package org.jboss.remoting3.remote;

import java.io.IOException;
import java.nio.BufferOverflowException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLSession;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.jboss.remoting3.RemotingOptions;
import org.jboss.remoting3.Version;
import org.jboss.remoting3._private.Messages;
import org.jboss.remoting3.spi.ConnectionProviderContext;
import org.wildfly.security.auth.principal.AnonymousPrincipal;
import org.wildfly.security.auth.server.SaslAuthenticationFactory;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.sasl.digest._private.DigestUtil;
import org.wildfly.security.sasl.util.PropertiesSaslServerFactory;
import org.wildfly.security.sasl.util.ProtocolSaslServerFactory;
import org.wildfly.security.sasl.util.SSLSaslServerFactory;
import org.wildfly.security.sasl.util.ServerNameSaslServerFactory;
import org.xnio.Buffers;
import org.xnio.ChannelListener;
import org.xnio.Option;
import org.xnio.OptionMap;
import org.xnio.Options;
import org.xnio.Pooled;
import org.xnio.Property;
import org.xnio.Sequence;
import org.xnio.channels.SslChannel;
import org.xnio.conduits.ConduitStreamSourceChannel;
import org.xnio.sasl.SaslUtils;
import org.xnio.sasl.SaslWrapper;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jboss/remoting3/remote/ServerConnectionOpenListener.class */
public final class ServerConnectionOpenListener implements ChannelListener<ConduitStreamSourceChannel> {
    private final RemoteConnection connection;
    private final ConnectionProviderContext connectionProviderContext;
    private final SaslAuthenticationFactory saslAuthenticationFactory;
    private final OptionMap optionMap;
    private final AtomicInteger retryCount = new AtomicInteger();
    private final String serverName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jboss/remoting3/remote/ServerConnectionOpenListener$AuthStepRunnable.class */
    public final class AuthStepRunnable implements Runnable {
        private final boolean isInitial;
        private final SaslServer saslServer;
        private final Pooled<ByteBuffer> buffer;
        private final String remoteEndpointName;
        private final int behavior;
        private final int maxInboundChannels;
        private final int maxOutboundChannels;
        private final boolean authCap;
        private final Set<String> offeredMechanisms;

        AuthStepRunnable(boolean z, SaslServer saslServer, Pooled<ByteBuffer> pooled, String str, int i, int i2, int i3, boolean z2, Set<String> set) {
            this.isInitial = z;
            this.saslServer = saslServer;
            this.buffer = pooled;
            this.remoteEndpointName = str;
            this.behavior = i;
            this.maxInboundChannels = i2;
            this.maxOutboundChannels = i3;
            this.authCap = z2;
            this.offeredMechanisms = set;
        }

