package org.keycloak.util.ldap;

import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.text.StrSubstitutor;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.ldif.LdifEntry;
import org.apache.directory.api.ldap.model.ldif.LdifReader;
import org.apache.directory.server.core.api.DirectoryService;
import org.apache.directory.server.core.api.interceptor.Interceptor;
import org.apache.directory.server.core.api.partition.Partition;
import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
import org.apache.directory.server.core.factory.JdbmPartitionFactory;
import org.apache.directory.server.core.normalization.NormalizationInterceptor;
import org.apache.directory.server.ldap.ExtendedOperationHandler;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.handlers.extended.PwdModifyHandler;
import org.apache.directory.server.ldap.handlers.extended.StartTlsHandler;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.directory.server.protocol.shared.transport.Transport;
import org.jboss.logging.Logger;
import org.keycloak.common.util.FindFile;
import org.keycloak.common.util.StreamUtil;

/* loaded from: input_file:org/keycloak/util/ldap/LDAPEmbeddedServer.class */
public class LDAPEmbeddedServer {
    private static final Logger log = Logger.getLogger(LDAPEmbeddedServer.class);
    private static final int PAGE_SIZE = 30;
    public static final String PROPERTY_BASE_DN = "ldap.baseDN";
    public static final String PROPERTY_BIND_HOST = "ldap.host";
    public static final String PROPERTY_BIND_PORT = "ldap.port";
    public static final String PROPERTY_BIND_LDAPS_PORT = "ldaps.port";
    public static final String PROPERTY_LDIF_FILE = "ldap.ldif";
    public static final String PROPERTY_SASL_PRINCIPAL = "ldap.saslPrincipal";
    public static final String PROPERTY_DSF = "ldap.dsf";
    public static final String PROPERTY_ENABLE_ACCESS_CONTROL = "enableAccessControl";
    public static final String PROPERTY_ENABLE_ANONYMOUS_ACCESS = "enableAnonymousAccess";
    public static final String PROPERTY_ENABLE_SSL = "enableSSL";
    public static final String PROPERTY_ENABLE_STARTTLS = "enableStartTLS";
    public static final String PROPERTY_SET_CONFIDENTIALITY_REQUIRED = "setConfidentialityRequired";
    private static final String DEFAULT_BASE_DN = "dc=keycloak,dc=org";
    private static final String DEFAULT_BIND_HOST = "localhost";
    private static final String DEFAULT_BIND_PORT = "10389";
    private static final String DEFAULT_BIND_LDAPS_PORT = "10636";
    private static final String DEFAULT_LDIF_FILE = "classpath:ldap/default-users.ldif";
    private static final String PROPERTY_KEYSTORE_FILE = "keystoreFile";
    private static final String PROPERTY_CERTIFICATE_PASSWORD = "certificatePassword";
    public static final String DSF_INMEMORY = "mem";
    public static final String DSF_FILE = "file";
    public static final String DEFAULT_DSF = "file";
    protected Properties defaultProperties;
    protected boolean enableAccessControl;
    protected boolean enableAnonymousAccess;
    protected boolean enableSSL;
    protected boolean enableStartTLS;
    protected boolean setConfidentialityRequired;
    protected DirectoryService directoryService;
    protected LdapServer ldapServer;
    protected String baseDN = readProperty(PROPERTY_BASE_DN, DEFAULT_BASE_DN);
    protected String bindHost = readProperty(PROPERTY_BIND_HOST, DEFAULT_BIND_HOST);
    protected int bindPort = Integer.parseInt(readProperty(PROPERTY_BIND_PORT, DEFAULT_BIND_PORT));
    protected int bindLdapsPort = Integer.parseInt(readProperty(PROPERTY_BIND_LDAPS_PORT, DEFAULT_BIND_LDAPS_PORT));
    protected String ldifFile = readProperty(PROPERTY_LDIF_FILE, DEFAULT_LDIF_FILE);
    protected String ldapSaslPrincipal = readProperty(PROPERTY_SASL_PRINCIPAL, null);
    protected String directoryServiceFactory = readProperty(PROPERTY_DSF, "file");
    protected String keystoreFile = readProperty(PROPERTY_KEYSTORE_FILE, null);
    protected String certPassword = readProperty(PROPERTY_CERTIFICATE_PASSWORD, null);

    public int getBindPort() {
        return this.bindPort;
    }

    public int getBindLdapsPort() {
        return this.bindLdapsPort;
    }

    public static void main(String[] strArr) throws Exception {
        Properties properties = new Properties();
        properties.put(PROPERTY_DSF, "file");
        execute(strArr, properties);
    }

    public static void execute(String[] strArr, Properties properties) throws Exception {
        LDAPEmbeddedServer lDAPEmbeddedServer = new LDAPEmbeddedServer(properties);
        lDAPEmbeddedServer.init();
        lDAPEmbeddedServer.start();
        Runtime.getRuntime().addShutdownHook(new Thread() { // from class: org.keycloak.util.ldap.LDAPEmbeddedServer.1
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                try {
                    LDAPEmbeddedServer.this.stop();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        });
    }

