package org.jboss.remoting3;

import java.io.IOException;
import java.net.SocketAddress;
import java.net.URI;
import java.security.Principal;
import java.util.Iterator;
import javax.net.ssl.SSLSession;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.jboss.remoting3.EndpointImpl;
import org.jboss.remoting3._private.IntIndexHashMap;
import org.jboss.remoting3._private.Messages;
import org.jboss.remoting3.security.RemotingPermission;
import org.jboss.remoting3.spi.AbstractHandleableCloseable;
import org.jboss.remoting3.spi.ConnectionHandler;
import org.jboss.remoting3.spi.ConnectionHandlerFactory;
import org.jboss.remoting3.spi.ConnectionProviderContext;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.server.SaslAuthenticationFactory;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.sasl.util.ProtocolSaslServerFactory;
import org.wildfly.security.sasl.util.SSLSaslServerFactory;
import org.wildfly.security.sasl.util.ServerNameSaslServerFactory;
import org.xnio.FutureResult;
import org.xnio.IoFuture;
import org.xnio.OptionMap;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jboss/remoting3/ConnectionImpl.class */
public class ConnectionImpl extends AbstractHandleableCloseable<Connection> implements Connection {
    private final Attachments attachments;
    private final ConnectionHandler connectionHandler;
    private final EndpointImpl endpoint;
    private final URI peerUri;
    private final ConnectionPeerIdentityContext peerIdentityContext;
    private final IntIndexHashMap<Auth> authMap;
    private final SaslAuthenticationFactory authenticationFactory;
    private final AuthenticationConfiguration authenticationConfiguration;
    private final String protocol;
    private final String saslProtocol;

    /* loaded from: input_file:org/jboss/remoting3/ConnectionImpl$Auth.class */
    static final class Auth {
        private final int id;
        private final SaslServer saslServer;

        Auth(int i, SaslServer saslServer) {
            this.id = i;
            this.saslServer = saslServer;
        }

        int getId() {
            return this.id;
        }

        SaslServer getSaslServer() {
            return this.saslServer;
        }

        void dispose() {
            try {
                this.saslServer.dispose();
            } catch (SaslException e) {
                Messages.log.trace("Failed to dispose SASL mechanism", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectionImpl(EndpointImpl endpointImpl, ConnectionHandlerFactory connectionHandlerFactory, ConnectionProviderContext connectionProviderContext, URI uri, SaslAuthenticationFactory saslAuthenticationFactory, AuthenticationConfiguration authenticationConfiguration, String str) {
        super(endpointImpl.getExecutor(), true);
        this.attachments = new Attachments();
        this.authMap = new IntIndexHashMap<>((v0) -> {
            return v0.getId();
        });
        this.endpoint = endpointImpl;
        this.peerUri = uri;
        this.protocol = connectionProviderContext.getProtocol();
        this.authenticationConfiguration = authenticationConfiguration;
        this.saslProtocol = str;
        endpointImpl.getClass();
        this.connectionHandler = connectionHandlerFactory.createInstance(new EndpointImpl.LocalConnectionContext(connectionProviderContext, this));
        this.authenticationFactory = saslAuthenticationFactory;
        this.peerIdentityContext = new ConnectionPeerIdentityContext(this, this.connectionHandler.getOfferedMechanisms(), getConnectionHandler().getPeerSaslServerName(), str);
    }

    @Override // org.jboss.remoting3.spi.AbstractHandleableCloseable
    protected void closeAction() throws IOException {
        this.connectionHandler.closeAsync();
        this.connectionHandler.addCloseHandler((connectionHandler, iOException) -> {
            closeComplete();
        });
        Iterator<Auth> it = this.authMap.iterator();
        while (it.hasNext()) {
            it.next().dispose();
        }
        ConnectionPeerIdentityContext connectionPeerIdentityContext = this.peerIdentityContext;
        if (connectionPeerIdentityContext != null) {
            connectionPeerIdentityContext.connectionClosed();
        }
    }

    @Override // org.jboss.remoting3.Connection
    public SocketAddress getLocalAddress() {
        return this.connectionHandler.getLocalAddress();
    }