        @Override // java.lang.Runnable
        public void run() {
            boolean z = false;
            boolean z2 = false;
            try {
                Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
                try {
                    ByteBuffer resource = allocate.getResource();
                    int position = resource.position();
                    try {
                        resource.put((byte) 5);
                        if (SaslUtils.evaluateResponse(this.saslServer, resource, this.buffer.getResource())) {
                            Messages.server.tracef("Server sending authentication complete", new Object[0]);
                            ServerConnectionOpenListener.this.connectionProviderContext.accept(connectionHandlerContext -> {
                                Object negotiatedProperty = this.saslServer.getNegotiatedProperty("javax.security.sasl.qop");
                                if (!this.isInitial && (DigestUtil.QOP_AUTH_INT.equals(negotiatedProperty) || DigestUtil.QOP_AUTH_CONF.equals(negotiatedProperty))) {
                                    ServerConnectionOpenListener.this.connection.setSaslWrapper(SaslWrapper.create(this.saslServer));
                                }
                                RemoteConnectionHandler remoteConnectionHandler = new RemoteConnectionHandler(connectionHandlerContext, ServerConnectionOpenListener.this.connection, this.maxInboundChannels, this.maxOutboundChannels, AnonymousPrincipal.getInstance(), this.remoteEndpointName, this.behavior, this.authCap, this.offeredMechanisms, ServerConnectionOpenListener.this.connection.getPeerAddress().getHostName(), ServerConnectionOpenListener.this.serverName);
                                ServerConnectionOpenListener.this.connection.getRemoteConnectionProvider().addConnectionHandler(remoteConnectionHandler);
                                SecurityIdentity securityIdentity = (SecurityIdentity) this.saslServer.getNegotiatedProperty(WildFlySasl.SECURITY_IDENTITY);
                                ServerConnectionOpenListener.this.connection.setIdentity(securityIdentity == null ? ServerConnectionOpenListener.this.saslAuthenticationFactory.getSecurityDomain().getAnonymousSecurityIdentity() : securityIdentity);
                                ServerConnectionOpenListener.this.connection.setReadListener(new RemoteReadListener(remoteConnectionHandler, ServerConnectionOpenListener.this.connection), false);
                                return remoteConnectionHandler;
                            }, ServerConnectionOpenListener.this.saslAuthenticationFactory);
                        } else {
                            Messages.server.tracef("Server sending authentication challenge", new Object[0]);
                            resource.put(position, (byte) 3);
                            if (this.isInitial) {
                                ServerConnectionOpenListener.this.connection.setReadListener(new Authentication(this.saslServer, this.remoteEndpointName, this.behavior, this.maxInboundChannels, this.maxOutboundChannels, this.authCap, this.offeredMechanisms), false);
                            }
                        }
                    } catch (Throwable th) {
                        Messages.server.tracef(th, "Server sending authentication rejected", new Object[0]);
                        resource.put(position, (byte) 6);
                        ServerConnectionOpenListener.this.saslDispose(this.saslServer);
                        if (ServerConnectionOpenListener.this.retryCount.get() <= 0) {
                            Messages.server.tracef("No more authentication attempts allowed, closing the connection", new Object[0]);
                            z2 = true;
                        } else if (!this.isInitial) {
                            ServerConnectionOpenListener.this.connection.setReadListener(new Initial(), false);
                        }
                    }
                    resource.flip();
                    ServerConnectionOpenListener.this.connection.send(allocate, z2);
                    z = true;
                    ServerConnectionOpenListener.this.connection.getMessageReader().resumeReads();
                    if (1 == 0) {
                        allocate.free();
                    }
                } catch (Throwable th2) {
                    if (!z) {
                        allocate.free();
                    }
                    throw th2;
                }
            } finally {
                this.buffer.free();
            }
        }
    }

    /* loaded from: input_file:org/jboss/remoting3/remote/ServerConnectionOpenListener$Authentication.class */
    final class Authentication implements ChannelListener<ConduitStreamSourceChannel> {
        private final SaslServer saslServer;
        private final String remoteEndpointName;
        private final int behavior;
        private final int maxInboundChannels;
        private final int maxOutboundChannels;
        private final boolean authCap;
        private final Set<String> offeredMechanisms;

        Authentication(SaslServer saslServer, String str, int i, int i2, int i3, boolean z, Set<String> set) {
            this.saslServer = saslServer;
            this.remoteEndpointName = str;
            this.behavior = i;
            this.maxInboundChannels = i2;
            this.maxOutboundChannels = i3;
            this.authCap = z;
            this.offeredMechanisms = set;
        }

        @Override // org.xnio.ChannelListener
        public void handleEvent(ConduitStreamSourceChannel conduitStreamSourceChannel) {
            try {
                Pooled<ByteBuffer> message = ServerConnectionOpenListener.this.connection.getMessageReader().getMessage();
                if (message == MessageReader.EOF_MARKER) {
                    Messages.log.trace("Received connection end-of-stream");
                    ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                    ServerConnectionOpenListener.this.saslDispose(this.saslServer);
                    return;
                }
                if (message == null) {
                    return;
                }
                try {
                    try {
                        ByteBuffer resource = message.getResource();
                        Messages.server.tracef("Received %s", resource);
                        byte b = resource.get();
                        switch (b) {
                            case -1:
                                Messages.server.trace("Server received connection close request");
                                ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                                ServerConnectionOpenListener.this.saslDispose(this.saslServer);
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            case 1:
                                Messages.server.trace("Server received capabilities request (cancelling authentication)");
                                ServerConnectionOpenListener.this.saslDispose(this.saslServer);
                                Initial initial = new Initial();
                                ServerConnectionOpenListener.this.connection.setReadListener(initial, true);
                                initial.handleClientCapabilities(resource);
                                initial.sendCapabilities();
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            case 4:
                                Messages.server.tracef("Server received authentication response", new Object[0]);
                                ServerConnectionOpenListener.this.connection.getMessageReader().suspendReads();
                                ServerConnectionOpenListener.this.connection.getExecutor().execute(new AuthStepRunnable(false, this.saslServer, message, this.remoteEndpointName, this.behavior, this.maxInboundChannels, this.maxOutboundChannels, this.authCap, this.offeredMechanisms));
                                if (0 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            default:
                                Messages.server.unknownProtocolId(b);
                                ServerConnectionOpenListener.this.connection.handleException(Messages.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                                ServerConnectionOpenListener.this.saslDispose(this.saslServer);
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                        }
                    } catch (Throwable th) {
                        if (1 != 0) {
                            message.free();
                        }
                        throw th;
                    }
                } catch (BufferOverflowException | BufferUnderflowException e) {
                    ServerConnectionOpenListener.this.connection.handleException(Messages.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                    ServerConnectionOpenListener.this.saslDispose(this.saslServer);
                    if (1 != 0) {
                        message.free();
                    }
                }
            } catch (IOException e2) {
                ServerConnectionOpenListener.this.connection.handleException(e2);
                ServerConnectionOpenListener.this.saslDispose(this.saslServer);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jboss/remoting3/remote/ServerConnectionOpenListener$Initial.class */
    public final class Initial implements ChannelListener<ConduitStreamSourceChannel> {
        private boolean starttls;
        private Set<String> allowedMechanisms;
        private String remoteEndpointName;
        private boolean authCap;
        private int channelsIn = 40;
        private int channelsOut = 40;
        private int behavior = 2;
        private int version = 1;

