package org.jboss.remoting3.remote;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.BufferOverflowException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.remoting3.security.AuthorizingCallbackHandler;
import org.jboss.remoting3.security.InetAddressPrincipal;
import org.jboss.remoting3.security.ServerAuthenticationProvider;
import org.jboss.remoting3.security.UserInfo;
import org.jboss.remoting3.security.UserPrincipal;
import org.jboss.remoting3.spi.ConnectionHandler;
import org.jboss.remoting3.spi.ConnectionHandlerContext;
import org.jboss.remoting3.spi.ConnectionHandlerFactory;
import org.jboss.remoting3.spi.ConnectionProviderContext;
import org.xnio.Buffers;
import org.xnio.ChannelListener;
import org.xnio.OptionMap;
import org.xnio.Pooled;
import org.xnio.channels.ConnectedMessageChannel;
import org.xnio.channels.SslChannel;
import org.xnio.sasl.SaslUtils;
import org.xnio.sasl.SaslWrapper;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/jboss-remoting-3.2.2.GA.jar:org/jboss/remoting3/remote/ServerConnectionOpenListener.class */
public final class ServerConnectionOpenListener implements ChannelListener<ConnectedMessageChannel> {
    private final RemoteConnection connection;
    private final ConnectionProviderContext connectionProviderContext;
    private final ServerAuthenticationProvider serverAuthenticationProvider;
    private final OptionMap optionMap;
    private final AccessControlContext accessControlContext;
    private final AtomicInteger retryCount = new AtomicInteger(8);
    private final String serverName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/jboss-remoting-3.2.2.GA.jar:org/jboss/remoting3/remote/ServerConnectionOpenListener$AuthStepRunnable.class */
    public final class AuthStepRunnable implements Runnable {
        private final boolean isInitial;
        private final SaslServer saslServer;
        private final AuthorizingCallbackHandler authorizingCallbackHandler;
        private final ByteBuffer buffer;
        private final String remoteEndpointName;

        AuthStepRunnable(boolean z, SaslServer saslServer, AuthorizingCallbackHandler authorizingCallbackHandler, ByteBuffer byteBuffer, String str) {
            this.isInitial = z;
            this.saslServer = saslServer;
            this.authorizingCallbackHandler = authorizingCallbackHandler;
            this.buffer = byteBuffer;
            this.remoteEndpointName = str;
        }

        @Override // java.lang.Runnable
        public void run() {
            boolean z = false;
            boolean z2 = false;
            Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
            try {
                ByteBuffer resource = allocate.getResource();
                int position = resource.position();
                try {
                    resource.put((byte) 5);
                    if (SaslUtils.evaluateResponse(this.saslServer, resource, this.buffer)) {
                        RemoteLogger.server.tracef("Server sending authentication complete", new Object[0]);
                        final Collection<Principal> createPrincipals = createPrincipals();
                        final UserInfo createUserInfo = this.authorizingCallbackHandler.createUserInfo(createPrincipals);
                        ServerConnectionOpenListener.this.connectionProviderContext.accept(new ConnectionHandlerFactory() { // from class: org.jboss.remoting3.remote.ServerConnectionOpenListener.AuthStepRunnable.1
                            @Override // org.jboss.remoting3.spi.ConnectionHandlerFactory
                            public ConnectionHandler createInstance(ConnectionHandlerContext connectionHandlerContext) {
                                Object negotiatedProperty = AuthStepRunnable.this.saslServer.getNegotiatedProperty("javax.security.sasl.qop");
                                if (!AuthStepRunnable.this.isInitial && ("auth-int".equals(negotiatedProperty) || "auth-conf".equals(negotiatedProperty))) {
                                    ServerConnectionOpenListener.this.connection.setSaslWrapper(SaslWrapper.create(AuthStepRunnable.this.saslServer));
                                }
                                RemoteConnectionHandler remoteConnectionHandler = new RemoteConnectionHandler(connectionHandlerContext, ServerConnectionOpenListener.this.connection, createPrincipals, createUserInfo, AuthStepRunnable.this.remoteEndpointName);
                                ServerConnectionOpenListener.this.connection.setReadListener(new RemoteReadListener(remoteConnectionHandler, ServerConnectionOpenListener.this.connection), false);
                                return remoteConnectionHandler;
                            }
                        });
                    } else {
                        RemoteLogger.server.tracef("Server sending authentication challenge", new Object[0]);
                        resource.put(position, (byte) 3);
                        if (this.isInitial) {
                            ServerConnectionOpenListener.this.connection.setReadListener(new Authentication(this.saslServer, this.authorizingCallbackHandler, this.remoteEndpointName), false);
                        }
                    }
                } catch (Throwable th) {
                    RemoteLogger.server.tracef("Server sending authentication rejected (%s)", th);
                    resource.put(position, (byte) 6);
                    if (!this.isInitial) {
                        ServerConnectionOpenListener.this.connection.setReadListener(new Initial(), false);
                    } else if (ServerConnectionOpenListener.this.retryCount.decrementAndGet() <= 0) {
                        z2 = true;
                    }
                }
                resource.flip();
                ServerConnectionOpenListener.this.connection.send(allocate, z2);
                ServerConnectionOpenListener.this.connection.getChannel().resumeReads();
                z = true;
                if (1 == 0) {
                    allocate.free();
                }
            } catch (Throwable th2) {
                if (!z) {
                    allocate.free();
                }
                throw th2;
            }
        }

