package org.apache.activemq.artemis.spi.core.security.jaas;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.activemq.artemis.core.persistence.impl.journal.JournalRecordIds;
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
import org.apache.activemq.artemis.core.server.impl.LegacyLDAPSecuritySettingPlugin;
import org.apache.activemq.artemis.utils.ExceptionUtil;
import org.apache.activemq.artemis.utils.PasswordMaskingUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.class */
public class LDAPLoginModule implements AuditLoginModule {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    protected DirContext context;
    private Subject subject;
    private CallbackHandler handler;
    private String username;
    private List<String> noCacheExceptions;
    private final Set<LDAPLoginProperty> config = new HashSet();
    private final Set<RolePrincipal> groups = new HashSet();
    private boolean userAuthenticated = false;
    private boolean authenticateUser = true;
    private Subject brokerGssapiIdentity = null;
    private boolean isRoleAttributeSet = false;
    private String roleAttributeName = null;
    private String codecClass = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule$ConfigKey.class */
    public enum ConfigKey {
        DEBUG("debug"),
        INITIAL_CONTEXT_FACTORY(LegacyLDAPSecuritySettingPlugin.INITIAL_CONTEXT_FACTORY),
        CONNECTION_URL(LegacyLDAPSecuritySettingPlugin.CONNECTION_URL),
        CONNECTION_USERNAME(LegacyLDAPSecuritySettingPlugin.CONNECTION_USERNAME),
        CONNECTION_PASSWORD(LegacyLDAPSecuritySettingPlugin.CONNECTION_PASSWORD),
        CONNECTION_PROTOCOL(LegacyLDAPSecuritySettingPlugin.CONNECTION_PROTOCOL),
        AUTHENTICATION(LegacyLDAPSecuritySettingPlugin.AUTHENTICATION),
        USER_BASE("userBase"),
        USER_SEARCH_MATCHING("userSearchMatching"),
        USER_SEARCH_SUBTREE("userSearchSubtree"),
        ROLE_BASE("roleBase"),
        ROLE_NAME("roleName"),
        ROLE_SEARCH_MATCHING("roleSearchMatching"),
        ROLE_SEARCH_SUBTREE("roleSearchSubtree"),
        USER_ROLE_NAME("userRoleName"),
        EXPAND_ROLES("expandRoles"),
        EXPAND_ROLES_MATCHING("expandRolesMatching"),
        SASL_LOGIN_CONFIG_SCOPE("saslLoginConfigScope"),
        AUTHENTICATE_USER("authenticateUser"),
        REFERRAL("referral"),
        IGNORE_PARTIAL_RESULT_EXCEPTION("ignorePartialResultException"),
        PASSWORD_CODEC("passwordCodec"),
        CONNECTION_POOL("connectionPool"),
        CONNECTION_TIMEOUT("connectionTimeout"),
        READ_TIMEOUT("readTimeout"),
        NO_CACHE_EXCEPTIONS("noCacheExceptions");

        private final String name;

        ConfigKey(String str) {
            this.name = str;
        }

        String getName() {
            return this.name;
        }

        static boolean contains(String str) {
            for (ConfigKey configKey : values()) {
                if (configKey.name.equals(str)) {
                    return true;
                }
            }
            return false;
        }
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.handler = callbackHandler;
        this.config.clear();
        for (Map.Entry<String, ?> entry : map2.entrySet()) {
            if (entry.getValue() instanceof String) {
                this.config.add(new LDAPLoginProperty(entry.getKey(), (String) entry.getValue()));
            }
        }
        if (isLoginPropertySet(ConfigKey.AUTHENTICATE_USER)) {
            this.authenticateUser = Boolean.parseBoolean(getLDAPPropertyValue(ConfigKey.AUTHENTICATE_USER));
        }
        this.isRoleAttributeSet = isLoginPropertySet(ConfigKey.ROLE_NAME);
        this.roleAttributeName = getLDAPPropertyValue(ConfigKey.ROLE_NAME);
        this.codecClass = getLDAPPropertyValue(ConfigKey.PASSWORD_CODEC);
        if (!isLoginPropertySet(ConfigKey.NO_CACHE_EXCEPTIONS)) {
            this.noCacheExceptions = Collections.emptyList();
        } else {
            this.noCacheExceptions = Arrays.asList(getLDAPPropertyValue(ConfigKey.NO_CACHE_EXCEPTIONS).split(","));
            this.noCacheExceptions.replaceAll((v0) -> {
                return v0.trim();
            });
        }
    }

