package org.apache.qpid.server.protocol.v0_10;

import java.nio.charset.StandardCharsets;
import java.security.AccessControlException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.model.port.AmqpPort;
import org.apache.qpid.server.plugin.ConnectionPropertyEnricher;
import org.apache.qpid.server.protocol.v0_10.ServerConnection;
import org.apache.qpid.server.protocol.v0_10.ServerSession;
import org.apache.qpid.server.protocol.v0_10.transport.Binary;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionClose;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionCloseCode;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionCloseOk;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionException;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionHeartbeat;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionOpen;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionOpenOk;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionRedirect;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionSecureOk;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionStartOk;
import org.apache.qpid.server.protocol.v0_10.transport.ConnectionTuneOk;
import org.apache.qpid.server.protocol.v0_10.transport.Method;
import org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate;
import org.apache.qpid.server.protocol.v0_10.transport.Option;
import org.apache.qpid.server.protocol.v0_10.transport.ProtocolDelegate;
import org.apache.qpid.server.protocol.v0_10.transport.ProtocolError;
import org.apache.qpid.server.protocol.v0_10.transport.ProtocolHeader;
import org.apache.qpid.server.protocol.v0_10.transport.SessionAttach;
import org.apache.qpid.server.protocol.v0_10.transport.SessionDetach;
import org.apache.qpid.server.protocol.v0_10.transport.SessionDetachCode;
import org.apache.qpid.server.protocol.v0_10.transport.SessionDetached;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.limit.ConnectionLimitException;
import org.apache.qpid.server.transport.AMQPConnection;
import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
import org.apache.qpid.server.virtualhost.VirtualHostUnavailableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate.class */
public class ServerConnectionDelegate extends MethodDelegate<ServerConnection> implements ProtocolDelegate<ServerConnection> {
    private static final Logger LOGGER = LoggerFactory.getLogger(ServerConnectionDelegate.class);
    static final String MESSAGE_DIGEST_SHA1 = "SHA-1";
    static final int BASE64_LIMIT = 64;
    private final AmqpPort<?> _port;
    private final List<Object> _mechanisms;
    private final Broker<?> _broker;
    private final int _maxNoOfChannels;
    private final SubjectCreator _subjectCreator;
    private final int _maximumFrameSize;
    private List<Object> _locales;
    private Map<String, Object> _clientProperties;
    private boolean _compressionSupported;
    private volatile SaslNegotiator _saslNegotiator;
    private volatile ConnectionState _state = ConnectionState.INIT;
    private volatile SubjectAuthenticationResult _successfulAuthenticationResult;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/qpid/server/protocol/v0_10/ServerConnectionDelegate$ConnectionState.class */
    public enum ConnectionState {
        INIT,
        AWAIT_START_OK,
        AWAIT_SECURE_OK,
        AWAIT_TUNE_OK,
        AWAIT_OPEN,
        OPEN
    }

    public ServerConnectionDelegate(AmqpPort<?> amqpPort, boolean z, String str) {
        this._port = amqpPort;
        this._broker = amqpPort.getParent();
        this._mechanisms = new ArrayList(amqpPort.getAuthenticationProvider().getAvailableMechanisms(z));
        this._maxNoOfChannels = amqpPort.getSessionCountLimit();
        this._subjectCreator = amqpPort.getSubjectCreator(z, str);
        this._maximumFrameSize = Math.min(65535, this._broker.getNetworkBufferSize());
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.ProtocolDelegate
    public void control(ServerConnection serverConnection, Method method) {
        method.dispatch(serverConnection, this);
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.ProtocolDelegate
    public void command(ServerConnection serverConnection, Method method) {
        method.dispatch(serverConnection, this);
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.ProtocolDelegate
    public void error(ServerConnection serverConnection, ProtocolError protocolError) {
        serverConnection.exception(new ConnectionException(protocolError.getMessage()));
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void handle(ServerConnection serverConnection, Method method) {
        serverConnection.dispatch(method);
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void connectionHeartbeat(ServerConnection serverConnection, ConnectionHeartbeat connectionHeartbeat) {
    }

    protected void sendConnectionCloseOkAndCloseSender(ServerConnection serverConnection) {
        serverConnection.connectionCloseOk(new Option[0]);
        serverConnection.getSender().close();
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void connectionCloseOk(ServerConnection serverConnection, ConnectionCloseOk connectionCloseOk) {
        serverConnection.getSender().close();
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void sessionDetached(ServerConnection serverConnection, SessionDetached sessionDetached) {
        ServerSession session = serverConnection.getSession(sessionDetached.getChannel());
        if (session != null) {
            session.setDetachCode(sessionDetached.getCode());
            serverConnection.unmap(session);
            session.closed();
        }
    }