        private Collection<Principal> createPrincipals() {
            SSLSession sslSession;
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            SslChannel sslChannel = ServerConnectionOpenListener.this.connection.getSslChannel();
            if (sslChannel != null && (sslSession = sslChannel.getSslSession()) != null) {
                try {
                    linkedHashSet.add(sslSession.getPeerPrincipal());
                } catch (SSLPeerUnverifiedException e) {
                }
            }
            String authorizationID = this.saslServer.getAuthorizationID();
            if (authorizationID != null) {
                linkedHashSet.add(new UserPrincipal(authorizationID));
            }
            InetSocketAddress inetSocketAddress = (InetSocketAddress) ServerConnectionOpenListener.this.connection.getChannel().getPeerAddress(InetSocketAddress.class);
            if (inetSocketAddress != null) {
                linkedHashSet.add(new InetAddressPrincipal(inetSocketAddress.getAddress()));
            }
            return Collections.unmodifiableCollection(linkedHashSet);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jboss-remoting-3.2.2.GA.jar:org/jboss/remoting3/remote/ServerConnectionOpenListener$Authentication.class */
    final class Authentication implements ChannelListener<ConnectedMessageChannel> {
        private final SaslServer saslServer;
        private final AuthorizingCallbackHandler authorizingCallbackHandler;
        private final String remoteEndpointName;

        Authentication(SaslServer saslServer, AuthorizingCallbackHandler authorizingCallbackHandler, String str) {
            this.saslServer = saslServer;
            this.authorizingCallbackHandler = authorizingCallbackHandler;
            this.remoteEndpointName = str;
        }

