package dlshade.org.apache.bookkeeper.proto;

import dlshade.com.google.protobuf.ByteString;
import dlshade.org.apache.bookkeeper.auth.AuthCallbacks;
import dlshade.org.apache.bookkeeper.auth.AuthProviderFactoryFactory;
import dlshade.org.apache.bookkeeper.auth.AuthToken;
import dlshade.org.apache.bookkeeper.auth.BookieAuthProvider;
import dlshade.org.apache.bookkeeper.auth.ClientAuthProvider;
import dlshade.org.apache.bookkeeper.proto.BookieProtocol;
import dlshade.org.apache.bookkeeper.proto.BookkeeperProtocol;
import dlshade.org.apache.http.conn.ssl.DefaultHostnameVerifier;
import io.netty.channel.Channel;
import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelPromise;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.Queue;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler.class */
public class AuthHandler {
    static final Logger LOG = LoggerFactory.getLogger(AuthHandler.class);
    private static final DefaultHostnameVerifier HOSTNAME_VERIFIER = new DefaultHostnameVerifier();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$AuthenticationException.class */
    public static class AuthenticationException extends IOException {
        AuthenticationException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$ClientSideHandler.class */
    public static class ClientSideHandler extends ChannelDuplexHandler {
        final ClientAuthProvider.Factory authProviderFactory;
        final AtomicLong transactionIdGenerator;
        final ClientConnectionPeer connectionPeer;
        private final boolean isUsingV2Protocol;
        static final /* synthetic */ boolean $assertionsDisabled;
        volatile boolean authenticated = false;
        final Queue<Object> waitingForAuth = new ConcurrentLinkedQueue();
        ClientAuthProvider authProvider = null;

        /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$ClientSideHandler$AuthHandshakeCompleteCallback.class */
        class AuthHandshakeCompleteCallback implements AuthCallbacks.GenericCallback<Void> {
            ChannelHandlerContext ctx;

            AuthHandshakeCompleteCallback(ChannelHandlerContext channelHandlerContext) {
                this.ctx = channelHandlerContext;
            }

            @Override // dlshade.org.apache.bookkeeper.auth.AuthCallbacks.GenericCallback
            public void operationComplete(int i, Void r6) {
                if (i != 0) {
                    AuthHandler.LOG.warn("Client authentication failed");
                    ClientSideHandler.this.authenticationError(this.ctx, i);
                    return;
                }
                synchronized (this) {
                    ClientSideHandler.this.authenticated = true;
                    Object poll = ClientSideHandler.this.waitingForAuth.poll();
                    while (poll != null) {
                        this.ctx.writeAndFlush(poll);
                        poll = ClientSideHandler.this.waitingForAuth.poll();
                    }
                }
            }
        }

        /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$ClientSideHandler$AuthRequestCallback.class */
        class AuthRequestCallback implements AuthCallbacks.GenericCallback<AuthToken> {
            Channel channel;
            ChannelHandlerContext ctx;
            String pluginName;

            AuthRequestCallback(ChannelHandlerContext channelHandlerContext, String str) {
                this.channel = channelHandlerContext.channel();
                this.ctx = channelHandlerContext;
                this.pluginName = str;
            }

            @Override // dlshade.org.apache.bookkeeper.auth.AuthCallbacks.GenericCallback
            public void operationComplete(int i, AuthToken authToken) {
                if (i != 0) {
                    ClientSideHandler.this.authenticationError(this.ctx, i);
                    return;
                }
                BookkeeperProtocol.AuthMessage build = BookkeeperProtocol.AuthMessage.newBuilder().setAuthPluginName(this.pluginName).setPayload(ByteString.copyFrom(authToken.getData())).build();
                if (ClientSideHandler.this.isUsingV2Protocol) {
                    this.channel.writeAndFlush(new BookieProtocol.AuthRequest((byte) 2, build), this.channel.voidPromise());
                    return;
                }
                this.channel.writeAndFlush(BookkeeperProtocol.Request.newBuilder().setHeader(BookkeeperProtocol.BKPacketHeader.newBuilder().setVersion(BookkeeperProtocol.ProtocolVersion.VERSION_THREE).setOperation(BookkeeperProtocol.OperationType.AUTH).setTxnId(ClientSideHandler.this.newTxnId()).build()).setAuthRequest(build).build());
            }
        }