    public final ConnectionState getState() {
        return this._state;
    }

    private void assertState(ServerConnection serverConnection, ConnectionState connectionState) {
        if (this._state != connectionState) {
            String str = "Command Invalid, expected " + connectionState + " but was " + this._state;
            serverConnection.sendConnectionClose(ConnectionCloseCode.FRAMING_ERROR, str, new Option[0]);
            serverConnection.closeAndIgnoreFutureInput();
            throw new ConnectionScopedRuntimeException(str);
        }
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.ProtocolDelegate
    public void init(ServerConnection serverConnection, ProtocolHeader protocolHeader) {
        assertState(serverConnection, ConnectionState.INIT);
        serverConnection.send(new ProtocolHeader(1, 0, 10));
        Map<String, Object> emptyMap = Collections.emptyMap();
        Iterator it = this._port.getConnectionPropertyEnrichers().iterator();
        while (it.hasNext()) {
            emptyMap = ((ConnectionPropertyEnricher) it.next()).addConnectionProperties(serverConnection.getAmqpConnection(), emptyMap);
        }
        serverConnection.sendConnectionStart(emptyMap, this._mechanisms, Collections.singletonList("en_US"), new Option[0]);
        this._state = ConnectionState.AWAIT_START_OK;
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void connectionSecureOk(ServerConnection serverConnection, ConnectionSecureOk connectionSecureOk) {
        assertState(serverConnection, ConnectionState.AWAIT_SECURE_OK);
        secure(serverConnection, connectionSecureOk.getResponse());
    }

    protected void secure(ServerConnection serverConnection, byte[] bArr) {
        SubjectAuthenticationResult subjectAuthenticationResult = this._successfulAuthenticationResult;
        byte[] bArr2 = null;
        if (subjectAuthenticationResult == null) {
            subjectAuthenticationResult = this._subjectCreator.authenticate(this._saslNegotiator, bArr);
            bArr2 = subjectAuthenticationResult.getChallenge();
        }
        if (!AuthenticationResult.AuthenticationStatus.SUCCESS.equals(subjectAuthenticationResult.getStatus())) {
            if (!AuthenticationResult.AuthenticationStatus.CONTINUE.equals(subjectAuthenticationResult.getStatus())) {
                connectionAuthFailed(serverConnection, subjectAuthenticationResult.getCause());
                return;
            } else {
                serverConnection.sendConnectionSecure(subjectAuthenticationResult.getChallenge(), new Option[0]);
                this._state = ConnectionState.AWAIT_SECURE_OK;
                return;
            }
        }
        this._successfulAuthenticationResult = subjectAuthenticationResult;
        if (bArr2 != null && bArr2.length != 0) {
            serverConnection.sendConnectionSecure(subjectAuthenticationResult.getChallenge(), new Option[0]);
            this._state = ConnectionState.AWAIT_SECURE_OK;
        } else {
            serverConnection.sendConnectionTune(getChannelMax(), getFrameMax(), 0, getHeartbeatMax(), new Option[0]);
            serverConnection.setAuthorizedSubject(subjectAuthenticationResult.getSubject());
            this._state = ConnectionState.AWAIT_TUNE_OK;
            disposeSaslNegotiator();
        }
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void connectionClose(ServerConnection serverConnection, ConnectionClose connectionClose) {
        serverConnection.closeCode(connectionClose);
        serverConnection.setState(ServerConnection.State.CLOSE_RCVD);
        sendConnectionCloseOkAndCloseSender(serverConnection);
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void connectionOpen(ServerConnection serverConnection, ConnectionOpen connectionOpen) {
        assertState(serverConnection, ConnectionState.AWAIT_OPEN);
        String virtualHost = connectionOpen.hasVirtualHost() ? connectionOpen.getVirtualHost() : "";
        AmqpPort<?> port = serverConnection.getPort();
        NamedAddressSpace addressSpace = port.getAddressSpace(virtualHost);
        if (addressSpace == null) {
            serverConnection.setState(ServerConnection.State.CLOSING);
            serverConnection.sendConnectionClose(ConnectionCloseCode.INVALID_PATH, "Unknown virtualhost '" + virtualHost + "'", new Option[0]);
            return;
        }
        if (!addressSpace.isActive()) {
            serverConnection.setState(ServerConnection.State.CLOSING);
            String redirectHost = addressSpace.getRedirectHost(port);
            if (redirectHost == null) {
                serverConnection.sendConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, "Virtual host '" + virtualHost + "' is not active", new Option[0]);
                return;
            } else {
                serverConnection.invoke(new ConnectionRedirect(redirectHost, new ArrayList(), new Option[0]));
                return;
            }
        }
        try {
            AMQPConnection_0_10 amqpConnection = serverConnection.getAmqpConnection();
            serverConnection.setVirtualHost(addressSpace);
            if (!addressSpace.authoriseCreateConnection(amqpConnection)) {
                serverConnection.setState(ServerConnection.State.CLOSING);
                serverConnection.sendConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, "Connection not authorized", new Option[0]);
                return;
            }
        } catch (ConnectionLimitException e) {
            LOGGER.debug("User connection limit exceeded", e);
            serverConnection.setState(ServerConnection.State.CLOSING);
            serverConnection.sendConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, e.getMessage(), new Option[0]);
        } catch (AccessControlException | VirtualHostUnavailableException e2) {
            serverConnection.setState(ServerConnection.State.CLOSING);
            serverConnection.sendConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, e2.getMessage(), new Option[0]);
            return;
        }
        serverConnection.setState(ServerConnection.State.OPEN);
        this._state = ConnectionState.OPEN;
        serverConnection.invoke(new ConnectionOpenOk(Collections.emptyList(), new Option[0]));
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void connectionTuneOk(ServerConnection serverConnection, ConnectionTuneOk connectionTuneOk) {
        assertState(serverConnection, ConnectionState.AWAIT_TUNE_OK);
        int channelMax = connectionTuneOk.getChannelMax();
        int maxFrameSize = connectionTuneOk.getMaxFrameSize();
        if (channelMax > getChannelMax()) {
            Logger logger = LOGGER;
            long connectionId = serverConnection.getConnectionId();
            getChannelMax();
            logger.error("Connection '" + connectionId + "' being severed, client connectionTuneOk returned a channelMax (" + logger + ") above the server's offered limit (" + channelMax + ")");
            serverConnection.closeAndIgnoreFutureInput();
            return;
        }
        if (maxFrameSize > getFrameMax()) {
            Logger logger2 = LOGGER;
            long connectionId2 = serverConnection.getConnectionId();
            getFrameMax();
            logger2.error("Connection '" + connectionId2 + "' being severed, client connectionTuneOk returned a frameMax (" + logger2 + ") above the server's offered limit (" + maxFrameSize + ")");
            serverConnection.closeAndIgnoreFutureInput();
            return;
        }
        if (maxFrameSize > 0 && maxFrameSize < 4096) {
            Logger logger3 = LOGGER;
            logger3.error("Connection '" + serverConnection.getConnectionId() + "' being severed, client connectionTuneOk returned a frameMax (" + logger3 + ") below the minimum permitted size (4096)");
            serverConnection.closeAndIgnoreFutureInput();
            return;
        }
        if (maxFrameSize == 0) {
            maxFrameSize = getFrameMax();
        }
        if (connectionTuneOk.hasHeartbeat() && connectionTuneOk.getHeartbeat() > 0) {
            int heartbeat = connectionTuneOk.getHeartbeat();
            serverConnection.setHeartBeatDelay(heartbeat);
            serverConnection.getAmqpConnection().initialiseHeartbeating(1000 * heartbeat, 2000 * heartbeat);
        }
        serverConnection.setChannelMax(channelMax == 0 ? getChannelMax() : channelMax);
        serverConnection.setMaxFrameSize(maxFrameSize);
        this._state = ConnectionState.AWAIT_OPEN;
    }