    public LDAPEmbeddedServer(Properties properties) {
        this.enableAccessControl = false;
        this.enableAnonymousAccess = false;
        this.enableSSL = false;
        this.enableStartTLS = false;
        this.setConfidentialityRequired = false;
        this.defaultProperties = properties;
        this.enableAccessControl = Boolean.valueOf(readProperty(PROPERTY_ENABLE_ACCESS_CONTROL, "false")).booleanValue();
        this.enableAnonymousAccess = Boolean.valueOf(readProperty(PROPERTY_ENABLE_ANONYMOUS_ACCESS, "false")).booleanValue();
        this.enableSSL = Boolean.valueOf(readProperty(PROPERTY_ENABLE_SSL, "false")).booleanValue();
        this.enableStartTLS = Boolean.valueOf(readProperty(PROPERTY_ENABLE_STARTTLS, "false")).booleanValue();
        this.setConfidentialityRequired = Boolean.valueOf(readProperty(PROPERTY_SET_CONFIDENTIALITY_REQUIRED, "false")).booleanValue();
    }

    protected String readProperty(String str, String str2) {
        String property = System.getProperty(str);
        if (property == null || property.isEmpty()) {
            property = (String) this.defaultProperties.get(str);
        }
        if (property == null || property.isEmpty()) {
            property = str2;
        }
        return property;
    }

    public void init() throws Exception {
        log.info("Creating LDAP Directory Service. Config: baseDN=" + this.baseDN + ", bindHost=" + this.bindHost + ", bindPort=" + this.bindPort + ", ldapSaslPrincipal=" + this.ldapSaslPrincipal + ", directoryServiceFactory=" + this.directoryServiceFactory + ", ldif=" + this.ldifFile + ", enableSSL=" + this.enableSSL + ", enableStartTLS: " + this.enableStartTLS + ", keystoreFile: " + this.keystoreFile + ", default java keystore type: " + KeyStore.getDefaultType());
        this.directoryService = createDirectoryService();
        log.info("Importing LDIF: " + this.ldifFile);
        importLdif();
        log.info("Creating LDAP server..");
        this.ldapServer = createLdapServer();
    }

    public void start() throws Exception {
        log.info("Starting LDAP server..");
        this.ldapServer.start();
        if (this.ldapServer.isStarted() && this.ldapServer.getDirectoryService().isStarted()) {
            log.info("LDAP server started.");
        } else {
            if (!this.ldapServer.isStarted()) {
                throw new RuntimeException("Failed to start the LDAP server!");
            }
            if (!this.ldapServer.getDirectoryService().isStarted()) {
                throw new RuntimeException("Failed to start the directory service for the LDAP server!");
            }
        }
    }

    protected DirectoryService createDirectoryService() throws Exception {
        String str = this.baseDN.split(",")[0];
        String substring = str.substring(str.indexOf("=") + 1);
        if (this.directoryServiceFactory.equals(DSF_INMEMORY)) {
            System.setProperty("apacheds.partition.factory", JdbmPartitionFactoryFast.class.getName());
        } else {
            if (!this.directoryServiceFactory.equals("file")) {
                throw new IllegalStateException("Unknown value of directoryServiceFactory: " + this.directoryServiceFactory);
            }
            System.setProperty("apacheds.partition.factory", JdbmPartitionFactory.class.getName());
        }
        DefaultDirectoryServiceFactory defaultDirectoryServiceFactory = new DefaultDirectoryServiceFactory();
        DirectoryService directoryService = defaultDirectoryServiceFactory.getDirectoryService();
        directoryService.setAccessControlEnabled(this.enableAccessControl);
        directoryService.setAllowAnonymousAccess(this.enableAnonymousAccess);
        directoryService.getChangeLog().setEnabled(false);
        defaultDirectoryServiceFactory.init(substring + "DS");
        Partition createPartition = defaultDirectoryServiceFactory.getPartitionFactory().createPartition(directoryService.getSchemaManager(), directoryService.getDnFactory(), substring, this.baseDN, 1000, new File(directoryService.getInstanceLayout().getPartitionsDirectory(), substring));
        createPartition.initialize();
        createPartition.setSchemaManager(directoryService.getSchemaManager());
        directoryService.addPartition(createPartition);
        importLdifContent(directoryService, "dn: " + this.baseDN + "\ndc: " + substring + "\nobjectClass: top\nobjectClass: domain\n\n");
        if (this.directoryServiceFactory.equals(DSF_INMEMORY)) {
            List interceptors = directoryService.getInterceptors();
            int i = -1;
            for (int i2 = 0; i2 < interceptors.size(); i2++) {
                if (((Interceptor) interceptors.get(i2)) instanceof NormalizationInterceptor) {
                    i = i2;
                }
            }
            RangedAttributeInterceptor rangedAttributeInterceptor = new RangedAttributeInterceptor("member", PAGE_SIZE);
            rangedAttributeInterceptor.init(directoryService);
            interceptors.add(i + 1, rangedAttributeInterceptor);
            directoryService.setInterceptors(interceptors);
        }
        return directoryService;
    }