        public ClientAuthProvider getAuthProvider() {
            return this.authProvider;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ClientSideHandler(ClientAuthProvider.Factory factory, AtomicLong atomicLong, ClientConnectionPeer clientConnectionPeer, boolean z) {
            this.authProviderFactory = factory;
            this.transactionIdGenerator = atomicLong;
            this.connectionPeer = clientConnectionPeer;
            this.isUsingV2Protocol = z;
        }

        public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
            this.authProvider = this.authProviderFactory.newProvider(this.connectionPeer, new AuthHandshakeCompleteCallback(channelHandlerContext));
            this.authProvider.init(new AuthRequestCallback(channelHandlerContext, this.authProviderFactory.getPluginName()));
            super.channelActive(channelHandlerContext);
        }

        public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
            if (this.authProvider != null) {
                this.authProvider.close();
            }
            super.channelInactive(channelHandlerContext);
        }

        public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (!$assertionsDisabled && this.authProvider == null) {
                throw new AssertionError();
            }
            if (this.authenticated) {
                super.channelRead(channelHandlerContext, obj);
                return;
            }
            if (!(obj instanceof BookkeeperProtocol.Response)) {
                if (obj instanceof BookieProtocol.Response) {
                    BookieProtocol.Response response = (BookieProtocol.Response) obj;
                    switch (response.opCode) {
                        case 3:
                            if (response.errorCode != 0) {
                                authenticationError(channelHandlerContext, response.errorCode);
                                return;
                            }
                            BookkeeperProtocol.AuthMessage authMessage = ((BookieProtocol.AuthResponse) response).authMessage;
                            if (!AuthProviderFactoryFactory.AUTHENTICATION_DISABLED_PLUGIN_NAME.equals(authMessage.getAuthPluginName())) {
                                this.authProvider.process(AuthToken.wrap(authMessage.getPayload().toByteArray()), new AuthRequestCallback(channelHandlerContext, this.authProviderFactory.getPluginName()));
                                return;
                            } else {
                                AuthHandler.LOG.info("Authentication is not enabled.Considering this client {} authenticated", channelHandlerContext.channel().remoteAddress());
                                new AuthHandshakeCompleteCallback(channelHandlerContext).operationComplete(0, (Void) null);
                                return;
                            }
                        default:
                            AuthHandler.LOG.warn("dropping received message {} from bookie {}", obj, channelHandlerContext.channel());
                            return;
                    }
                }
                return;
            }
            BookkeeperProtocol.Response response2 = (BookkeeperProtocol.Response) obj;
            if (null == response2.getHeader().getOperation()) {
                AuthHandler.LOG.info("dropping received malformed message {} from bookie {}", obj, channelHandlerContext.channel());
                return;
            }
            switch (response2.getHeader().getOperation()) {
                case START_TLS:
                    super.channelRead(channelHandlerContext, obj);
                    return;
                case AUTH:
                    if (response2.getStatus() != BookkeeperProtocol.StatusCode.EOK) {
                        authenticationError(channelHandlerContext, response2.getStatus().getNumber());
                        return;
                    }
                    if (!$assertionsDisabled && !response2.hasAuthResponse()) {
                        throw new AssertionError();
                    }
                    BookkeeperProtocol.AuthMessage authResponse = response2.getAuthResponse();
                    if (!AuthProviderFactoryFactory.AUTHENTICATION_DISABLED_PLUGIN_NAME.equals(authResponse.getAuthPluginName())) {
                        this.authProvider.process(AuthToken.wrap(authResponse.getPayload().toByteArray()), new AuthRequestCallback(channelHandlerContext, this.authProviderFactory.getPluginName()));
                        return;
                    } else {
                        AuthHandler.LOG.info("Authentication is not enabled.Considering this client {} authenticated", channelHandlerContext.channel().remoteAddress());
                        new AuthHandshakeCompleteCallback(channelHandlerContext).operationComplete(0, (Void) null);
                        return;
                    }
                default:
                    AuthHandler.LOG.warn("dropping received message {} from bookie {}", obj, channelHandlerContext.channel());
                    return;
            }
        }