        Initial() {
        }

        /* JADX WARN: Removed duplicated region for block: B:19:0x00ba  */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        void initialiseCapabilities() {
            /*
                Method dump skipped, instructions count: 297
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.jboss.remoting3.remote.ServerConnectionOpenListener.Initial.initialiseCapabilities():void");
        }

        /* JADX WARN: Finally extract failed */
        @Override // org.xnio.ChannelListener
        public void handleEvent(ConduitStreamSourceChannel conduitStreamSourceChannel) {
            SaslServer saslServer;
            try {
                Pooled<ByteBuffer> message = ServerConnectionOpenListener.this.connection.getMessageReader().getMessage();
                if (message == MessageReader.EOF_MARKER) {
                    Messages.log.trace("Received connection end-of-stream");
                    ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                    return;
                }
                if (message == null) {
                    return;
                }
                try {
                    try {
                        ByteBuffer resource = message.getResource();
                        Messages.server.tracef("Received %s", resource);
                        byte b = resource.get();
                        switch (b) {
                            case -16:
                                Messages.server.trace("Server received connection alive");
                                ServerConnectionOpenListener.this.connection.sendAliveResponse();
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            case -15:
                                Messages.server.trace("Server received connection alive ack");
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            case -1:
                                Messages.server.trace("Server received connection close request");
                                ServerConnectionOpenListener.this.connection.handlePreAuthCloseRequest();
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            case 1:
                                Messages.server.trace("Server received capabilities request");
                                handleClientCapabilities(resource);
                                sendCapabilities();
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            case 2:
                                Messages.server.tracef("Server received authentication request", new Object[0]);
                                if (ServerConnectionOpenListener.this.retryCount.getAndDecrement() <= 0) {
                                    ServerConnectionOpenListener.this.connection.handleException(new SaslException("Too many authentication failures; connection terminated"), false);
                                    if (1 != 0) {
                                        message.free();
                                        return;
                                    }
                                    return;
                                }
                                String modifiedUtf8 = this.version < 1 ? Buffers.getModifiedUtf8(resource) : ProtocolUtils.readString(resource);
                                String str = (String) ServerConnectionOpenListener.this.optionMap.get((Option<Option<String>>) RemotingOptions.SASL_PROTOCOL, (Option<String>) RemotingOptions.DEFAULT_SASL_PROTOCOL);
                                Map<String, String> saslProperties = getSaslProperties(ServerConnectionOpenListener.this.optionMap);
                                SslChannel sslChannel = ServerConnectionOpenListener.this.connection.getSslChannel();
                                SSLSession sslSession = sslChannel == null ? null : sslChannel.getSslSession();
                                try {
                                    saslServer = ServerConnectionOpenListener.this.saslAuthenticationFactory.createMechanism(modifiedUtf8, saslServerFactory -> {
                                        ProtocolSaslServerFactory protocolSaslServerFactory = new ProtocolSaslServerFactory(new ServerNameSaslServerFactory(sslSession != null ? new SSLSaslServerFactory(saslServerFactory, () -> {
                                            return sslSession;
                                        }) : saslServerFactory, ServerConnectionOpenListener.this.serverName), str);
                                        return saslProperties != null ? new PropertiesSaslServerFactory(protocolSaslServerFactory, saslProperties) : protocolSaslServerFactory;
                                    });
                                } catch (SaslException e) {
                                    Messages.server.trace("Unable to create SaslServer", e);
                                    saslServer = null;
                                }
                                if (saslServer == null) {
                                    rejectAuthentication(modifiedUtf8);
                                    if (1 != 0) {
                                        message.free();
                                        return;
                                    }
                                    return;
                                }
                                ServerConnectionOpenListener.this.connection.getMessageReader().suspendReads();
                                ServerConnectionOpenListener.this.connection.getExecutor().execute(new AuthStepRunnable(true, saslServer, message, this.remoteEndpointName, this.behavior, this.channelsIn, this.channelsOut, this.authCap, null));
                                if (0 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                            case 7:
                                Messages.server.tracef("Server received STARTTLS request", new Object[0]);
                                Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
                                boolean z = false;
                                try {
                                    ByteBuffer resource2 = allocate.getResource();
                                    resource2.put(this.starttls ? (byte) 7 : (byte) 8);
                                    resource2.flip();
                                    ServerConnectionOpenListener.this.connection.send(allocate);
                                    z = true;
                                    if (this.starttls) {
                                        ServerConnectionOpenListener.this.connection.send(RemoteConnection.STARTTLS_SENTINEL);
                                    }
                                    ServerConnectionOpenListener.this.connection.setReadListener(new Initial(), true);
                                    if (1 == 0) {
                                        allocate.free();
                                    }
                                    if (1 != 0) {
                                        message.free();
                                        return;
                                    }
                                    return;
                                } catch (Throwable th) {
                                    if (!z) {
                                        allocate.free();
                                    }
                                    throw th;
                                }
                            default:
                                Messages.server.unknownProtocolId(b);
                                ServerConnectionOpenListener.this.connection.handleException(Messages.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                                if (1 != 0) {
                                    message.free();
                                    return;
                                }
                                return;
                        }
                    } catch (BufferOverflowException | BufferUnderflowException e2) {
                        ServerConnectionOpenListener.this.connection.handleException(Messages.log.invalidMessage(ServerConnectionOpenListener.this.connection));
                        if (1 != 0) {
                            message.free();
                        }
                    }
                } catch (Throwable th2) {
                    if (1 != 0) {
                        message.free();
                    }
                    throw th2;
                }
            } catch (IOException e3) {
                ServerConnectionOpenListener.this.connection.handleException(e3);
            }
        }