        @Override // org.xnio.ChannelListener
        public void handleEvent(ConnectedMessageChannel connectedMessageChannel) {
            Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
            try {
                try {
                    try {
                        ByteBuffer resource = allocate.getResource();
                        try {
                            int receive = connectedMessageChannel.receive(resource);
                            if (receive == -1) {
                                RemoteLogger.log.trace("Received connection end-of-stream");
                                ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                                allocate.free();
                                return;
                            }
                            if (receive == 0) {
                                allocate.free();
                                return;
                            }
                            RemoteLogger.server.tracef("Received %s", resource);
                            resource.flip();
                            byte b = resource.get();
                            switch (b) {
                                case -1:
                                    RemoteLogger.server.trace("Server received connection close request");
                                    ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                                    allocate.free();
                                    return;
                                case 1:
                                    RemoteLogger.server.trace("Server received capabilities request (cancelling authentication)");
                                    Initial initial = new Initial();
                                    ServerConnectionOpenListener.this.connection.setReadListener(initial, true);
                                    initial.sendCapabilities();
                                    allocate.free();
                                    return;
                                case 4:
                                    RemoteLogger.server.tracef("Server received authentication response", new Object[0]);
                                    ServerConnectionOpenListener.this.connection.getChannel().suspendReads();
                                    ServerConnectionOpenListener.this.connection.getExecutor().execute(new AuthStepRunnable(false, this.saslServer, this.authorizingCallbackHandler, resource, this.remoteEndpointName));
                                    allocate.free();
                                    return;
                                default:
                                    RemoteLogger.server.unknownProtocolId(b);
                                    ServerConnectionOpenListener.this.connection.handleException(RemoteLogger.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                                    allocate.free();
                                    return;
                            }
                        } catch (IOException e) {
                            ServerConnectionOpenListener.this.connection.handleException(e);
                            allocate.free();
                        }
                    } catch (BufferOverflowException e2) {
                        ServerConnectionOpenListener.this.connection.handleException(RemoteLogger.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                        allocate.free();
                    }
                } catch (BufferUnderflowException e3) {
                    ServerConnectionOpenListener.this.connection.handleException(RemoteLogger.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                    allocate.free();
                }
            } catch (Throwable th) {
                allocate.free();
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/jboss-remoting-3.2.2.GA.jar:org/jboss/remoting3/remote/ServerConnectionOpenListener$Initial.class */
    public final class Initial implements ChannelListener<ConnectedMessageChannel> {
        private boolean starttls;
        private Map<String, ?> propertyMap;
        private Map<String, SaslServerFactory> allowedMechanisms;
        private int version = 1;
        private String remoteEndpointName;

        Initial() {
        }

        /* JADX WARN: Code restructure failed: missing block: B:74:0x00ac, code lost:
        
            if (r12.contains(org.milyn.db.TransactionManagerType.EXTERNAL_STRING) != false) goto L21;
         */
        /* JADX WARN: Removed duplicated region for block: B:29:0x0122  */
        /* JADX WARN: Removed duplicated region for block: B:53:0x01db  */
        /* JADX WARN: Removed duplicated region for block: B:56:0x01e4  */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        void initialiseCapabilities() {
            /*
                Method dump skipped, instructions count: 565
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.jboss.remoting3.remote.ServerConnectionOpenListener.Initial.initialiseCapabilities():void");
        }

