package org.jivesoftware.openfire.net;

import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.DocumentHelper;
import org.dom4j.Element;
import org.dom4j.Namespace;
import org.dom4j.QName;
import org.dom4j.io.XMPPPacketReader;
import org.jivesoftware.admin.FlashMessageTag;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.PacketRouter;
import org.jivesoftware.openfire.muc.spi.IQMuclumbusSearchHandler;
import org.jivesoftware.openfire.server.ServerDialback;
import org.jivesoftware.openfire.session.DomainPair;
import org.jivesoftware.openfire.session.LocalOutgoingServerSession;
import org.jivesoftware.openfire.session.LocalSession;
import org.jivesoftware.openfire.session.ServerSession;
import org.jivesoftware.openfire.spi.BasicStreamIDFactory;
import org.jivesoftware.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.JID;
import org.xmpp.packet.StreamError;

/* loaded from: input_file:org/jivesoftware/openfire/net/RespondingServerStanzaHandler.class */
public class RespondingServerStanzaHandler extends StanzaHandler {
    private static final Logger LOG = LoggerFactory.getLogger(RespondingServerStanzaHandler.class);
    private final DomainPair domainPair;
    private final CompletableFuture<Void> isSessionAuthenticated;
    private final CompletableFuture<Void> attemptedAllAuthenticationMethods;

    public RespondingServerStanzaHandler(PacketRouter packetRouter, Connection connection, DomainPair domainPair) {
        super(packetRouter, connection);
        this.isSessionAuthenticated = new CompletableFuture<>();
        this.attemptedAllAuthenticationMethods = new CompletableFuture<>();
        this.domainPair = domainPair;
    }

    private static boolean remoteFeaturesContainsStartTLS(Element element) {
        return element.element("starttls") != null;
    }

    private static boolean remoteFeaturesRequiresStartTLS(Element element) {
        return remoteFeaturesContainsStartTLS(element) && element.element("starttls").element("required") != null;
    }

    private static boolean isSaslExternalOfferred(Element element) {
        boolean z = false;
        if (element.element("mechanisms") != null) {
            Iterator elementIterator = element.element("mechanisms").elementIterator();
            while (true) {
                if (!elementIterator.hasNext()) {
                    break;
                }
                if ("EXTERNAL".equals(((Element) elementIterator.next()).getTextTrim())) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    private static boolean isDialbackOffered(Element element) {
        return element.element("dialback") != null;
    }

    private void transferConnectionToNewSession(String str, ServerSession.AuthenticationMethod authenticationMethod) {
        this.session = createLocalOutgoingServerSession(str, this.connection);
        this.connection.reinit(this.session);
        if (!this.isSessionAuthenticated.isDone()) {
            LOG.debug("Session not authenticated yet, unable to setAuthenticationMethod().");
        } else {
            ((LocalOutgoingServerSession) this.session).addOutgoingDomainPair(this.domainPair);
            ((LocalOutgoingServerSession) this.session).setAuthenticationMethod(authenticationMethod);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v48, types: [org.jivesoftware.openfire.net.MXParser, org.xmlpull.v1.XmlPullParser] */
    @Override // org.jivesoftware.openfire.net.StanzaHandler
    protected void initiateSession(String str, XMPPPacketReader xMPPPacketReader) throws Exception {
        boolean isStartOfStream = isStartOfStream(str);
        if (isStartOfStream) {
            try {
                Element rootElement = DocumentHelper.parseText(str + "</stream:stream>").getRootElement();
                this.connection.setAdditionalNamespaces((Set) rootElement.declaredNamespaces().stream().filter(RespondingServerStanzaHandler::isRelevantNamespace).collect(Collectors.toSet()));
                String attributeValue = rootElement.attributeValue("id");
                if (attributeValue == null || attributeValue.isBlank()) {
                    LOG.info("Closing connection {}. As the initiating party in a server-to-server connection, we require the receiving party to supply a stream ID value. The peer that sent this stream element did not: {}", this.connection, str);
                    this.connection.close(new StreamError(StreamError.Condition.invalid_xml, "Expected a stream ID value, but none was received."));
                    return;
                } else if (this.sessionCreated && isNewStreamId(attributeValue)) {
                    LocalOutgoingServerSession localOutgoingServerSession = this.session instanceof LocalOutgoingServerSession ? (LocalOutgoingServerSession) this.session : null;
                    transferConnectionToNewSession(attributeValue, localOutgoingServerSession != null ? localOutgoingServerSession.getAuthenticationMethod() : null);
                }
            } catch (DocumentException e) {
                LOG.error("Failed extract additional namespaces", e);
            }
        }
        if (isStartOfStream && !this.sessionCreated) {
            this.sessionCreated = true;
            ?? xPPParser = xMPPPacketReader.getXPPParser();
            xPPParser.setInput(new StringReader(str));
            createSession(xPPParser);
        }
    }

    private boolean isNewStreamId(String str) {
        return !str.equals(this.session.getStreamID().getID());
    }

    private static boolean isRelevantNamespace(Namespace namespace) {
        return !XMPPPacketReader.IGNORED_NAMESPACE_ON_STANZA.contains(namespace.getURI());
    }

