package org.jboss.as.remoting;

import io.undertow.server.ListenerRegistry;
import io.undertow.server.handlers.ChannelUpgradeHandler;
import java.io.IOException;
import java.util.function.Consumer;
import java.util.function.Supplier;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.network.SocketBinding;
import org.jboss.as.remoting.logging.RemotingLogger;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.remoting3.Endpoint;
import org.jboss.remoting3.UnknownURISchemeException;
import org.jboss.remoting3.spi.ExternalConnectionProvider;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.SaslAuthenticationFactory;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.permission.PermissionUtil;
import org.wildfly.security.permission.PermissionVerifier;
import org.wildfly.security.sasl.anonymous.AnonymousServerFactory;
import org.xnio.ChannelListener;
import org.xnio.OptionMap;
import org.xnio.StreamConnection;

/* loaded from: input_file:org/jboss/as/remoting/RemotingHttpUpgradeService.class */
public class RemotingHttpUpgradeService implements Service {
    public static final String JBOSS_REMOTING = "jboss-remoting";
    private static final String[] ADDITIONAL_PERMISSION;
    public static final String MAGIC_NUMBER = "CF70DEB8-70F9-4FBA-8B4F-DFC3E723B4CD";
    public static final String SEC_JBOSS_REMOTING_KEY = "Sec-JbossRemoting-Key";
    public static final String SEC_JBOSS_REMOTING_ACCEPT = "Sec-JbossRemoting-Accept";
    public static final ServiceName HTTP_UPGRADE_REGISTRY;
    public static final ServiceName UPGRADE_SERVICE_NAME;
    private final String httpConnectorName;
    private final String endpointName;
    private final Consumer<RemotingHttpUpgradeService> serviceConsumer;
    private final Supplier<ChannelUpgradeHandler> upgradeRegistrySupplier;
    private final Supplier<ListenerRegistry> listenerRegistrySupplier;
    private final Supplier<Endpoint> endpointSupplier;
    private final Supplier<SaslAuthenticationFactory> saslAuthenticationFactorySupplier;
    private final OptionMap connectorPropertiesOptionMap;
    private ListenerRegistry.HttpUpgradeMetadata httpUpgradeMetadata;
    static final /* synthetic */ boolean $assertionsDisabled;

    public RemotingHttpUpgradeService(Consumer<RemotingHttpUpgradeService> consumer, Supplier<ChannelUpgradeHandler> supplier, Supplier<ListenerRegistry> supplier2, Supplier<Endpoint> supplier3, Supplier<SaslAuthenticationFactory> supplier4, String str, String str2, OptionMap optionMap) {
        this.serviceConsumer = consumer;
        this.upgradeRegistrySupplier = supplier;
        this.listenerRegistrySupplier = supplier2;
        this.endpointSupplier = supplier3;
        this.saslAuthenticationFactorySupplier = supplier4;
        this.httpConnectorName = str;
        this.endpointName = str2;
        this.connectorPropertiesOptionMap = optionMap;
    }

    public static void installServices(OperationContext operationContext, String str, String str2, ServiceName serviceName, OptionMap optionMap, String str3) {
        ServiceTarget serviceTarget = operationContext.getServiceTarget();
        ServiceName append = UPGRADE_SERVICE_NAME.append(new String[]{str});
        ServiceBuilder addService = serviceTarget.addService(append);
        addService.setInstance(new RemotingHttpUpgradeService(addService.provides(new ServiceName[]{append}), addService.requires(HTTP_UPGRADE_REGISTRY.append(new String[]{str2})), addService.requires(RemotingServices.HTTP_LISTENER_REGISTRY), addService.requires(serviceName), str3 != null ? addService.requires(operationContext.getCapabilityServiceName("org.wildfly.security.sasl-authentication-factory", str3, SaslAuthenticationFactory.class)) : null, str2, serviceName.getSimpleName(), optionMap));
        addService.setInitialMode(ServiceController.Mode.ACTIVE);
        addService.install();
    }

