int getMaxReceiveBufferSize() {
        return this.maxReceiveBufferSize == null ? AbstractMemoryManager.DEFAULT_MAX_BUFFER_SIZE : this.maxReceiveBufferSize.intValue();
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public int getMaxSendBufferSize() {
        return this.maxSendBufferSize == null ? AbstractMemoryManager.DEFAULT_MAX_BUFFER_SIZE : this.maxSendBufferSize.intValue();
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public byte[] getPassword() {
        return this.password;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public List<String> getQOPs() {
        return this.qopValues;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public String getRealm() {
        return this.realm;
    }

    @Override // org.forgerock.opendj.ldap.requests.SASLBindRequest
    public String getSASLMechanism() {
        return DigestMD5SASLBindRequest.SASL_MECHANISM_NAME;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public boolean isServerAuth() {
        if (this.serverAuth == null) {
            return false;
        }
        return this.serverAuth.booleanValue();
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setAuthenticationID(String str) {
        Reject.ifNull(str);
        this.authenticationID = str;
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setAuthorizationID(String str) {
        this.authorizationID = str;
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setCipher(String str) {
        this.cipher = str;
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setMaxReceiveBufferSize(int i) {
        this.maxReceiveBufferSize = Integer.valueOf(i);
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setMaxSendBufferSize(int i) {
        this.maxSendBufferSize = Integer.valueOf(i);
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setPassword(byte[] bArr) {
        Reject.ifNull(bArr);
        this.password = bArr;
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setPassword(char[] cArr) {
        Reject.ifNull(cArr);
        this.password = StaticUtils.getBytes(cArr);
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setRealm(String str) {
        this.realm = str;
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.DigestMD5SASLBindRequest
    public DigestMD5SASLBindRequest setServerAuth(boolean z) {
        this.serverAuth = Boolean.valueOf(z);
        return this;
    }

    @Override // org.forgerock.opendj.ldap.requests.AbstractRequestImpl
    public String toString() {
        return "DigestMD5SASLBindRequest(bindDN=" + getName() + ", authentication=SASL, saslMechanism=" + getSASLMechanism() + ", authenticationID=" + this.authenticationID + ", authorizationID=" + this.authorizationID + ", realm=" + this.realm + ", controls=" + getControls() + ")";
    }

    @Override // org.forgerock.opendj.ldap.requests.AbstractSASLBindRequest, org.forgerock.opendj.ldap.requests.AbstractBindRequest, org.forgerock.opendj.ldap.requests.AbstractRequestImpl, org.forgerock.opendj.ldap.requests.Request
    public /* bridge */ /* synthetic */ DigestMD5SASLBindRequest addControl(Control control) {
        return (DigestMD5SASLBindRequest) super.addControl(control);
    }
}