    @Override // org.jboss.remoting3.Connection
    public SocketAddress getPeerAddress() {
        return this.connectionHandler.getPeerAddress();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationConfiguration getAuthenticationConfiguration() {
        return this.authenticationConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectionHandler getConnectionHandler() {
        return this.connectionHandler;
    }

    @Override // org.jboss.remoting3.Connection
    public SSLSession getSslSession() {
        return this.connectionHandler.getSslSession();
    }

    @Override // org.jboss.remoting3.Connection
    public IoFuture<Channel> openChannel(String str, OptionMap optionMap) {
        FutureResult futureResult = new FutureResult(getExecutor());
        futureResult.addCancelHandler(this.connectionHandler.open(str, futureResult, optionMap));
        return futureResult.getIoFuture();
    }

    @Override // org.jboss.remoting3.Connection
    public String getRemoteEndpointName() {
        return this.connectionHandler.getRemoteEndpointName();
    }

    @Override // org.jboss.remoting3.Connection
    public EndpointImpl getEndpoint() {
        return this.endpoint;
    }

    @Override // org.jboss.remoting3.Connection
    public URI getPeerURI() {
        return this.peerUri;
    }

    @Override // org.jboss.remoting3.Connection
    public String getProtocol() {
        return this.protocol;
    }

    @Override // org.jboss.remoting3.Connection
    public SecurityIdentity getLocalIdentity() {
        return this.connectionHandler.getLocalIdentity();
    }

    @Override // org.jboss.remoting3.Connection
    public SecurityIdentity getLocalIdentity(int i) {
        if (i == 1) {
            SaslAuthenticationFactory saslAuthenticationFactory = this.authenticationFactory;
            if (saslAuthenticationFactory == null) {
                return null;
            }
            return saslAuthenticationFactory.getSecurityDomain().getAnonymousSecurityIdentity();
        }
        if (i == 0) {
            return getLocalIdentity();
        }
        Auth auth = this.authMap.get(i);
        if (auth != null) {
            return (SecurityIdentity) auth.getSaslServer().getNegotiatedProperty(WildFlySasl.SECURITY_IDENTITY);
        }
        return null;
    }

    @Override // org.jboss.remoting3.Connection
    public int getPeerIdentityId() {
        return getPeerIdentityContext().getCurrentIdentity().getIndex();
    }

    @Override // org.jboss.remoting3.Attachable
    public Attachments getAttachments() {
        return this.attachments;
    }

    public String toString() {
        return String.format("Remoting connection <%x> on %s", Integer.valueOf(hashCode()), this.endpoint);
    }

    @Override // org.jboss.remoting3.Connection
    public ConnectionPeerIdentity getConnectionPeerIdentity() throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(RemotingPermission.GET_CONNECTION_PEER_IDENTITY);
        }
        return getPeerIdentityContext().getConnectionIdentity();
    }

    @Override // org.jboss.remoting3.Connection
    public ConnectionPeerIdentity getConnectionAnonymousIdentity() {
        return getPeerIdentityContext().getAnonymousIdentity();
    }

    @Override // org.jboss.remoting3.Connection
    public ConnectionPeerIdentityContext getPeerIdentityContext() {
        ConnectionPeerIdentityContext connectionPeerIdentityContext = this.peerIdentityContext;
        if (connectionPeerIdentityContext == null) {
            throw Assert.unsupported();
        }
        return connectionPeerIdentityContext;
    }

    @Override // org.jboss.remoting3.Connection
    public boolean supportsRemoteAuth() {
        return this.connectionHandler.supportsRemoteAuth();
    }

    @Override // org.jboss.remoting3.Connection
    public Principal getPrincipal() {
        return this.connectionHandler.getPrincipal();
    }