    private String getPlainPassword(String str) {
        try {
            return PasswordMaskingUtil.resolveMask(str, this.codecClass);
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to decode password", e);
        }
    }

    public boolean login() throws LoginException {
        if (!this.authenticateUser) {
            return false;
        }
        NameCallback[] nameCallbackArr = {new NameCallback("User name"), new PasswordCallback("Password", false)};
        try {
            this.handler.handle(nameCallbackArr);
            String str = null;
            this.username = nameCallbackArr[0].getName();
            if (this.username == null) {
                return false;
            }
            if (((PasswordCallback) nameCallbackArr[1]).getPassword() != null) {
                str = new String(((PasswordCallback) nameCallbackArr[1]).getPassword());
            }
            if (str == null || str.length() == 0) {
                throw new FailedLoginException("Password cannot be null or empty");
            }
            authenticate(this.username, str);
            this.userAuthenticated = true;
            return true;
        } catch (IOException | UnsupportedCallbackException e) {
            throw ((LoginException) new LoginException().initCause(e));
        }
    }

    public boolean logout() throws LoginException {
        clear();
        return true;
    }

    public boolean commit() throws LoginException {
        boolean z = this.userAuthenticated;
        Set<UserPrincipal> principals = this.subject.getPrincipals(UserPrincipal.class);
        Set<Principal> principals2 = this.subject.getPrincipals();
        if (z) {
            principals2.add(new UserPrincipal(this.username));
        }
        for (UserPrincipal userPrincipal : principals) {
            ArrayList arrayList = new ArrayList();
            try {
                resolveRolesForDN(this.context, resolveDN(userPrincipal.getName(), arrayList), userPrincipal.getName(), arrayList);
            } catch (NamingException e) {
                closeContext();
                FailedLoginException failedLoginException = new FailedLoginException("Error contacting LDAP");
                failedLoginException.initCause(e);
                throw failedLoginException;
            }
        }
        principals2.addAll(this.groups);
        clear();
        return z;
    }

    private void clear() {
        this.username = null;
        this.userAuthenticated = false;
        closeContext();
    }

    public boolean abort() throws LoginException {
        registerFailureForAudit(this.username);
        clear();
        return true;
    }

    protected void closeContext() {
        if (this.context != null) {
            try {
                this.context.close();
                this.context = null;
            } catch (Exception e) {
                ActiveMQServerLogger.LOGGER.failedToCloseContext(e);
            }
        }
    }

    protected boolean authenticate(String str, String str2) throws LoginException {
        ArrayList arrayList = new ArrayList();
        try {
            String resolveDN = resolveDN(str, arrayList);
            if (!bindUser(this.context, resolveDN, str2)) {
                throw new FailedLoginException("Password does not match for user: " + str);
            }
            resolveRolesForDN(this.context, resolveDN, str, arrayList);
            return true;
        } catch (NamingException e) {
            closeContext();
            FailedLoginException failedLoginException = new FailedLoginException("Error contacting LDAP");
            failedLoginException.initCause(e);
            throw failedLoginException;
        }
    }

    private void resolveRolesForDN(DirContext dirContext, String str, String str2, List<String> list) throws NamingException {
        addRoles(dirContext, str, str2, list);
        logger.debug("Roles {} for user {}", list, str2);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            this.groups.add(new RolePrincipal(it.next()));
        }
    }