        /* JADX WARN: Finally extract failed */
        @Override // org.xnio.ChannelListener
        public void handleEvent(ConnectedMessageChannel connectedMessageChannel) {
            Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
            try {
                try {
                    ByteBuffer resource = allocate.getResource();
                    try {
                        int receive = connectedMessageChannel.receive(resource);
                        if (receive == 0) {
                            allocate.free();
                            return;
                        }
                        if (receive == -1) {
                            RemoteLogger.log.trace("Received connection end-of-stream");
                            ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                            allocate.free();
                            return;
                        }
                        resource.flip();
                        byte b = resource.get();
                        switch (b) {
                            case -16:
                                RemoteLogger.server.trace("Server received connection alive");
                                ServerConnectionOpenListener.this.connection.sendAliveResponse();
                                allocate.free();
                                return;
                            case -15:
                                RemoteLogger.server.trace("Server received connection alive ack");
                                allocate.free();
                                return;
                            case -1:
                                RemoteLogger.server.trace("Server received connection close request");
                                ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                                allocate.free();
                                return;
                            case 1:
                                RemoteLogger.server.trace("Server received capabilities request");
                                while (resource.hasRemaining()) {
                                    byte b2 = resource.get();
                                    ByteBuffer slice = Buffers.slice(resource, resource.get() & 255);
                                    switch (b2) {
                                        case 0:
                                            byte b3 = slice.get();
                                            RemoteLogger.server.tracef("Server received capability: version %d", Integer.valueOf(b3 & 255));
                                            this.version = Math.min(1, b3 & 255);
                                            break;
                                        case 3:
                                            this.remoteEndpointName = Buffers.getModifiedUtf8(slice);
                                            RemoteLogger.server.tracef("Server received capability: remote endpoint name \"%s\"", this.remoteEndpointName);
                                            break;
                                        default:
                                            RemoteLogger.server.tracef("Server received unknown capability %02x", Integer.valueOf(b2 & 255));
                                            break;
                                    }
                                }
                                sendCapabilities();
                                allocate.free();
                                return;
                            case 2:
                                RemoteLogger.server.tracef("Server received authentication request", new Object[0]);
                                if (ServerConnectionOpenListener.this.retryCount.decrementAndGet() < 1) {
                                    ServerConnectionOpenListener.this.connection.handleException(new SaslException("Too many authentication failures; connection terminated"), false);
                                    allocate.free();
                                    return;
                                }
                                String modifiedUtf8 = this.version < 1 ? Buffers.getModifiedUtf8(resource) : ProtocolUtils.readString(resource);
                                final SaslServerFactory saslServerFactory = this.allowedMechanisms.get(modifiedUtf8);
                                final AuthorizingCallbackHandler callbackHandler = ServerConnectionOpenListener.this.serverAuthenticationProvider.getCallbackHandler(modifiedUtf8);
                                if (saslServerFactory == null || callbackHandler == null) {
                                    RemoteAuthLogger.authLog.rejectedInvalidMechanism(modifiedUtf8);
                                    Pooled<ByteBuffer> allocate2 = ServerConnectionOpenListener.this.connection.allocate();
                                    ByteBuffer resource2 = allocate2.getResource();
                                    resource2.put((byte) 6);
                                    resource2.flip();
                                    ServerConnectionOpenListener.this.connection.send(allocate2);
                                    allocate.free();
                                    return;
                                }
                                final String str = modifiedUtf8;
                                SaslServer saslServer = (SaslServer) AccessController.doPrivileged(new PrivilegedAction<SaslServer>() { // from class: org.jboss.remoting3.remote.ServerConnectionOpenListener.Initial.1
                                    /* JADX WARN: Can't rename method to resolve collision */
                                    @Override // java.security.PrivilegedAction
                                    public SaslServer run() {
                                        try {
                                            return saslServerFactory.createSaslServer(str, ModelDescriptionConstants.REMOTE, ServerConnectionOpenListener.this.serverName, Initial.this.propertyMap, callbackHandler);
                                        } catch (SaslException e) {
                                            ServerConnectionOpenListener.this.connection.handleException(e);
                                            return null;
                                        }
                                    }
                                }, ServerConnectionOpenListener.this.accessControlContext);
                                if (saslServer == null) {
                                    allocate.free();
                                    return;
                                }
                                ServerConnectionOpenListener.this.connection.getChannel().suspendReads();
                                ServerConnectionOpenListener.this.connection.getExecutor().execute(new AuthStepRunnable(true, saslServer, callbackHandler, resource, this.remoteEndpointName));
                                allocate.free();
                                return;
                            case 7:
                                RemoteLogger.server.tracef("Server received STARTTLS request", new Object[0]);
                                Pooled<ByteBuffer> allocate3 = ServerConnectionOpenListener.this.connection.allocate();
                                boolean z = false;
                                try {
                                    ByteBuffer resource3 = allocate3.getResource();
                                    resource3.put(this.starttls ? (byte) 7 : (byte) 8);
                                    resource3.flip();
                                    ServerConnectionOpenListener.this.connection.send(allocate3);
                                    if (this.starttls) {
                                        try {
                                            ServerConnectionOpenListener.this.connection.getSslChannel().startHandshake();
                                        } catch (IOException e) {
                                            ServerConnectionOpenListener.this.connection.handleException(e);
                                        }
                                    }
                                    z = true;
                                    ServerConnectionOpenListener.this.connection.setReadListener(new Initial(), true);
                                    if (1 == 0) {
                                        allocate3.free();
                                    }
                                    allocate.free();
                                    return;
                                } catch (Throwable th) {
                                    if (!z) {
                                        allocate3.free();
                                    }
                                    throw th;
                                }
                            default:
                                RemoteLogger.server.unknownProtocolId(b);
                                ServerConnectionOpenListener.this.connection.handleException(RemoteLogger.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                                allocate.free();
                                return;
                        }
                    } catch (IOException e2) {
                        ServerConnectionOpenListener.this.connection.handleException(e2);
                        allocate.free();
                    }
                } catch (BufferOverflowException e3) {
                    ServerConnectionOpenListener.this.connection.handleException(RemoteLogger.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                    allocate.free();
                } catch (BufferUnderflowException e4) {
                    ServerConnectionOpenListener.this.connection.handleException(RemoteLogger.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                    allocate.free();
                }
            } catch (Throwable th2) {
                allocate.free();
                throw th2;
            }
        }

