package org.apache.directory.server.ldap.handlers.extended;

import java.security.SecureRandom;
import java.security.Security;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.directory.api.ldap.extras.extended.startTls.StartTlsResponseImpl;
import org.apache.directory.api.ldap.model.message.ExtendedRequest;
import org.apache.directory.api.ldap.model.message.ExtendedResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.ldap.client.api.NoVerificationTrustManager;
import org.apache.directory.server.i18n.I18n;
import org.apache.directory.server.ldap.ExtendedOperationHandler;
import org.apache.directory.server.ldap.LdapServer;
import org.apache.directory.server.ldap.LdapSession;
import org.apache.directory.server.protocol.shared.transport.TcpTransport;
import org.apache.mina.core.filterchain.IoFilterChain;
import org.apache.mina.filter.ssl.SslFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/directory/server/ldap/handlers/extended/StartTlsHandler.class */
public class StartTlsHandler implements ExtendedOperationHandler<ExtendedRequest, ExtendedResponse> {
    public static final String EXTENSION_OID = "1.3.6.1.4.1.1466.20037";
    private static final Set<String> EXTENSION_OIDS;
    private static final Logger LOG = LoggerFactory.getLogger(StartTlsHandler.class);
    private SSLContext sslContext;
    private List<String> cipherSuite;
    private List<String> enabledProtocols;
    private boolean needClientAuth;
    private boolean wantClientAuth;

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public void handleExtendedOperation(LdapSession ldapSession, ExtendedRequest extendedRequest) throws Exception {
        LOG.info("Handling StartTLS request.");
        IoFilterChain filterChain = ldapSession.getIoSession().getFilterChain();
        SslFilter sslFilter = filterChain.get("sslFilter");
        if (sslFilter == null) {
            SslFilter sslFilter2 = new SslFilter(this.sslContext, false);
            if (this.cipherSuite != null && !this.cipherSuite.isEmpty()) {
                sslFilter2.setEnabledCipherSuites((String[]) this.cipherSuite.toArray(new String[this.cipherSuite.size()]));
            }
            if (this.enabledProtocols == null || this.enabledProtocols.isEmpty()) {
                sslFilter2.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
            } else {
                sslFilter2.setEnabledProtocols((String[]) this.enabledProtocols.toArray(new String[this.enabledProtocols.size()]));
            }
            sslFilter2.setNeedClientAuth(this.needClientAuth);
            sslFilter2.setWantClientAuth(this.wantClientAuth);
            filterChain.addFirst("sslFilter", sslFilter2);
        } else {
            sslFilter.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
            sslFilter.startSsl(ldapSession.getIoSession());
        }
        StartTlsResponseImpl startTlsResponseImpl = new StartTlsResponseImpl(extendedRequest.getMessageId());
        startTlsResponseImpl.getLdapResult().setResultCode(ResultCodeEnum.SUCCESS);
        startTlsResponseImpl.setResponseName(EXTENSION_OID);
        ldapSession.getIoSession().setAttribute(SslFilter.DISABLE_ENCRYPTION_ONCE);
        ldapSession.getIoSession().write(startTlsResponseImpl);
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public final Set<String> getExtensionOids() {
        return EXTENSION_OIDS;
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public final String getOid() {
        return EXTENSION_OID;
    }

    @Override // org.apache.directory.server.ldap.ExtendedOperationHandler
    public void setLdapServer(LdapServer ldapServer) {
        LOG.debug("Setting LDAP Service");
        LOG.debug("provider = {}", Security.getProvider("SUN"));
        try {
            this.sslContext = SSLContext.getInstance("TLS");
            try {
                this.sslContext.init(ldapServer.getKeyManagerFactory().getKeyManagers(), new TrustManager[]{new NoVerificationTrustManager()}, new SecureRandom());
                for (TcpTransport tcpTransport : ldapServer.getTransports()) {
                    if (tcpTransport instanceof TcpTransport) {
                        TcpTransport tcpTransport2 = tcpTransport;
                        this.cipherSuite = tcpTransport2.getCipherSuite();
                        this.enabledProtocols = tcpTransport2.getEnabledProtocols();
                        this.needClientAuth = tcpTransport2.isNeedClientAuth();
                        this.wantClientAuth = tcpTransport2.isWantClientAuth();
                        return;
                    }
                }
            } catch (Exception e) {
                throw new RuntimeException(I18n.err(I18n.ERR_682, new Object[0]), e);
            }
        } catch (Exception e2) {
            throw new RuntimeException(I18n.err(I18n.ERR_681, new Object[0]), e2);
        }
    }

    static {
        HashSet hashSet = new HashSet(3);
        hashSet.add(EXTENSION_OID);
        EXTENSION_OIDS = Collections.unmodifiableSet(hashSet);
    }
}