    private String resolveDN(String str, List<String> list) throws FailedLoginException {
        NamingEnumeration namingEnumeration;
        Attribute attribute;
        String str2 = null;
        logger.debug("Create the LDAP initial context.");
        try {
            openContext();
            if (!isLoginPropertySet(ConfigKey.USER_SEARCH_MATCHING)) {
                return str;
            }
            MessageFormat messageFormat = new MessageFormat(getLDAPPropertyValue(ConfigKey.USER_SEARCH_MATCHING));
            boolean parseBoolean = Boolean.parseBoolean(getLDAPPropertyValue(ConfigKey.USER_SEARCH_SUBTREE));
            boolean parseBoolean2 = Boolean.parseBoolean(getLDAPPropertyValue(ConfigKey.IGNORE_PARTIAL_RESULT_EXCEPTION));
            try {
                String format = messageFormat.format(new String[]{doRFC2254Encoding(str)});
                SearchControls searchControls = new SearchControls();
                if (parseBoolean) {
                    searchControls.setSearchScope(2);
                } else {
                    searchControls.setSearchScope(1);
                }
                ArrayList arrayList = new ArrayList();
                if (isLoginPropertySet(ConfigKey.USER_ROLE_NAME)) {
                    arrayList.add(getLDAPPropertyValue(ConfigKey.USER_ROLE_NAME));
                }
                String[] strArr = new String[arrayList.size()];
                arrayList.toArray(strArr);
                searchControls.setReturningAttributes(strArr);
                if (logger.isDebugEnabled()) {
                    logger.debug("Get the user DN.");
                    logger.debug("Looking for the user in LDAP with ");
                    logger.debug("  base DN: {}", getLDAPPropertyValue(ConfigKey.USER_BASE));
                    logger.debug("  filter: {}", format);
                }
                try {
                    namingEnumeration = (NamingEnumeration) Subject.doAs(this.brokerGssapiIdentity, () -> {
                        return this.context.search(getLDAPPropertyValue(ConfigKey.USER_BASE), format, searchControls);
                    });
                } catch (PrivilegedActionException e) {
                    Exception exception = e.getException();
                    FailedLoginException failedLoginException = new FailedLoginException("Error executing search query to resolve DN");
                    failedLoginException.initCause(exception);
                    throw failedLoginException;
                }
            } catch (NamingException e2) {
                closeContext();
                handleException(e2, "Error contacting LDAP");
            }
            if (namingEnumeration == null || !namingEnumeration.hasMore()) {
                throw new FailedLoginException("User " + str + " not found in LDAP.");
            }
            SearchResult searchResult = (SearchResult) namingEnumeration.next();
            try {
                if (namingEnumeration.hasMore()) {
                }
            } catch (PartialResultException e3) {
                if (!parseBoolean2) {
                    throw e3;
                }
                logger.debug("PartialResultException encountered and ignored", e3);
            }
            if (searchResult.isRelative()) {
                logger.debug("LDAP returned a relative name: {}", searchResult.getName());
                NameParser nameParser = this.context.getNameParser("");
                str2 = nameParser.parse(this.context.getNameInNamespace()).addAll(nameParser.parse(getLDAPPropertyValue(ConfigKey.USER_BASE))).addAll(nameParser.parse(searchResult.getName())).toString();
            } else {
                logger.debug("LDAP returned an absolute name: {}", searchResult.getName());
                try {
                    String path = new URI(searchResult.getName()).getPath();
                    if (path.startsWith("/")) {
                        str2 = path.substring(1);
                    } else {
                        str2 = path;
                    }
                } catch (URISyntaxException e4) {
                    closeContext();
                    FailedLoginException failedLoginException2 = new FailedLoginException("Error parsing absolute name as URI.");
                    failedLoginException2.initCause(e4);
                    throw failedLoginException2;
                }
            }
            logger.debug("Using DN [{}] for binding.", str2);
            Attributes attributes = searchResult.getAttributes();
            if (attributes == null) {
                throw new FailedLoginException("User found, but LDAP entry malformed: " + str);
            }
            if (isLoginPropertySet(ConfigKey.USER_ROLE_NAME) && (attribute = attributes.get(getLDAPPropertyValue(ConfigKey.USER_ROLE_NAME))) != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMore()) {
                    String str3 = (String) all.next();
                    if (this.isRoleAttributeSet) {
                        LdapName ldapName = new LdapName(str3);
                        for (int i = 0; i < ldapName.size(); i++) {
                            Rdn rdn = ldapName.getRdn(i);
                            if (this.roleAttributeName.equals(rdn.getType())) {
                                list.add((String) rdn.getValue());
                            }
                        }
                    } else {
                        list.add(str3);
                    }
                }
            }
            return str2;
        } catch (Exception e5) {
            return handleException(e5, "Error opening LDAP connection");
        }
    }

