package org.jivesoftware.openfire.session;

import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.httpclient.cookie.Cookie2;
import org.dom4j.Element;
import org.dom4j.io.XMPPPacketReader;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.net.MXParser;
import org.jivesoftware.openfire.net.SASLAuthentication;
import org.jivesoftware.openfire.net.SSLConfig;
import org.jivesoftware.openfire.net.SocketConnection;
import org.jivesoftware.openfire.server.ServerDialback;
import org.jivesoftware.util.CertificateManager;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.Log;
import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.JID;
import org.xmpp.packet.Packet;

/* loaded from: input_file:org/jivesoftware/openfire/session/LocalIncomingServerSession.class */
public class LocalIncomingServerSession extends LocalSession implements IncomingServerSession {
    private Set<String> validatedDomains;
    private String localDomain;

    public static LocalIncomingServerSession createSession(String str, XMPPPacketReader xMPPPacketReader, SocketConnection socketConnection) throws XmlPullParserException, IOException {
        MXParser xPPParser = xMPPPacketReader.getXPPParser();
        String attributeValue = xPPParser.getAttributeValue("", Cookie2.VERSION);
        if ((attributeValue != null ? decodeVersion(attributeValue) : new int[]{0, 0})[0] >= 1) {
            try {
                return createIncomingSession(socketConnection, str);
            } catch (Exception e) {
                Log.error("Error establishing connection from remote server", e);
            }
        } else if (xPPParser.getNamespace("db") != null) {
            if (ServerDialback.isEnabled()) {
                return new ServerDialback(socketConnection, str).createIncomingSession(xMPPPacketReader);
            }
            Log.debug("LocalIncomingServerSession: Server dialback is disabled. Rejecting connection: " + socketConnection);
        }
        socketConnection.close();
        return null;
    }

    private static LocalIncomingServerSession createIncomingSession(SocketConnection socketConnection, String str) throws UnauthorizedException {
        StreamID nextStreamID = SessionManager.getInstance().nextStreamID();
        LocalIncomingServerSession createIncomingServerSession = SessionManager.getInstance().createIncomingServerSession(socketConnection, nextStreamID);
        StringBuilder sb = new StringBuilder();
        sb.append("<stream:stream");
        sb.append(" xmlns:db=\"jabber:server:dialback\"");
        sb.append(" xmlns:stream=\"http://etherx.jabber.org/streams\"");
        sb.append(" xmlns=\"jabber:server\"");
        sb.append(" from=\"").append(str).append("\"");
        sb.append(" id=\"").append(nextStreamID).append("\"");
        sb.append(" version=\"1.0\">");
        socketConnection.deliverRawText(sb.toString());
        Connection.TLSPolicy tLSPolicy = ServerDialback.isEnabled() ? Connection.TLSPolicy.optional : Connection.TLSPolicy.required;
        boolean z = false;
        try {
            z = SSLConfig.getKeyStore().size() > 0;
        } catch (Exception e) {
            Log.error(e);
        }
        if (Connection.TLSPolicy.required == tLSPolicy && !z) {
            Log.error("Server session rejected. TLS is required but no certificates were created.");
            return null;
        }
        socketConnection.setTlsPolicy(z ? tLSPolicy : Connection.TLSPolicy.disabled);
        socketConnection.setCompressionPolicy(Connection.CompressionPolicy.valueOf(JiveGlobals.getProperty("xmpp.server.compression.policy", Connection.CompressionPolicy.disabled.toString())));
        StringBuilder sb2 = new StringBuilder();
        sb2.append("<stream:features>");
        if (JiveGlobals.getBooleanProperty("xmpp.server.tls.enabled", true)) {
            sb2.append("<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\">");
            if (!ServerDialback.isEnabled()) {
                sb2.append("<required/>");
            }
            sb2.append("</starttls>");
        }
        if (ServerDialback.isEnabled()) {
            sb2.append("<dialback xmlns=\"urn:xmpp:features:dialback\"/>");
        }
        sb2.append(SASLAuthentication.getSASLMechanisms(createIncomingServerSession));
        sb2.append("</stream:features>");
        socketConnection.deliverRawText(sb2.toString());
        createIncomingServerSession.setLocalDomain(str);
        return createIncomingServerSession;
    }

    public LocalIncomingServerSession(String str, Connection connection, StreamID streamID) {
        super(str, connection, streamID);
        this.validatedDomains = new HashSet();
        this.localDomain = null;
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    boolean canProcess(Packet packet) {
        return true;
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    void deliver(Packet packet) throws UnauthorizedException {
    }

    public boolean validateSubsequentDomain(Element element) {
        if (!new ServerDialback(getConnection(), getServerName()).validateRemoteDomain(element, getStreamID())) {
            return false;
        }
        addValidatedDomain(element.attributeValue("from"));
        return true;
    }

    public boolean isValidDomain(String str) {
        Iterator<String> it = getValidatedDomains().iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jivesoftware.openfire.session.IncomingServerSession
    public Collection<String> getValidatedDomains() {
        return Collections.unmodifiableCollection(this.validatedDomains);
    }

    public void addValidatedDomain(String str) {
        if (this.validatedDomains.add(str)) {
            if (this.validatedDomains.size() < 2) {
                setAddress(new JID(null, str, null));
            }
            SessionManager.getInstance().registerIncomingServerSession(str, this);
        }
    }

    public void removeValidatedDomain(String str) {
        this.validatedDomains.remove(str);
        SessionManager.getInstance().unregisterIncomingServerSession(str, this);
    }

    @Override // org.jivesoftware.openfire.session.IncomingServerSession
    public String getLocalDomain() {
        return this.localDomain;
    }

    public void setLocalDomain(String str) {
        this.localDomain = str;
    }

    public void verifyReceivedKey(Element element) {
        ServerDialback.verifyReceivedKey(element, getConnection());
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    public String getAvailableStreamFeatures() {
        StringBuilder sb = new StringBuilder();
        if (this.conn.getCompressionPolicy() != Connection.CompressionPolicy.disabled && !this.conn.isCompressed()) {
            sb.append("<compression xmlns=\"http://jabber.org/features/compress\"><method>zlib</method></compression>");
        }
        boolean z = false;
        for (Certificate certificate : this.conn.getLocalCertificates()) {
            try {
                if (CertificateManager.isSelfSignedCertificate(SSLConfig.getKeyStore(), (X509Certificate) certificate)) {
                    z = true;
                }
            } catch (Exception e) {
            }
        }
        if (z && ServerDialback.isEnabledForSelfSigned() && this.validatedDomains.isEmpty()) {
            sb.append("<dialback xmlns=\"urn:xmpp:features:dialback\"/>");
        }
        return sb.toString();
    }
}
