package org.jboss.as.protocol;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.net.URI;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.jboss.as.protocol.logging.ProtocolLogger;
import org.jboss.remoting3.Connection;
import org.jboss.remoting3.Endpoint;
import org.wildfly.security.auth.client.AuthenticationConfiguration;
import org.wildfly.security.auth.client.AuthenticationContext;
import org.wildfly.security.auth.client.AuthenticationContextConfigurationClient;
import org.wildfly.security.auth.client.CallbackKind;
import org.wildfly.security.auth.client.MatchRule;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.sasl.SaslMechanismSelector;
import org.wildfly.security.sasl.localuser.LocalUserClient;
import org.xnio.IoFuture;
import org.xnio.Option;
import org.xnio.OptionMap;
import org.xnio.Options;

/* loaded from: input_file:org/jboss/as/protocol/ProtocolConnectionUtils.class */
public class ProtocolConnectionUtils {
    private static final String JBOSS_LOCAL_USER = "JBOSS-LOCAL-USER";
    private static final Map<String, String> QUIET_LOCAL_AUTH = Collections.singletonMap(LocalUserClient.QUIET_AUTH, "true");
    private static final AuthenticationContextConfigurationClient AUTH_CONFIGURATION_CLIENT = (AuthenticationContextConfigurationClient) AccessController.doPrivileged(AuthenticationContextConfigurationClient.ACTION);
    private static final EnumSet<CallbackKind> DEFAULT_CALLBACK_KINDS = EnumSet.of(CallbackKind.PRINCIPAL, CallbackKind.CREDENTIAL, CallbackKind.REALM);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/protocol/ProtocolConnectionUtils$WrapperCallbackHandler.class */
    public static final class WrapperCallbackHandler implements CallbackHandler {
        private final GeneralTimeoutHandler timeoutHandler;
        private final CallbackHandler wrapped;

        WrapperCallbackHandler(GeneralTimeoutHandler generalTimeoutHandler, CallbackHandler callbackHandler) {
            this.timeoutHandler = generalTimeoutHandler;
            this.wrapped = callbackHandler;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(final Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            try {
                this.timeoutHandler.suspendAndExecute(new Runnable() { // from class: org.jboss.as.protocol.ProtocolConnectionUtils.WrapperCallbackHandler.1
                    @Override // java.lang.Runnable
                    public void run() {
                        try {
                            WrapperCallbackHandler.this.wrapped.handle(callbackArr);
                        } catch (IOException e) {
                            throw new RuntimeException(e);
                        } catch (UnsupportedCallbackException e2) {
                            throw new RuntimeException(e2);
                        }
                    }
                });
            } catch (RuntimeException e) {
                if (e.getCause() instanceof IOException) {
                    throw ((IOException) e.getCause());
                }
                if (!(e.getCause() instanceof UnsupportedCallbackException)) {
                    throw e;
                }
                throw ((UnsupportedCallbackException) e.getCause());
            }
        }
    }

    public static IoFuture<Connection> connect(ProtocolConnectionConfiguration protocolConnectionConfiguration) throws IOException {
        return connect(protocolConnectionConfiguration.getCallbackHandler(), protocolConnectionConfiguration);
    }

    public static IoFuture<Connection> connect(ProtocolConnectionConfiguration protocolConnectionConfiguration, CallbackHandler callbackHandler) throws IOException {
        ProtocolConnectionConfiguration copy = ProtocolConnectionConfiguration.copy(protocolConnectionConfiguration);
        copy.setCallbackHandler(callbackHandler);
        return connect(copy);
    }

    public static IoFuture<Connection> connect(ProtocolConnectionConfiguration protocolConnectionConfiguration, CallbackHandler callbackHandler, Map<String, String> map, SSLContext sSLContext) throws IOException {
        ProtocolConnectionConfiguration copy = ProtocolConnectionConfiguration.copy(protocolConnectionConfiguration);
        copy.setCallbackHandler(callbackHandler);
        copy.setSaslOptions(map);
        copy.setSslContext(sSLContext);
        return connect(copy);
    }