    protected LdapServer createLdapServer() {
        LdapServer ldapServer = new LdapServer();
        ldapServer.setServiceName("DefaultLdapServer");
        ldapServer.setSearchBaseDn(this.baseDN);
        ldapServer.setConfidentialityRequired(this.setConfidentialityRequired);
        ldapServer.addTransports(new Transport[]{new TcpTransport(this.bindHost, this.bindPort, 3, 50)});
        if (this.enableSSL || this.enableStartTLS) {
            ldapServer.setKeystoreFile(this.keystoreFile);
            ldapServer.setCertificatePassword(this.certPassword);
            if (this.enableSSL) {
                Transport tcpTransport = new TcpTransport(this.bindHost, this.bindLdapsPort, 3, 50);
                tcpTransport.setEnableSSL(true);
                ldapServer.addTransports(new Transport[]{tcpTransport});
                if (tcpTransport.isSSLEnabled()) {
                    log.info("Enabled SSL support on the LDAP server.");
                }
            }
            if (this.enableStartTLS) {
                try {
                    ldapServer.addExtendedOperationHandler(new StartTlsHandler());
                    Iterator it = ldapServer.getExtendedOperationHandlers().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (((ExtendedOperationHandler) it.next()).getOid().equals("1.3.6.1.4.1.1466.20037")) {
                            log.info("Enabled StartTLS support on the LDAP server.");
                            break;
                        }
                    }
                } catch (Exception e) {
                    throw new IllegalStateException("Cannot add the StartTLS extension handler: ", e);
                }
            }
        }
        if (this.setConfidentialityRequired) {
            ldapServer.setConfidentialityRequired(true);
            if (ldapServer.isConfidentialityRequired()) {
                log.info("Configured the LDAP server to accepts only requests with a secured connection.");
            }
        }
        ldapServer.setDirectoryService(this.directoryService);
        try {
            ldapServer.addExtendedOperationHandler(new PwdModifyHandler());
            if (this.enableAccessControl) {
                if (this.enableAnonymousAccess) {
                    throw new IllegalStateException("Illegal to enable both the access control subsystem and the anonymous access at the same time! See: http://directory.apache.org/apacheds/gen-docs/latest/apidocs/src-html/org/apache/directory/server/core/DefaultDirectoryService.html#line.399 for details.");
                }
                this.directoryService.setAccessControlEnabled(true);
                if (this.directoryService.isAccessControlEnabled()) {
                    log.info("Enabled basic access control checks on the LDAP server.");
                }
            } else if (this.enableAnonymousAccess) {
                this.directoryService.setAllowAnonymousAccess(true);
                this.directoryService.setAccessControlEnabled(false);
                if (this.directoryService.isAllowAnonymousAccess() && !this.directoryService.isAccessControlEnabled()) {
                    log.info("Enabled anonymous access on the LDAP server.");
                }
            }
            return ldapServer;
        } catch (LdapException e2) {
            throw new IllegalStateException("It wasn't possible to add PwdModifyHandler");
        }
    }

    private void importLdif() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("hostname", this.bindHost);
        if (this.ldapSaslPrincipal != null) {
            hashMap.put("ldapSaslPrincipal", this.ldapSaslPrincipal);
        }
        InputStream findFile = FindFile.findFile(this.ldifFile);
        if (findFile == null) {
            throw new IllegalStateException("LDIF file not found on classpath or on file system. Location was: " + this.ldifFile);
        }
        String replace = StrSubstitutor.replace(StreamUtil.readString(findFile), hashMap);
        log.info("Content of LDIF: " + replace);
        this.directoryService.getSchemaManager();
        importLdifContent(this.directoryService, replace);
    }

    private static void importLdifContent(DirectoryService directoryService, String str) throws Exception {
        LdifReader ldifReader = new LdifReader(IOUtils.toInputStream(str));
        try {
            Iterator it = ldifReader.iterator();
            while (it.hasNext()) {
                LdifEntry ldifEntry = (LdifEntry) it.next();
                try {
                    directoryService.getAdminSession().add(new DefaultEntry(directoryService.getSchemaManager(), ldifEntry.getEntry()));
                } catch (LdapEntryAlreadyExistsException e) {
                    log.info("Entry " + String.valueOf(ldifEntry.getDn()) + " already exists. Ignoring.");
                }
            }
        } finally {
            ldifReader.close();
        }
    }

    public void stop() throws Exception {
        stopLdapServer();
        shutdownDirectoryService();
    }

    protected void stopLdapServer() {
        log.info("Stopping LDAP server.");
        this.ldapServer.stop();
    }

    protected void shutdownDirectoryService() throws Exception {
        log.info("Stopping Directory service.");
        this.directoryService.shutdown();
        File instanceDirectory = this.directoryService.getInstanceLayout().getInstanceDirectory();
        if (!this.directoryServiceFactory.equals(DSF_INMEMORY)) {
            log.info("Working LDAP directory not deleted. Delete it manually if you want to start with fresh LDAP data. Directory location: " + instanceDirectory.getAbsolutePath());
        } else {
            log.infof("Removing Directory service workfiles: %s", instanceDirectory.getAbsolutePath());
            FileUtils.deleteDirectory(instanceDirectory);
        }
    }
}