        private Map<String, String> getSaslProperties(OptionMap optionMap) {
            HashMap hashMap = null;
            Sequence sequence = (Sequence) optionMap.get(Options.SASL_PROPERTIES);
            if (sequence != null) {
                hashMap = new HashMap(sequence.size());
                Iterator it = sequence.iterator();
                while (it.hasNext()) {
                    Property property = (Property) it.next();
                    hashMap.put(property.getKey(), (String) property.getValue());
                }
            }
            return hashMap;
        }

        void rejectAuthentication(String str) {
            Messages.log.rejectedInvalidMechanism(str);
            Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
            boolean z = false;
            try {
                ByteBuffer resource = allocate.getResource();
                resource.put((byte) 6);
                resource.flip();
                ServerConnectionOpenListener.this.connection.send(allocate);
                z = true;
                if (1 == 0) {
                    allocate.free();
                }
            } catch (Throwable th) {
                if (!z) {
                    allocate.free();
                }
                throw th;
            }
        }

        void handleClientCapabilities(ByteBuffer byteBuffer) {
            boolean z = true;
            int i = 40;
            int i2 = 40;
            boolean z2 = false;
            while (byteBuffer.hasRemaining()) {
                byte b = byteBuffer.get();
                int i3 = byteBuffer.get() & 255;
                ByteBuffer slice = Buffers.slice(byteBuffer, i3);
                switch (b) {
                    case 0:
                        byte b2 = slice.get();
                        Messages.server.tracef("Server received capability: version %d", Integer.valueOf(b2 & 255));
                        this.version = Math.min(1, b2 & 255);
                        break;
                    case 1:
                    case 2:
                    default:
                        Messages.server.tracef("Server received unknown capability %02x", Integer.valueOf(b & 255));
                        break;
                    case 3:
                        this.remoteEndpointName = Buffers.getModifiedUtf8(slice);
                        Messages.server.tracef("Server received capability: remote endpoint name \"%s\"", this.remoteEndpointName);
                        break;
                    case 4:
                        this.behavior |= 1;
                        this.behavior &= -3;
                        Messages.server.tracef("Server received capability: message close protocol supported", new Object[0]);
                        break;
                    case 5:
                        this.behavior &= -3;
                        Messages.server.tracef("Server received capability: remote version is \"%s\"", Buffers.getModifiedUtf8(slice));
                        break;
                    case 6:
                        z = false;
                        i2 = ProtocolUtils.readIntData(slice, i3);
                        Messages.server.tracef("Server received capability: remote channels in is \"%d\"", i2);
                        break;
                    case 7:
                        z = false;
                        i = ProtocolUtils.readIntData(slice, i3);
                        Messages.server.tracef("Server received capability: remote channels out is \"%d\"", i);
                        break;
                    case 8:
                        z2 = true;
                        Messages.server.trace("Server received capability: authentication service");
                        break;
                }
            }
            if (!z) {
                this.channelsIn = i;
                this.channelsOut = i2;
            }
            this.authCap = z2;
        }