    public static Connection connectSync(ProtocolConnectionConfiguration protocolConnectionConfiguration) throws IOException {
        CallbackHandler callbackHandler;
        long connectionTimeout = protocolConnectionConfiguration.getConnectionTimeout();
        CallbackHandler callbackHandler2 = protocolConnectionConfiguration.getCallbackHandler();
        ProtocolTimeoutHandler timeoutHandler = protocolConnectionConfiguration.getTimeoutHandler();
        if (timeoutHandler == null) {
            GeneralTimeoutHandler generalTimeoutHandler = new GeneralTimeoutHandler();
            callbackHandler = callbackHandler2 != null ? new WrapperCallbackHandler(generalTimeoutHandler, callbackHandler2) : null;
            timeoutHandler = generalTimeoutHandler;
        } else {
            callbackHandler = callbackHandler2;
        }
        IoFuture<Connection> connect = connect(callbackHandler, protocolConnectionConfiguration);
        Connection checkFuture = checkFuture(timeoutHandler.await(connect, connectionTimeout), connect, protocolConnectionConfiguration);
        if (checkFuture != null) {
            return checkFuture;
        }
        connect.cancel();
        StreamUtils.safeClose(checkFuture(connect.getStatus(), connect, protocolConnectionConfiguration));
        throw ProtocolLogger.ROOT_LOGGER.couldNotConnect(protocolConnectionConfiguration.getUri());
    }

    private static Connection checkFuture(IoFuture.Status status, IoFuture<Connection> ioFuture, ProtocolConnectionConfiguration protocolConnectionConfiguration) throws IOException {
        if (status == IoFuture.Status.DONE) {
            return ioFuture.get();
        }
        if (status == IoFuture.Status.FAILED) {
            throw ProtocolLogger.ROOT_LOGGER.failedToConnect(protocolConnectionConfiguration.getUri(), ioFuture.getException());
        }
        return null;
    }

    public static Connection connectSync(ProtocolConnectionConfiguration protocolConnectionConfiguration, CallbackHandler callbackHandler) throws IOException {
        ProtocolConnectionConfiguration copy = ProtocolConnectionConfiguration.copy(protocolConnectionConfiguration);
        copy.setCallbackHandler(callbackHandler);
        return connectSync(copy);
    }

    public static Connection connectSync(ProtocolConnectionConfiguration protocolConnectionConfiguration, CallbackHandler callbackHandler, Map<String, String> map, SSLContext sSLContext) throws IOException {
        ProtocolConnectionConfiguration copy = ProtocolConnectionConfiguration.copy(protocolConnectionConfiguration);
        copy.setCallbackHandler(callbackHandler);
        copy.setSaslOptions(map);
        copy.setSslContext(sSLContext);
        return connectSync(copy);
    }