    private String handleException(Exception exc, String str) throws FailedLoginException {
        FailedLoginException failedLoginException = new FailedLoginException(str);
        if (this.noCacheExceptions.contains(ExceptionUtil.getRootCause(exc).getClass().getName())) {
            failedLoginException.initCause(new NoCacheLoginException());
        } else {
            failedLoginException.initCause(exc);
        }
        throw failedLoginException;
    }

    protected void addRoles(DirContext dirContext, String str, String str2, List<String> list) throws NamingException {
        if (isLoginPropertySet(ConfigKey.ROLE_SEARCH_MATCHING)) {
            MessageFormat messageFormat = new MessageFormat(getLDAPPropertyValue(ConfigKey.ROLE_SEARCH_MATCHING));
            boolean parseBoolean = Boolean.parseBoolean(getLDAPPropertyValue(ConfigKey.ROLE_SEARCH_SUBTREE));
            boolean parseBoolean2 = Boolean.parseBoolean(getLDAPPropertyValue(ConfigKey.EXPAND_ROLES));
            boolean parseBoolean3 = Boolean.parseBoolean(getLDAPPropertyValue(ConfigKey.IGNORE_PARTIAL_RESULT_EXCEPTION));
            String format = messageFormat.format(new String[]{doRFC2254Encoding(str), doRFC2254Encoding(str2)});
            SearchControls searchControls = new SearchControls();
            if (parseBoolean) {
                searchControls.setSearchScope(2);
            } else {
                searchControls.setSearchScope(1);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Get user roles.");
                logger.debug("Looking for the user roles in LDAP with ");
                logger.debug("  base DN: {}", getLDAPPropertyValue(ConfigKey.ROLE_BASE));
                logger.debug("  filter: {}", format);
            }
            HashSet hashSet = new HashSet();
            LinkedList linkedList = new LinkedList();
            try {
                NamingEnumeration namingEnumeration = (NamingEnumeration) Subject.doAs(this.brokerGssapiIdentity, () -> {
                    return dirContext.search(getLDAPPropertyValue(ConfigKey.ROLE_BASE), format, searchControls);
                });
                while (namingEnumeration.hasMore()) {
                    try {
                        SearchResult searchResult = (SearchResult) namingEnumeration.next();
                        if (parseBoolean2) {
                            hashSet.add(searchResult.getNameInNamespace());
                            linkedList.add(searchResult.getNameInNamespace());
                        }
                        addRoleAttribute(searchResult, list);
                    } catch (PartialResultException e) {
                        if (!parseBoolean3) {
                            throw e;
                        }
                        logger.debug("PartialResultException encountered and ignored", e);
                    }
                }
                if (parseBoolean2) {
                    MessageFormat messageFormat2 = new MessageFormat(getLDAPPropertyValue(ConfigKey.EXPAND_ROLES_MATCHING));
                    while (!linkedList.isEmpty()) {
                        String format2 = messageFormat2.format(new String[]{(String) linkedList.remove()});
                        if (logger.isDebugEnabled()) {
                            logger.debug("Get 'expanded' user roles.");
                            logger.debug("Looking for the 'expanded' user roles in LDAP with ");
                            logger.debug("  base DN: {}", getLDAPPropertyValue(ConfigKey.ROLE_BASE));
                            logger.debug("  filter: {}", format2);
                        }
                        try {
                            NamingEnumeration namingEnumeration2 = (NamingEnumeration) Subject.doAs(this.brokerGssapiIdentity, () -> {
                                return dirContext.search(getLDAPPropertyValue(ConfigKey.ROLE_BASE), format2, searchControls);
                            });
                            while (namingEnumeration2.hasMore()) {
                                try {
                                    SearchResult searchResult2 = (SearchResult) namingEnumeration2.next();
                                    String nameInNamespace = searchResult2.getNameInNamespace();
                                    if (!hashSet.contains(nameInNamespace)) {
                                        addRoleAttribute(searchResult2, list);
                                        hashSet.add(nameInNamespace);
                                        linkedList.add(nameInNamespace);
                                    }
                                } catch (PartialResultException e2) {
                                    if (!parseBoolean3) {
                                        throw e2;
                                    }
                                    logger.debug("PartialResultException encountered and ignored", e2);
                                }
                            }
                        } catch (PrivilegedActionException e3) {
                            Exception exception = e3.getException();
                            NamingException namingException = new NamingException("Error executing search query to expand roles");
                            namingException.initCause(exception);
                            throw namingException;
                        }
                    }
                }
            } catch (PrivilegedActionException e4) {
                Exception exception2 = e4.getException();
                NamingException namingException2 = new NamingException("Error executing search query to resolve roles");
                namingException2.initCause(exception2);
                throw namingException2;
            }
        }
    }