    private int getChannelMax() {
        return this._maxNoOfChannels;
    }

    private int getFrameMax() {
        return this._maximumFrameSize;
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void sessionDetach(ServerConnection serverConnection, SessionDetach sessionDetach) {
        int channel = sessionDetach.getChannel();
        ServerSession session = serverConnection.getSession(channel);
        if (session != null) {
            stopAllSubscriptions(session);
            session.setClose(true);
            session.sessionDetached(sessionDetach.getName(), session.getDetachCode() == null ? SessionDetachCode.NORMAL : session.getDetachCode(), new Option[0]);
            serverConnection.unmap(session);
            session.closed();
            return;
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("SessionDetach received on unattached channel : {}", Integer.valueOf(channel));
        }
        SessionDetached sessionDetached = new SessionDetached(sessionDetach.getName(), SessionDetachCode.NOT_ATTACHED, new Option[0]);
        sessionDetached.setChannel(channel);
        serverConnection.invoke(sessionDetached);
    }

    private void stopAllSubscriptions(ServerSession serverSession) {
        Iterator<ConsumerTarget_0_10> it = serverSession.getSubscriptions().iterator();
        while (it.hasNext()) {
            it.next().stop();
        }
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void sessionAttach(ServerConnection serverConnection, SessionAttach sessionAttach) {
        assertState(serverConnection, ConnectionState.OPEN);
        if (!isSessionNameUnique(sessionAttach.getName(), serverConnection)) {
            SessionDetached sessionDetached = new SessionDetached(sessionAttach.getName(), SessionDetachCode.SESSION_BUSY, new Option[0]);
            sessionDetached.setChannel(sessionAttach.getChannel());
            serverConnection.invoke(sessionDetached);
            return;
        }
        ServerSession serverSession = new ServerSession(serverConnection, new ServerSessionDelegate(), new Binary(sessionAttach.getName()), 0L);
        Session_0_10 session_0_10 = new Session_0_10(serverConnection.getAmqpConnection(), sessionAttach.getChannel(), serverSession, getPeerSessionName(sessionAttach.getName()));
        session_0_10.create();
        serverSession.setModelObject(session_0_10);
        serverConnection.map(serverSession, sessionAttach.getChannel());
        serverConnection.registerSession(serverSession);
        serverSession.sendSessionAttached(sessionAttach.getName(), new Option[0]);
        serverSession.setState(ServerSession.State.OPEN);
    }