    private static IoFuture<Connection> connect(CallbackHandler callbackHandler, ProtocolConnectionConfiguration protocolConnectionConfiguration) throws IOException {
        protocolConnectionConfiguration.validate();
        Endpoint endpoint = protocolConnectionConfiguration.getEndpoint();
        URI uri = protocolConnectionConfiguration.getUri();
        String clientBindAddress = protocolConnectionConfiguration.getClientBindAddress();
        AuthenticationContext captureCurrent = AuthenticationContext.captureCurrent();
        AuthenticationConfiguration authenticationConfiguration = AUTH_CONFIGURATION_CLIENT.getAuthenticationConfiguration(uri, captureCurrent);
        if (callbackHandler != null) {
            if (protocolConnectionConfiguration.isCallbackHandlerPreferred()) {
                authenticationConfiguration = authenticationConfiguration.useAnonymous().useCredentials(IdentityCredentials.NONE).useRealm(null);
            }
            authenticationConfiguration = authenticationConfiguration.useCallbackHandler(callbackHandler, DEFAULT_CALLBACK_KINDS);
        }
        Map<String, String> saslOptions = protocolConnectionConfiguration.getSaslOptions();
        AuthenticationConfiguration configureSaslMechanisms = configureSaslMechanisms(saslOptions, isLocal(uri), authenticationConfiguration);
        if (saslOptions != null) {
            HashMap hashMap = new HashMap(saslOptions);
            hashMap.remove(Options.SASL_DISALLOWED_MECHANISMS.getName());
            configureSaslMechanisms = configureSaslMechanisms.useMechanismProperties(hashMap);
        }
        SSLContext sslContext = protocolConnectionConfiguration.getSslContext();
        if (sslContext == null) {
            try {
                sslContext = AUTH_CONFIGURATION_CLIENT.getSSLContext(uri, captureCurrent);
            } catch (GeneralSecurityException e) {
                throw ProtocolLogger.ROOT_LOGGER.failedToConnect(uri, e);
            }
        }
        OptionMap.Builder builder = OptionMap.builder();
        OptionMap optionMap = protocolConnectionConfiguration.getOptionMap();
        Iterator<Option<?>> it = optionMap.iterator();
        while (it.hasNext()) {
            Option<?> next = it.next();
            builder.set((Option<Option<?>>) next, (Option<?>) optionMap.get(next));
        }
        if (optionMap.get(Options.SSL_ENABLED) == null) {
            builder.set(Options.SSL_ENABLED, protocolConnectionConfiguration.isSslEnabled());
        }
        if (optionMap.get(Options.SSL_STARTTLS) == null) {
            builder.set(Options.SSL_STARTTLS, protocolConnectionConfiguration.isUseStartTLS());
        }
        SSLContext sSLContext = sslContext;
        AuthenticationContext withSsl = AuthenticationContext.empty().with(MatchRule.ALL, configureSaslMechanisms).withSsl(MatchRule.ALL, () -> {
            return sSLContext;
        });
        return clientBindAddress == null ? endpoint.connect(uri, builder.getMap(), withSsl) : endpoint.connect(uri, new InetSocketAddress(clientBindAddress, 0), builder.getMap(), withSsl);
    }

    private static AuthenticationConfiguration configureSaslMechanisms(Map<String, String> map, boolean z, AuthenticationConfiguration authenticationConfiguration) {
        String str;
        String[] strArr = null;
        if (map != null && (str = map.get(Options.SASL_DISALLOWED_MECHANISMS.getName())) != null) {
            String[] split = str.split(" ");
            if (z) {
                strArr = new String[split.length + 1];
                strArr[0] = "JBOSS-LOCAL-USER";
                System.arraycopy(split, 0, strArr, 1, split.length);
            } else {
                strArr = split;
            }
        } else if (!z) {
            strArr = new String[]{"JBOSS-LOCAL-USER"};
        }
        return (strArr == null || strArr.length <= 0) ? authenticationConfiguration : authenticationConfiguration.setSaslMechanismSelector(SaslMechanismSelector.DEFAULT.forbidMechanisms(strArr));
    }

    private static boolean isLocal(URI uri) {
        NetworkInterface byInetAddress;
        try {
            InetAddress byName = InetAddress.getByName(uri.getHost());
            if (byName.isLinkLocalAddress()) {
                Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
                byInetAddress = null;
                while (networkInterfaces.hasMoreElements() && byInetAddress == null) {
                    NetworkInterface nextElement = networkInterfaces.nextElement();
                    Enumeration<InetAddress> inetAddresses = nextElement.getInetAddresses();
                    while (inetAddresses.hasMoreElements() && byInetAddress == null) {
                        if (byName.equals(inetAddresses.nextElement())) {
                            byInetAddress = nextElement;
                        }
                    }
                }
            } else {
                byInetAddress = NetworkInterface.getByInetAddress(byName);
            }
            return byName.isLoopbackAddress() || byInetAddress != null;
        } catch (Exception e) {
            return false;
        }
    }
}