    protected String doRFC2254Encoding(String str) {
        StringBuilder sb = new StringBuilder(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case JournalRecordIds.PAGE_CURSOR_COUNTER_VALUE /* 40 */:
                    sb.append("\\28");
                    break;
                case JournalRecordIds.PAGE_CURSOR_COUNTER_INC /* 41 */:
                    sb.append("\\29");
                    break;
                case JournalRecordIds.PAGE_CURSOR_COMPLETE /* 42 */:
                    sb.append("\\2a");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    protected boolean bindUser(DirContext dirContext, String str, String str2) throws NamingException {
        boolean z;
        logger.debug("Binding the user.");
        dirContext.addToEnvironment("java.naming.security.authentication", "simple");
        dirContext.addToEnvironment("java.naming.security.principal", str);
        dirContext.addToEnvironment("java.naming.security.credentials", str2);
        try {
            String replace = str.replace(getLDAPPropertyValue(ConfigKey.CONNECTION_URL).replaceFirst(".*/", ","), "");
            logger.debug("Get user Attributes with dn {}", replace);
            dirContext.getAttributes(replace, (String[]) null);
            z = true;
            logger.debug("User {} successfully bound.", str);
        } catch (AuthenticationException e) {
            z = false;
            logger.debug("Authentication failed for dn={}", str);
        }
        if (isLoginPropertySet(ConfigKey.CONNECTION_USERNAME)) {
            dirContext.addToEnvironment("java.naming.security.principal", getLDAPPropertyValue(ConfigKey.CONNECTION_USERNAME));
        } else {
            dirContext.removeFromEnvironment("java.naming.security.principal");
        }
        if (isLoginPropertySet(ConfigKey.CONNECTION_PASSWORD)) {
            dirContext.addToEnvironment("java.naming.security.credentials", getPlainPassword(getLDAPPropertyValue(ConfigKey.CONNECTION_PASSWORD)));
        } else {
            dirContext.removeFromEnvironment("java.naming.security.credentials");
        }
        dirContext.addToEnvironment("java.naming.security.authentication", getLDAPPropertyValue(ConfigKey.AUTHENTICATION));
        return z;
    }

    private void addRoleAttribute(SearchResult searchResult, List<String> list) throws NamingException {
        if (!this.isRoleAttributeSet) {
            list.add(searchResult.getNameInNamespace());
            return;
        }
        Attribute attribute = searchResult.getAttributes().get(this.roleAttributeName);
        if (attribute != null) {
            list.add((String) attribute.get());
        }
    }

