package org.jivesoftware.openfire.session;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.dom4j.Document;
import org.dom4j.DocumentHelper;
import org.dom4j.Element;
import org.dom4j.Namespace;
import org.dom4j.QName;
import org.dom4j.io.XMPPPacketReader;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.muc.spi.IQMuclumbusSearchHandler;
import org.jivesoftware.openfire.net.SASLAuthentication;
import org.jivesoftware.openfire.nio.XMLLightweightParser;
import org.jivesoftware.openfire.server.ServerDialback;
import org.jivesoftware.openfire.server.ServerDialbackErrorException;
import org.jivesoftware.openfire.server.ServerDialbackKeyInvalidException;
import org.jivesoftware.openfire.session.ConnectionSettings;
import org.jivesoftware.openfire.session.ServerSession;
import org.jivesoftware.openfire.session.Session;
import org.jivesoftware.util.CertificateManager;
import org.jivesoftware.util.StreamErrorException;
import org.jivesoftware.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.JID;
import org.xmpp.packet.Packet;
import org.xmpp.packet.StreamError;

/* loaded from: input_file:org/jivesoftware/openfire/session/LocalIncomingServerSession.class */
public class LocalIncomingServerSession extends LocalServerSession implements IncomingServerSession {
    private static final Logger Log = LoggerFactory.getLogger(LocalIncomingServerSession.class);
    private Set<String> validatedDomains;
    private String localDomain;
    private String fromDomain;

    public static LocalIncomingServerSession createSession(String str, XmlPullParser xmlPullParser, Connection connection, boolean z, boolean z2) throws XmlPullParserException, IOException {
        String attributeValue = xmlPullParser.getAttributeValue("", "version");
        String attributeValue2 = xmlPullParser.getAttributeValue("", "from");
        String attributeValue3 = xmlPullParser.getAttributeValue("", "to");
        int[] decodeVersion = attributeValue != null ? Session.decodeVersion(attributeValue) : new int[]{0, 0};
        if (attributeValue3 == null) {
            attributeValue3 = str;
        }
        boolean z3 = false;
        try {
            z3 = !connection.getConfiguration().getIdentityStore().getAllCertificates().isEmpty();
        } catch (Exception e) {
            Log.error("Unable to find any content in the identity store. This connection won't be able to support TLS.", e);
        }
        if (!z3 && connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.required) {
            Log.error("Server session rejected. TLS is required but no certificates were created.");
            return null;
        }
        connection.setAdditionalNamespaces(XMPPPacketReader.getPrefixedNamespacesOnCurrentElement(xmlPullParser));
        try {
            StreamID nextStreamID = SessionManager.getInstance().nextStreamID();
            LocalIncomingServerSession createIncomingServerSession = SessionManager.getInstance().createIncomingServerSession(connection, nextStreamID, attributeValue2);
            Log.debug("Creating new session with stream ID '{}' for local '{}' to peer '{}'.", new Object[]{nextStreamID, attributeValue3, attributeValue2});
            if (z2) {
                createIncomingServerSession.setLocalDomain(str);
                return createIncomingServerSession;
            }
            Element createElement = DocumentHelper.createElement(QName.get("stream", "stream", "http://etherx.jabber.org/streams"));
            Document createDocument = DocumentHelper.createDocument(createElement);
            createDocument.setXMLEncoding(StandardCharsets.UTF_8.toString());
            createElement.add(Namespace.get("", "jabber:server"));
            if (ServerDialback.isEnabled() || ServerDialback.isEnabledForSelfSigned()) {
                createElement.add(Namespace.get("db", "jabber:server:dialback"));
            }
            createElement.addAttribute("from", attributeValue3);
            if (attributeValue2 != null) {
                createElement.addAttribute("to", attributeValue2);
            }
            createElement.addAttribute("id", nextStreamID.getID());
            if (decodeVersion[0] >= 1) {
                createElement.addAttribute("version", "1.0");
            }
            if (decodeVersion[0] >= 1) {
                Log.trace("Remote server is XMPP 1.0 compliant so offer TLS and SASL to establish the connection (and server dialback)");
                Element createElement2 = DocumentHelper.createElement(QName.get("features", "stream", "http://etherx.jabber.org/streams"));
                createElement.add(createElement2);
                if (!z && ((connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.required || connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.optional) && !connection.getConfiguration().getIdentityStore().getAllCertificates().isEmpty())) {
                    Element createElement3 = DocumentHelper.createElement(QName.get("starttls", "urn:ietf:params:xml:ns:xmpp-tls"));
                    if (connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.required) {
                        createElement3.addElement("required");
                    } else if (!ServerDialback.isEnabled()) {
                        Log.debug("Server dialback is disabled so TLS is required");
                        createElement3.addElement("required");
                    }
                    createElement2.add(createElement3);
                }
                Element sASLMechanisms = SASLAuthentication.getSASLMechanisms(createIncomingServerSession);
                if (sASLMechanisms != null) {
                    createElement2.add(sASLMechanisms);
                }
                if (ServerDialback.isEnabled()) {
                    Element createElement4 = DocumentHelper.createElement(QName.get("dialback", "urn:xmpp:features:dialback"));
                    createElement4.addElement("errors");
                    createElement2.add(createElement4);
                }
                if (!ConnectionSettings.Server.STREAM_LIMITS_ADVERTISEMENT_DISABLED.getValue().booleanValue()) {
                    Element createElement5 = DocumentHelper.createElement(QName.get("limits", "urn:xmpp:stream-limits:0"));
                    createElement5.addElement("max-bytes").addText(String.valueOf(XMLLightweightParser.XMPP_PARSER_BUFFER_SIZE.getValue()));
                    Duration value = ConnectionSettings.Server.IDLE_TIMEOUT_PROPERTY.getValue();
                    if (!value.isNegative() && !value.isZero()) {
                        createElement5.addElement("idle-seconds").addText(String.valueOf(value.toSeconds()));
                    }
                    createElement2.add(createElement5);
                }
            } else {
                Log.debug("Don't offer stream-features to pre-1.0 servers, as it confuses them. Sending features to Openfire < 3.7.1 confuses it too - OF-443)");
            }
            String asUnclosedStream = StringUtils.asUnclosedStream(createDocument);
            Log.trace("Outbound stream & feature advertisement: {}", asUnclosedStream);
            connection.deliverRawText(asUnclosedStream);
            Log.trace("Set the domain or subdomain of the local server targeted by the remote server: {}", str);
            createIncomingServerSession.setLocalDomain(str);
            return createIncomingServerSession;
        } catch (Exception e2) {
            Log.error("Error establishing connection from remote server: {}", connection, e2);
            connection.close(new StreamError(StreamError.Condition.internal_server_error));
            return null;
        }
    }