    public synchronized void start(StartContext startContext) throws StartException {
        Endpoint endpoint = this.endpointSupplier.get();
        OptionMap.Builder builder = OptionMap.builder();
        ListenerRegistry.Listener listener = this.listenerRegistrySupplier.get().getListener(this.httpConnectorName);
        if (!$assertionsDisabled && listener == null) {
            throw new AssertionError();
        }
        ListenerRegistry.HttpUpgradeMetadata httpUpgradeMetadata = new ListenerRegistry.HttpUpgradeMetadata(JBOSS_REMOTING, this.endpointName);
        this.httpUpgradeMetadata = httpUpgradeMetadata;
        listener.addHttpUpgradeMetadata(httpUpgradeMetadata);
        RemotingConnectorBindingInfoService.install(startContext.getChildTarget(), startContext.getController().getName().getSimpleName(), (SocketBinding) listener.getContextInformation(CommonAttributes.SOCKET_BINDING), listener.getProtocol().equals("https") ? Protocol.REMOTE_HTTPS : Protocol.REMOTE_HTTP);
        if (this.connectorPropertiesOptionMap != null) {
            builder.addAll(this.connectorPropertiesOptionMap);
        }
        OptionMap map = builder.getMap();
        try {
            ExternalConnectionProvider externalConnectionProvider = (ExternalConnectionProvider) endpoint.getConnectionProviderInterface(Protocol.HTTP_REMOTING.toString(), ExternalConnectionProvider.class);
            SaslAuthenticationFactory saslAuthenticationFactory = this.saslAuthenticationFactorySupplier != null ? this.saslAuthenticationFactorySupplier.get() : null;
            if (saslAuthenticationFactory == null) {
                RemotingLogger.ROOT_LOGGER.warn("****** All authentication is ANONYMOUS for " + getClass().getName());
                SecurityDomain.Builder builder2 = SecurityDomain.builder();
                builder2.addRealm("default", SecurityRealm.EMPTY_REALM).build();
                builder2.setDefaultRealmName("default");
                builder2.setPermissionMapper((permissionMappable, roles) -> {
                    return createPermissionVerifier();
                });
                SaslAuthenticationFactory.Builder builder3 = SaslAuthenticationFactory.builder();
                builder3.setSecurityDomain(builder2.build());
                builder3.setFactory(new AnonymousServerFactory());
                builder3.setMechanismConfigurationSelector(mechanismInformation -> {
                    return MechanismConfiguration.EMPTY;
                });
                saslAuthenticationFactory = builder3.build();
            }
            final Consumer createConnectionAdaptor = externalConnectionProvider.createConnectionAdaptor(map, saslAuthenticationFactory);
            this.upgradeRegistrySupplier.get().addProtocol(JBOSS_REMOTING, new ChannelListener<StreamConnection>() { // from class: org.jboss.as.remoting.RemotingHttpUpgradeService.1
                public void handleEvent(StreamConnection streamConnection) {
                    createConnectionAdaptor.accept(streamConnection);
                }
            }, new SimpleHttpUpgradeHandshake(MAGIC_NUMBER, SEC_JBOSS_REMOTING_KEY, SEC_JBOSS_REMOTING_ACCEPT));
            this.serviceConsumer.accept(this);
        } catch (IOException e) {
            throw new StartException(e);
        } catch (UnknownURISchemeException e2) {
            throw new StartException(e2);
        }
    }

    public synchronized void stop(StopContext stopContext) {
        this.serviceConsumer.accept(null);
        this.listenerRegistrySupplier.get().getListener(this.httpConnectorName).removeHttpUpgradeMetadata(this.httpUpgradeMetadata);
        this.httpUpgradeMetadata = null;
        this.upgradeRegistrySupplier.get().removeProtocol(JBOSS_REMOTING);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PermissionVerifier createPermissionVerifier() {
        PermissionVerifier loginPermission = LoginPermission.getInstance();
        for (String str : ADDITIONAL_PERMISSION) {
            try {
                loginPermission = loginPermission.or(PermissionVerifier.from(PermissionUtil.createPermission(RemotingHttpUpgradeService.class.getClassLoader(), str, (String) null, (String) null)));
            } catch (Exception e) {
                RemotingLogger.ROOT_LOGGER.tracef(e, "Unable to create permission '%s'", str);
            }
        }
        return loginPermission;
    }

    static {
        $assertionsDisabled = !RemotingHttpUpgradeService.class.desiredAssertionStatus();
        ADDITIONAL_PERMISSION = new String[]{"org.wildfly.transaction.client.RemoteTransactionPermission", "org.jboss.ejb.client.RemoteEJBPermission"};
        HTTP_UPGRADE_REGISTRY = ServiceName.JBOSS.append(new String[]{"http-upgrade-registry"});
        UPGRADE_SERVICE_NAME = ServiceName.JBOSS.append(new String[]{RemotingExtension.SUBSYSTEM_NAME, "remoting-http-upgrade-service"});
    }
}