    private String getPeerSessionName(byte[] bArr) {
        try {
            return UUID.fromString(new String(bArr, StandardCharsets.UTF_8)).toString();
        } catch (RuntimeException e) {
            return createBase64OrSha1(bArr);
        }
    }

    private String createBase64OrSha1(byte[] bArr) {
        return bArr.length <= BASE64_LIMIT ? Base64.getEncoder().encodeToString(bArr) : createSha1(bArr);
    }

    private String createSha1(byte[] bArr) {
        try {
            return Base64.getEncoder().encodeToString(MessageDigest.getInstance(MESSAGE_DIGEST_SHA1).digest(bArr));
        } catch (NoSuchAlgorithmException e) {
            return Base64.getEncoder().encodeToString(bArr);
        }
    }

    void setState(ConnectionState connectionState) {
        this._state = connectionState;
    }

    private boolean isSessionNameUnique(byte[] bArr, ServerConnection serverConnection) {
        Principal authorizedPrincipal = serverConnection.getAuthorizedPrincipal();
        String name = authorizedPrincipal == null ? "" : authorizedPrincipal.getName();
        for (AMQPConnection aMQPConnection : serverConnection.getAddressSpace().getConnections()) {
            if (name.equals(aMQPConnection.getAuthorizedPrincipal() == null ? "" : aMQPConnection.getAuthorizedPrincipal().getName()) && aMQPConnection.hasSessionWithName(bArr)) {
                return false;
            }
        }
        return true;
    }

    @Override // org.apache.qpid.server.protocol.v0_10.transport.MethodDelegate
    public void connectionStartOk(ServerConnection serverConnection, ConnectionStartOk connectionStartOk) {
        assertState(serverConnection, ConnectionState.AWAIT_START_OK);
        this._clientProperties = connectionStartOk.getClientProperties();
        if (this._clientProperties != null) {
            Object obj = this._clientProperties.get("qpid.message_compression_supported");
            if (obj != null) {
                this._compressionSupported = Boolean.parseBoolean(String.valueOf(obj));
            }
            AMQPConnection_0_10 amqpConnection = serverConnection.getAmqpConnection();
            amqpConnection.setClientId(getStringClientProperty("clientName"));
            amqpConnection.setClientProduct(getStringClientProperty("product"));
            amqpConnection.setClientVersion(getStringClientProperty("qpid.client_version"));
            amqpConnection.setRemoteProcessPid(getStringClientProperty("qpid.client_pid"));
        }
        serverConnection.setLocale(connectionStartOk.getLocale());
        String mechanism = connectionStartOk.getMechanism();
        if (mechanism == null || mechanism.length() == 0) {
            serverConnection.sendConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, "No Sasl mechanism was specified", new Option[0]);
            return;
        }
        this._saslNegotiator = this._subjectCreator.createSaslNegotiator(mechanism, serverConnection.getAmqpConnection());
        if (this._saslNegotiator == null) {
            serverConnection.sendConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, "No SaslServer could be created for mechanism: " + mechanism, new Option[0]);
        } else {
            secure(serverConnection, connectionStartOk.getResponse());
        }
    }

    private String getStringClientProperty(String str) {
        if (this._clientProperties == null || this._clientProperties.get(str) == null) {
            return null;
        }
        return String.valueOf(this._clientProperties.get(str));
    }

    protected int getHeartbeatMax() {
        int heartbeatDelay = this._port.getHeartbeatDelay();
        if (heartbeatDelay == 0) {
            return 65535;
        }
        return heartbeatDelay;
    }

    public boolean isCompressionSupported() {
        return this._compressionSupported && this._broker.isMessageCompressionEnabled();
    }

    private void connectionAuthFailed(ServerConnection serverConnection, Exception exc) {
        if (exc != null) {
            serverConnection.exception(exc);
        }
        serverConnection.sendConnectionClose(ConnectionCloseCode.CONNECTION_FORCED, exc == null ? "Authentication failed" : exc.getMessage(), new Option[0]);
        disposeSaslNegotiator();
    }

    private void disposeSaslNegotiator() {
        this._saslNegotiator.dispose();
        this._saslNegotiator = null;
    }
}
