package com.sun.jndi.ldap.sasl;

import com.sun.jndi.ldap.Connection;
import com.sun.jndi.ldap.LdapClient;
import com.sun.jndi.ldap.LdapResult;
import com.sun.security.sasl.ClientFactory;
import com.sun.security.sasl.preview.Sasl;
import com.sun.security.sasl.preview.SaslClient;
import com.sun.security.sasl.preview.SaslClientFactory;
import com.sun.security.sasl.preview.SaslException;
import java.io.IOException;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.AuthenticationException;
import javax.naming.AuthenticationNotSupportedException;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.security.auth.callback.CallbackHandler;

/* loaded from: input_file:cn142-20050929-sdk.jar:sdk/jre/lib/ext/ldapsec.jar:com/sun/jndi/ldap/sasl/LdapSasl.class */
public final class LdapSasl {
    private static final String SASL_CALLBACK = "java.naming.security.sasl.callback";
    private static final String SASL_AUTHZ_ID = "java.naming.security.sasl.authorizationId";
    private static final String SASL_REALM = "java.naming.security.sasl.realm";
    private static final int LDAP_SUCCESS = 0;
    private static final int LDAP_SASL_BIND_IN_PROGRESS = 14;
    private static SaslClientFactory mySaslFactory = new ClientFactory();
    private static final byte[] NO_BYTES = new byte[0];

    private LdapSasl() {
    }

    public static LdapResult saslBind(LdapClient ldapClient, Connection connection, String str, String str2, Object obj, String str3, Hashtable hashtable, Control[] controlArr) throws IOException, NamingException {
        boolean z = false;
        CallbackHandler callbackHandler = hashtable != null ? (CallbackHandler) hashtable.get(SASL_CALLBACK) : null;
        if (callbackHandler == null) {
            callbackHandler = new DefaultCallbackHandler(str2, obj, (String) hashtable.get(SASL_REALM));
            z = true;
        }
        String str4 = hashtable != null ? (String) hashtable.get(SASL_AUTHZ_ID) : null;
        String[] saslMechanismNames = getSaslMechanismNames(str3);
        try {
            try {
                SaslClient createSaslClient = Sasl.createSaslClient(saslMechanismNames, str4, "ldap", str, hashtable, callbackHandler);
                if (createSaslClient == null) {
                    createSaslClient = mySaslFactory.createSaslClient(saslMechanismNames, str4, "ldap", str, hashtable, callbackHandler);
                }
                if (createSaslClient == null) {
                    throw new AuthenticationNotSupportedException(str3);
                }
                String mechanismName = createSaslClient.getMechanismName();
                LdapResult ldapBind = ldapClient.ldapBind(null, createSaslClient.hasInitialResponse() ? createSaslClient.evaluateChallenge(NO_BYTES) : null, controlArr, mechanismName, true);
                while (true) {
                    if (createSaslClient.isComplete() || (ldapBind.status != 14 && ldapBind.status != 0)) {
                        break;
                    }
                    byte[] evaluateChallenge = createSaslClient.evaluateChallenge(ldapBind.serverCreds != null ? ldapBind.serverCreds : NO_BYTES);
                    if (ldapBind.status != 0) {
                        ldapBind = ldapClient.ldapBind(null, evaluateChallenge, controlArr, mechanismName, true);
                    } else if (evaluateChallenge != null) {
                        throw new AuthenticationException("SASL client generated response after success");
                    }
                }
                if (ldapBind.status == 0) {
                    if (!createSaslClient.isComplete()) {
                        throw new AuthenticationException("SASL authentication not complete despite server claims");
                    }
                    String negotiatedProperty = createSaslClient.getNegotiatedProperty(Sasl.QOP);
                    if (negotiatedProperty == null || !(negotiatedProperty.equalsIgnoreCase("auth-int") || negotiatedProperty.equalsIgnoreCase("auth-conf"))) {
                        createSaslClient.dispose();
                    } else {
                        connection.replaceStreams(new SaslInputStream(createSaslClient, connection.inStream), new SaslOutputStream(createSaslClient, connection.outStream));
                    }
                }
                return ldapBind;
            } catch (SaslException e) {
                AuthenticationException authenticationException = new AuthenticationException(str3);
                authenticationException.setRootCause(e);
                throw authenticationException;
            }
        } finally {
            if (z) {
                ((DefaultCallbackHandler) callbackHandler).clearPassword();
            }
        }
    }

    private static String[] getSaslMechanismNames(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str);
        Vector vector = new Vector(10);
        while (stringTokenizer.hasMoreTokens()) {
            vector.addElement(stringTokenizer.nextToken());
        }
        String[] strArr = new String[vector.size()];
        for (int i = 0; i < vector.size(); i++) {
            strArr[i] = (String) vector.elementAt(i);
        }
        return strArr;
    }
}