        void sendCapabilities() {
            if (this.allowedMechanisms == null) {
                initialiseCapabilities();
            }
            Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
            boolean z = false;
            try {
                ByteBuffer resource = allocate.getResource();
                resource.put((byte) 1);
                ProtocolUtils.writeByte(resource, 0, this.version);
                String name = ServerConnectionOpenListener.this.connectionProviderContext.getEndpoint().getName();
                if (name != null) {
                    ProtocolUtils.writeString(resource, (byte) 3, name);
                }
                if (this.starttls) {
                    ProtocolUtils.writeEmpty(resource, 2);
                }
                Iterator<String> it = this.allowedMechanisms.keySet().iterator();
                while (it.hasNext()) {
                    ProtocolUtils.writeString(resource, (byte) 1, it.next());
                }
                resource.flip();
                ServerConnectionOpenListener.this.connection.send(allocate);
                z = true;
                if (1 == 0) {
                    allocate.free();
                }
            } catch (Throwable th) {
                if (!z) {
                    allocate.free();
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerConnectionOpenListener(RemoteConnection remoteConnection, ConnectionProviderContext connectionProviderContext, ServerAuthenticationProvider serverAuthenticationProvider, OptionMap optionMap, AccessControlContext accessControlContext) {
        this.connection = remoteConnection;
        this.connectionProviderContext = connectionProviderContext;
        this.serverAuthenticationProvider = serverAuthenticationProvider;
        this.optionMap = optionMap;
        this.accessControlContext = accessControlContext;
        this.serverName = ((InetSocketAddress) remoteConnection.getChannel().getLocalAddress(InetSocketAddress.class)).getHostName();
    }

    @Override // org.xnio.ChannelListener
    public void handleEvent(ConnectedMessageChannel connectedMessageChannel) {
        Pooled<ByteBuffer> allocate = this.connection.allocate();
        boolean z = false;
        try {
            try {
                try {
                    ByteBuffer resource = allocate.getResource();
                    resource.put((byte) 0);
                    ProtocolUtils.writeString(resource, (byte) 0, this.serverName);
                    resource.flip();
                    this.connection.setReadListener(new Initial(), true);
                    this.connection.send(allocate);
                    z = true;
                    if (1 == 0) {
                        allocate.free();
                    }
                } catch (BufferUnderflowException e) {
                    this.connection.handleException(RemoteLogger.log.invalidMessage(this.connection));
                    if (z) {
                        return;
                    }
                    allocate.free();
                }
            } catch (BufferOverflowException e2) {
                this.connection.handleException(RemoteLogger.log.invalidMessage(this.connection));
                if (z) {
                    return;
                }
                allocate.free();
            }
        } catch (Throwable th) {
            if (!z) {
                allocate.free();
            }
            throw th;
        }
    }
}