    @Override // org.jivesoftware.openfire.net.StanzaHandler
    boolean processUnknowPacket(Element element) {
        String name = element.getName();
        if ("features".equals(name)) {
            if (this.session.isAuthenticated()) {
                return true;
            }
            if (shouldUseTls() && remoteFeaturesContainsStartTLS(element)) {
                LOG.debug("Both us and the remote server support the STARTTLS feature. Encrypt and authenticate the connection with TLS & SASL...");
                LOG.debug("Indicating we want TLS and wait for response.");
                this.connection.deliverRawText("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
                this.startedTLS = true;
                return true;
            }
            if (mustUseTls() && !this.connection.isEncrypted()) {
                LOG.debug("I MUST use TLS but I have no StartTLS in features.");
                abandonSessionInitiation();
                return false;
            }
            if (cannotUseTls() && remoteFeaturesRequiresStartTLS(element)) {
                LOG.debug("I CANNOT use TLS but remote server requires the STARTTLS feature.");
                abandonSessionInitiation();
                return false;
            }
            LOG.debug("Check if both us as well as the remote server have enabled STARTTLS and/or dialback ...");
            boolean isSaslExternalOfferred = isSaslExternalOfferred(element);
            boolean isDialbackOffered = isDialbackOffered(element);
            LOG.debug("Remote server is offering dialback: {}, EXTERNAL SASL: {}", Boolean.valueOf(isDialbackOffered), Boolean.valueOf(isSaslExternalOfferred));
            if (isSaslExternalOfferred) {
                LOG.debug("Trying to authenticate with EXTERNAL SASL.");
                LOG.debug("Starting EXTERNAL SASL for: " + String.valueOf(this.domainPair));
                Element createElement = DocumentHelper.createElement(QName.get("auth", "urn:ietf:params:xml:ns:xmpp-sasl"));
                createElement.addAttribute("mechanism", "EXTERNAL");
                if (SASLAuthentication.EXTERNAL_S2S_SKIP_SENDING_AUTHZID.getValue().booleanValue()) {
                    createElement.addText("=");
                } else {
                    createElement.addText(Base64.getEncoder().encodeToString(this.domainPair.getLocal().getBytes(StandardCharsets.UTF_8)));
                }
                this.connection.deliverRawText(createElement.asXML());
                this.startedSASL = true;
                return true;
            }
            if (!isDialbackOffered || (!ServerDialback.isEnabled() && !ServerDialback.isEnabledForSelfSigned())) {
                LOG.debug("No authentication mechanism available.");
                abandonSessionInitiation();
                return false;
            }
            LOG.debug("Trying to authenticate using dialback.");
            LOG.debug("[Acting as Originating Server: Authenticate domain: " + this.domainPair.getLocal() + " with a RS in the domain of: " + this.domainPair.getRemote() + " (id: " + String.valueOf(this.session.getStreamID()) + ")]");
            new ServerDialback(this.connection, this.domainPair).createAndSendDialbackKey(this.session.getStreamID().getID());
            return true;
        }
        if ("db".equals(element.getNamespacePrefix()) && IQMuclumbusSearchHandler.RESPONSE_ELEMENT_NAME.equals(name)) {
            if (!"valid".equals(element.attributeValue("type"))) {
                LOG.debug("Dialback failed");
                LOG.debug("Failed to authenticate domain: the validation response was received, but did not grant authentication.");
                return false;
            }
            LOG.debug("Authentication succeeded!");
            LOG.debug("Dialback was successful.");
            this.connection.init(this.session);
            this.session.setAddress(new JID((String) null, this.domainPair.getRemote(), (String) null));
            if (this.session instanceof LocalOutgoingServerSession) {
                ((LocalOutgoingServerSession) this.session).setAuthenticationMethod(ServerSession.AuthenticationMethod.DIALBACK);
            }
            this.isSessionAuthenticated.complete(null);
            return true;
        }
        if ("failure".equals(name)) {
            LOG.debug("EXTERNAL SASL failed.");
            if (!ServerDialback.isEnabled() && !ServerDialback.isEnabledForSelfSigned()) {
                return false;
            }
            LOG.debug("Trying to authenticate using dialback.");
            LOG.debug("[Acting as Originating Server: Authenticate domain: " + this.domainPair.getLocal() + " with a RS in the domain of: " + this.domainPair.getRemote() + " (id: " + String.valueOf(this.session.getStreamID()) + ")]");
            new ServerDialback(this.connection, this.domainPair).createAndSendDialbackKey(this.session.getStreamID().getID());
            return true;
        }
        if (!FlashMessageTag.SUCCESS_MESSAGE_KEY.equals(name)) {
            if (!name.equals("proceed")) {
                return false;
            }
            LOG.debug("Received 'proceed' from remote server. Negotiating TLS...");
            try {
                LOG.debug("Encrypting and authenticating connection ...");
                this.connection.startTLS(true, false);
                return true;
            } catch (Exception e) {
                LOG.debug("TLS negotiation failed to start: " + e.getMessage());
                return false;
            }
        }
        LOG.debug("EXTERNAL SASL was successful.");
        Element createElement2 = DocumentHelper.createElement(QName.get("stream", "stream", "http://etherx.jabber.org/streams"));
        Document createDocument = DocumentHelper.createDocument(createElement2);
        createDocument.setXMLEncoding(StandardCharsets.UTF_8.toString());
        createElement2.add(Namespace.get("jabber:server"));
        createElement2.addAttribute("from", this.domainPair.getLocal());
        createElement2.addAttribute("to", this.domainPair.getRemote());
        createElement2.addAttribute("version", "1.0");
        this.connection.deliverRawText(StringUtils.asUnclosedStream(createDocument));
        this.connection.init(this.session);
        this.session.setAddress(new JID((String) null, this.domainPair.getRemote(), (String) null));
        if (!(this.session instanceof LocalOutgoingServerSession)) {
            LOG.warn("Expected session to be a LocalOutgoingServerSession but it isn't, unable to setAuthenticationMethod(). Session: {}", this.session);
            return false;
        }
        ((LocalOutgoingServerSession) this.session).setAuthenticationMethod(ServerSession.AuthenticationMethod.SASL_EXTERNAL);
        this.isSessionAuthenticated.complete(null);
        return true;
    }