    public LocalIncomingServerSession(String str, Connection connection, StreamID streamID, String str2) {
        super(str, connection, streamID);
        this.validatedDomains = new HashSet();
        this.localDomain = null;
        this.fromDomain = null;
        this.fromDomain = str2;
    }

    public String getDefaultIdentity() {
        return this.fromDomain;
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    boolean canDeliver(@Nonnull Packet packet) {
        return true;
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    void deliver(Packet packet) throws UnauthorizedException {
    }

    public boolean validateSubsequentDomain(Element element) {
        try {
            new ServerDialback(getConnection(), new DomainPair(getServerName(), this.fromDomain)).validateRemoteDomain(element, getStreamID());
            String attributeValue = element.attributeValue("to");
            String attributeValue2 = element.attributeValue("from");
            setAuthenticationMethod(ServerSession.AuthenticationMethod.DIALBACK);
            addValidatedDomain(attributeValue2);
            Namespace namespace = Namespace.get("db", "jabber:server:dialback");
            Element addElement = DocumentHelper.createDocument().addElement("root");
            addElement.add(namespace);
            Element addElement2 = addElement.addElement(QName.get(IQMuclumbusSearchHandler.RESPONSE_ELEMENT_NAME, namespace));
            addElement2.addAttribute("from", attributeValue);
            addElement2.addAttribute("to", attributeValue2);
            addElement2.addAttribute("type", "valid");
            getConnection().deliverRawText(addElement2.asXML().replaceAll(namespace.asXML(), "").replace("  ", " "));
            return true;
        } catch (ServerDialbackErrorException e) {
            Log.debug("Unable to validate domain '{}': (full stack trace is logged on debug level): {}", this.fromDomain, e.getError().getText());
            Log.debug("Unable to validate domain '{}'", this.fromDomain, e);
            getConnection().deliverRawText(e.toXML().asXML().replaceAll(Namespace.get("db", "jabber:server:dialback").asXML(), "").replace("  ", " "));
            return false;
        } catch (ServerDialbackKeyInvalidException e2) {
            Log.debug("Dialback key is invalid. Sending verification result to remote domain.");
            getConnection().deliverRawText(e2.toXML().asXML().replaceAll(Namespace.get("db", "jabber:server:dialback").asXML(), "").replace("  ", " "));
            Log.debug("Close the underlying connection as key verification failed.");
            getConnection().close();
            return false;
        } catch (StreamErrorException e3) {
            Log.info("Unable to validate domain '{}' (full stack trace is logged on debug level): {}", this.fromDomain, e3.getStreamError().getText());
            Log.debug("Unable to validate domain '{}'", this.fromDomain, e3);
            getConnection().deliverRawText(e3.getStreamError().toXML());
            getConnection().close();
            return false;
        }
    }