    protected void openContext() throws Exception {
        if (this.context == null) {
            try {
                Hashtable<String, String> hashtable = new Hashtable<>();
                hashtable.put("java.naming.factory.initial", getLDAPPropertyValue(ConfigKey.INITIAL_CONTEXT_FACTORY));
                hashtable.put("java.naming.security.protocol", getLDAPPropertyValue(ConfigKey.CONNECTION_PROTOCOL));
                hashtable.put("java.naming.provider.url", getLDAPPropertyValue(ConfigKey.CONNECTION_URL));
                hashtable.put("java.naming.security.authentication", getLDAPPropertyValue(ConfigKey.AUTHENTICATION));
                if (isLoginPropertySet(ConfigKey.CONNECTION_POOL)) {
                    hashtable.put("com.sun.jndi.ldap.connect.pool", getLDAPPropertyValue(ConfigKey.CONNECTION_POOL));
                }
                if (isLoginPropertySet(ConfigKey.CONNECTION_TIMEOUT)) {
                    hashtable.put("com.sun.jndi.ldap.connect.timeout", getLDAPPropertyValue(ConfigKey.CONNECTION_TIMEOUT));
                }
                if (isLoginPropertySet(ConfigKey.READ_TIMEOUT)) {
                    hashtable.put("com.sun.jndi.ldap.read.timeout", getLDAPPropertyValue(ConfigKey.READ_TIMEOUT));
                }
                String lDAPPropertyValue = getLDAPPropertyValue(ConfigKey.REFERRAL) != null ? getLDAPPropertyValue(ConfigKey.REFERRAL) : "ignore";
                hashtable.put("java.naming.referral", lDAPPropertyValue);
                logger.debug("Referral handling: {}", lDAPPropertyValue);
                if ("GSSAPI".equalsIgnoreCase(getLDAPPropertyValue(ConfigKey.AUTHENTICATION))) {
                    String lDAPPropertyValue2 = isLoginPropertySet(ConfigKey.SASL_LOGIN_CONFIG_SCOPE) ? getLDAPPropertyValue(ConfigKey.SASL_LOGIN_CONFIG_SCOPE) : "broker-sasl-gssapi";
                    try {
                        LoginContext loginContext = new LoginContext(lDAPPropertyValue2);
                        loginContext.login();
                        this.brokerGssapiIdentity = loginContext.getSubject();
                    } catch (LoginException e) {
                        e.printStackTrace();
                        FailedLoginException failedLoginException = new FailedLoginException("Error contacting LDAP using GSSAPI in JAAS loginConfigScope: " + lDAPPropertyValue2);
                        failedLoginException.initCause(e);
                        throw failedLoginException;
                    }
                } else {
                    if (!isLoginPropertySet(ConfigKey.CONNECTION_USERNAME)) {
                        throw new NamingException("Empty username is not allowed");
                    }
                    hashtable.put("java.naming.security.principal", getLDAPPropertyValue(ConfigKey.CONNECTION_USERNAME));
                    if (!isLoginPropertySet(ConfigKey.CONNECTION_PASSWORD)) {
                        throw new NamingException("Empty password is not allowed");
                    }
                    hashtable.put("java.naming.security.credentials", getPlainPassword(getLDAPPropertyValue(ConfigKey.CONNECTION_PASSWORD)));
                }
                extendInitialEnvironment(this.config, hashtable);
                try {
                    this.context = (DirContext) Subject.doAs(this.brokerGssapiIdentity, () -> {
                        return new InitialDirContext(hashtable);
                    });
                } catch (PrivilegedActionException e2) {
                    throw e2.getException();
                }
            } catch (NamingException e3) {
                closeContext();
                ActiveMQServerLogger.LOGGER.failedToOpenContext(e3);
                throw e3;
            }
        }
    }

    protected void extendInitialEnvironment(Set<LDAPLoginProperty> set, Hashtable<String, String> hashtable) {
        for (LDAPLoginProperty lDAPLoginProperty : set) {
            String propertyName = lDAPLoginProperty.getPropertyName();
            if (hashtable.get(propertyName) == null && !ConfigKey.contains(propertyName)) {
                hashtable.put(propertyName, lDAPLoginProperty.getPropertyValue());
            }
        }
    }

    private String getLDAPPropertyValue(ConfigKey configKey) {
        for (LDAPLoginProperty lDAPLoginProperty : this.config) {
            if (lDAPLoginProperty.getPropertyName().equals(configKey.getName())) {
                return lDAPLoginProperty.getPropertyValue();
            }
        }
        return null;
    }

    private boolean isLoginPropertySet(ConfigKey configKey) {
        for (LDAPLoginProperty lDAPLoginProperty : this.config) {
            if (lDAPLoginProperty.getPropertyName().equals(configKey.getName()) && lDAPLoginProperty.getPropertyValue() != null && !"".equals(lDAPLoginProperty.getPropertyValue())) {
                return true;
            }
        }
        return false;
    }
}