    public void receiveAuthRequest(int i, String str, byte[] bArr) {
        Messages.log.tracef("Received authentication request for ID %08x, mech %s", i, (Object) str);
        if (i == 0 || i == 1) {
            return;
        }
        getExecutor().execute(() -> {
            IntIndexHashMap<Auth> intIndexHashMap = this.authMap;
            SSLSession sslSession = this.connectionHandler.getSslSession();
            try {
                SaslServer createMechanism = this.authenticationFactory.createMechanism(str, saslServerFactory -> {
                    SaslServerFactory saslServerFactory;
                    if (sslSession != null) {
                        ConnectionHandler connectionHandler = this.connectionHandler;
                        connectionHandler.getClass();
                        saslServerFactory = new SSLSaslServerFactory(saslServerFactory, connectionHandler::getSslSession);
                    } else {
                        saslServerFactory = saslServerFactory;
                    }
                    return new ServerNameSaslServerFactory(new ProtocolSaslServerFactory(saslServerFactory, this.saslProtocol), this.connectionHandler.getLocalSaslServerName());
                });
                Auth auth = new Auth(i, createMechanism);
                Auth put = intIndexHashMap.put(auth);
                if (put != null) {
                    put.dispose();
                }
                try {
                    byte[] evaluateResponse = createMechanism.evaluateResponse(bArr);
                    if (createMechanism.isComplete()) {
                        try {
                            this.connectionHandler.sendAuthSuccess(i, evaluateResponse);
                            return;
                        } catch (IOException e) {
                            intIndexHashMap.remove(auth);
                            auth.dispose();
                            Messages.log.trace("Failed to send auth success", e);
                            return;
                        }
                    }
                    try {
                        this.connectionHandler.sendAuthChallenge(i, evaluateResponse);
                    } catch (IOException e2) {
                        intIndexHashMap.remove(auth);
                        auth.dispose();
                        Messages.log.trace("Failed to send auth challenge", e2);
                    }
                } catch (SaslException e3) {
                    Messages.log.trace("Authentication failed at response evaluation", e3);
                    try {
                        this.connectionHandler.sendAuthReject(i);
                    } catch (IOException e4) {
                        intIndexHashMap.remove(auth);
                        auth.dispose();
                        Messages.log.trace("Failed to send auth reject", e4);
                    }
                }
            } catch (SaslException e5) {
                Messages.log.trace("Authentication failed at mechanism creation", e5);
                try {
                    Auth put2 = intIndexHashMap.put(new Auth(i, new RejectingSaslServer()));
                    if (put2 != null) {
                        put2.dispose();
                    }
                    this.connectionHandler.sendAuthReject(i);
                } catch (IOException e6) {
                    Messages.log.trace("Failed to send auth reject", e6);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void receiveAuthResponse(int i, byte[] bArr) {
        Messages.log.tracef("Received authentication response for ID %08x", i);
        if (i == 0 || i == 1) {
            return;
        }
        getExecutor().execute(() -> {
            Auth auth = this.authMap.get(i);
            if (auth == null) {
                auth = this.authMap.putIfAbsent(new Auth(i, new RejectingSaslServer()));
                if (auth == null) {
                    try {
                        this.connectionHandler.sendAuthReject(i);
                        return;
                    } catch (IOException e) {
                        Messages.log.trace("Failed to send auth reject", e);
                        return;
                    }
                }
            }
            SaslServer saslServer = auth.getSaslServer();
            try {
                byte[] evaluateResponse = saslServer.evaluateResponse(bArr);
                if (saslServer.isComplete()) {
                    try {
                        this.connectionHandler.sendAuthSuccess(i, evaluateResponse);
                        return;
                    } catch (IOException e2) {
                        this.authMap.remove(auth);
                        auth.dispose();
                        Messages.log.trace("Failed to send auth success", e2);
                        return;
                    }
                }
                try {
                    this.connectionHandler.sendAuthChallenge(i, evaluateResponse);
                } catch (IOException e3) {
                    this.authMap.remove(auth);
                    auth.dispose();
                    Messages.log.trace("Failed to send auth challenge", e3);
                }
            } catch (SaslException e4) {
                Messages.log.trace("Authentication failed at response evaluation", e4);
                try {
                    this.connectionHandler.sendAuthReject(i);
                } catch (IOException e5) {
                    this.authMap.remove(auth);
                    auth.dispose();
                    Messages.log.trace("Failed to send auth reject", e5);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void receiveAuthDelete(int i) {
        Messages.log.tracef("Received authentication delete for ID %08x", i);
        if (i == 0 || i == 1) {
            return;
        }
        getExecutor().execute(() -> {
            Auth removeKey = this.authMap.removeKey(i);
            if (removeKey != null) {
                removeKey.dispose();
            }
            Messages.log.tracef("Deleted authentication ID %08x", i);
        });
    }
}