    private void abandonSessionInitiation() {
        setSession(null);
        setAttemptedAllAuthenticationMethods();
    }

    private boolean shouldUseTls() {
        return this.connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.optional || this.connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.required;
    }

    private boolean mustUseTls() {
        return this.connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.required;
    }

    private boolean cannotUseTls() {
        return this.connection.getConfiguration().getTlsPolicy() == Connection.TLSPolicy.disabled;
    }

    @Override // org.jivesoftware.openfire.net.StanzaHandler
    void startTLS() throws Exception {
        this.connection.startTLS(true, false);
    }

    @Override // org.jivesoftware.openfire.net.StanzaHandler
    Namespace getNamespace() {
        return new Namespace("", "jabber:server");
    }

    @Override // org.jivesoftware.openfire.net.StanzaHandler
    boolean validateHost() {
        return false;
    }

    @Override // org.jivesoftware.openfire.net.StanzaHandler
    boolean validateJIDs() {
        return false;
    }

    public LocalSession getSession() {
        return this.session;
    }

    public CompletableFuture<Void> isSessionAuthenticated() {
        return this.isSessionAuthenticated;
    }

    @Override // org.jivesoftware.openfire.net.StanzaHandler
    void createSession(String str, XmlPullParser xmlPullParser, Connection connection) throws XmlPullParserException {
        this.session = createLocalOutgoingServerSession(xmlPullParser.getAttributeValue("", "id"), connection);
    }

    private LocalOutgoingServerSession createLocalOutgoingServerSession(String str, Connection connection) {
        return new LocalOutgoingServerSession(this.domainPair.getLocal(), connection, BasicStreamIDFactory.createStreamID(str));
    }

    public void setSessionAuthenticated() {
        this.isSessionAuthenticated.complete(null);
    }

    public CompletableFuture<Void> haveAttemptedAllAuthenticationMethods() {
        return this.attemptedAllAuthenticationMethods;
    }

    public void setAttemptedAllAuthenticationMethods() {
        this.attemptedAllAuthenticationMethods.complete(null);
    }

    public String getRemoteDomain() {
        return this.domainPair.getRemote();
    }
}