        void sendCapabilities() {
            if (this.allowedMechanisms == null) {
                initialiseCapabilities();
            }
            Pooled<ByteBuffer> allocate = ServerConnectionOpenListener.this.connection.allocate();
            boolean z = false;
            try {
                ByteBuffer resource = allocate.getResource();
                resource.put((byte) 1);
                ProtocolUtils.writeByte(resource, 0, this.version);
                String name = ServerConnectionOpenListener.this.connectionProviderContext.getEndpoint().getName();
                if (name != null) {
                    ProtocolUtils.writeString(resource, (byte) 3, name);
                }
                if (this.starttls) {
                    ProtocolUtils.writeEmpty(resource, 2);
                }
                Iterator<String> it = this.allowedMechanisms.iterator();
                while (it.hasNext()) {
                    ProtocolUtils.writeString(resource, (byte) 1, it.next());
                }
                ProtocolUtils.writeEmpty(resource, 4);
                ProtocolUtils.writeString(resource, (byte) 5, Version.getVersionString());
                ProtocolUtils.writeInt(resource, 6, ServerConnectionOpenListener.this.optionMap.get(RemotingOptions.MAX_INBOUND_CHANNELS, 40));
                ProtocolUtils.writeInt(resource, 7, ServerConnectionOpenListener.this.optionMap.get(RemotingOptions.MAX_OUTBOUND_CHANNELS, 40));
                ProtocolUtils.writeEmpty(resource, 8);
                resource.flip();
                ServerConnectionOpenListener.this.connection.send(allocate);
                z = true;
                if (1 == 0) {
                    allocate.free();
                }
            } catch (Throwable th) {
                if (!z) {
                    allocate.free();
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerConnectionOpenListener(RemoteConnection remoteConnection, ConnectionProviderContext connectionProviderContext, SaslAuthenticationFactory saslAuthenticationFactory, OptionMap optionMap) {
        this.connection = remoteConnection;
        this.connectionProviderContext = connectionProviderContext;
        this.saslAuthenticationFactory = saslAuthenticationFactory;
        this.optionMap = optionMap;
        if (optionMap.contains(RemotingOptions.SERVER_NAME)) {
            this.serverName = (String) optionMap.get(RemotingOptions.SERVER_NAME);
        } else {
            this.serverName = remoteConnection.getLocalAddress().getHostName();
        }
    }

    @Override // org.xnio.ChannelListener
    public void handleEvent(ConduitStreamSourceChannel conduitStreamSourceChannel) {
        Pooled<ByteBuffer> allocate = this.connection.allocate();
        boolean z = false;
        try {
            try {
                ByteBuffer resource = allocate.getResource();
                resource.put((byte) 0);
                ProtocolUtils.writeString(resource, (byte) 0, this.serverName);
                resource.flip();
                this.connection.setReadListener(new Initial(), true);
                this.connection.send(allocate);
                z = true;
                if (1 == 0) {
                    allocate.free();
                }
            } catch (BufferOverflowException | BufferUnderflowException e) {
                this.connection.handleException(Messages.log.invalidMessage(this.connection));
                if (z) {
                    return;
                }
                allocate.free();
            }
        } catch (Throwable th) {
            if (!z) {
                allocate.free();
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saslDispose(SaslServer saslServer) {
        if (saslServer != null) {
            try {
                saslServer.dispose();
            } catch (SaslException e) {
                Messages.server.trace("Failure disposing of SaslServer", e);
            }
        }
    }
}