    public boolean isValidDomain(String str) {
        Iterator<String> it = getValidatedDomains().iterator();
        while (it.hasNext()) {
            if (str.equals(it.next())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jivesoftware.openfire.session.IncomingServerSession
    public Collection<String> getValidatedDomains() {
        return Collections.unmodifiableCollection(this.validatedDomains);
    }

    public void addValidatedDomain(String str) {
        if (this.validatedDomains.add(str)) {
            if (this.validatedDomains.size() < 2) {
                setAddress(new JID((String) null, str, (String) null));
            }
            setStatus(Session.Status.AUTHENTICATED);
            SessionManager.getInstance().registerIncomingServerSession(str, this);
        }
    }

    public void removeValidatedDomain(String str) {
        this.validatedDomains.remove(str);
        SessionManager.getInstance().unregisterIncomingServerSession(str, this);
    }

    @Override // org.jivesoftware.openfire.session.IncomingServerSession
    public String getLocalDomain() {
        return this.localDomain;
    }

    public void setLocalDomain(String str) {
        this.localDomain = str;
    }

    public void verifyReceivedKey(Element element) {
        ServerDialback.verifyReceivedKey(element, getConnection());
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    public List<Element> getAvailableStreamFeatures() {
        LinkedList linkedList = new LinkedList();
        if (this.conn.getConfiguration().getCompressionPolicy() != Connection.CompressionPolicy.disabled && !this.conn.isCompressed()) {
            Element createElement = DocumentHelper.createElement(QName.get("compression", "http://jabber.org/features/compress"));
            createElement.addElement("method").addText("zlib");
            linkedList.add(createElement);
        }
        Certificate[] localCertificates = this.conn.getLocalCertificates();
        if (((localCertificates == null || localCertificates.length == 0) ? true : CertificateManager.isSelfSignedCertificate((X509Certificate) localCertificates[0])) && ServerDialback.isEnabledForSelfSigned() && this.validatedDomains.isEmpty()) {
            Element createElement2 = DocumentHelper.createElement(QName.get("dialback", "urn:xmpp:features:dialback"));
            createElement2.addElement("errors");
            linkedList.add(createElement2);
        }
        if (!ConnectionSettings.Server.STREAM_LIMITS_ADVERTISEMENT_DISABLED.getValue().booleanValue()) {
            Element createElement3 = DocumentHelper.createElement(QName.get("limits", "urn:xmpp:stream-limits:0"));
            createElement3.addElement("max-bytes").addText(String.valueOf(XMLLightweightParser.XMPP_PARSER_BUFFER_SIZE.getValue()));
            Duration value = ConnectionSettings.Server.IDLE_TIMEOUT_PROPERTY.getValue();
            if (!value.isNegative() && !value.isZero()) {
                createElement3.addElement("idle-seconds").addText(String.valueOf(value.toSeconds()));
            }
            linkedList.add(createElement3);
        }
        return linkedList;
    }

    @Override // org.jivesoftware.openfire.session.LocalServerSession, org.jivesoftware.openfire.session.LocalSession
    public String toString() {
        return getClass().getSimpleName() + "{address=" + String.valueOf(this.address) + ", streamID=" + String.valueOf(this.streamID) + ", status=" + String.valueOf(this.status) + ", isEncrypted=" + isEncrypted() + ", isDetached=" + isDetached() + ", authenticationMethod=" + String.valueOf(this.authenticationMethod) + ", localDomain=" + this.localDomain + ", defaultIdentity=" + this.fromDomain + ", validatedDomains=" + ((String) this.validatedDomains.stream().collect(Collectors.joining(", ", "{", "}"))) + "}";
    }
}