        public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
            synchronized (this) {
                if (this.authenticated) {
                    super.write(channelHandlerContext, obj, channelPromise);
                    super.flush(channelHandlerContext);
                } else if (obj instanceof BookkeeperProtocol.Request) {
                    BookkeeperProtocol.Request request = (BookkeeperProtocol.Request) obj;
                    if (request.getHeader().getOperation() == BookkeeperProtocol.OperationType.AUTH || request.getHeader().getOperation() == BookkeeperProtocol.OperationType.START_TLS) {
                        super.write(channelHandlerContext, obj, channelPromise);
                        super.flush(channelHandlerContext);
                    } else {
                        this.waitingForAuth.add(obj);
                    }
                } else if (!(obj instanceof BookieProtocol.Request)) {
                    AuthHandler.LOG.info("dropping write of message {}", obj);
                } else if (3 == ((BookieProtocol.Request) obj).getOpCode()) {
                    super.write(channelHandlerContext, obj, channelPromise);
                    super.flush(channelHandlerContext);
                } else {
                    this.waitingForAuth.add(obj);
                }
            }
        }

        long newTxnId() {
            return this.transactionIdGenerator.incrementAndGet();
        }

        void authenticationError(ChannelHandlerContext channelHandlerContext, int i) {
            AuthHandler.LOG.error("Error processing auth message, erroring connection {}", Integer.valueOf(i));
            channelHandlerContext.fireExceptionCaught(new AuthenticationException("Auth failed with error " + i));
        }

        public boolean verifyTlsHostName(Channel channel) {
            SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
            if (sslHandler == null) {
                if (!AuthHandler.LOG.isDebugEnabled()) {
                    return true;
                }
                AuthHandler.LOG.debug("can't perform hostname-verification on non-ssl channel {}", channel);
                return true;
            }
            SSLSession session = sslHandler.engine().getSession();
            if (!(channel.remoteAddress() instanceof InetSocketAddress)) {
                if (!AuthHandler.LOG.isDebugEnabled()) {
                    return true;
                }
                AuthHandler.LOG.debug("can't get remote hostName on ssl session {}", channel);
                return true;
            }
            String hostName = ((InetSocketAddress) channel.remoteAddress()).getHostName();
            if (AuthHandler.LOG.isDebugEnabled()) {
                AuthHandler.LOG.debug("Verifying HostName for {}, Cipher {}, Protocols {}, on {}", new Object[]{hostName, session.getCipherSuite(), session.getProtocol(), channel});
            }
            boolean verify = AuthHandler.HOSTNAME_VERIFIER.verify(hostName, session);
            if (!verify) {
                AuthHandler.LOG.warn("Failed to validate hostname verification {} on {}", hostName, channel);
            }
            return verify;
        }

        static {
            $assertionsDisabled = !AuthHandler.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$ServerSideHandler.class */
    public static class ServerSideHandler extends ChannelInboundHandlerAdapter {
        final BookieAuthProvider.Factory authProviderFactory;
        final BookieConnectionPeer connectionPeer;
        static final /* synthetic */ boolean $assertionsDisabled;
        volatile boolean authenticated = false;
        BookieAuthProvider authProvider = null;

        /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$ServerSideHandler$AuthHandshakeCompleteCallback.class */
        class AuthHandshakeCompleteCallback implements AuthCallbacks.GenericCallback<Void> {
            AuthHandshakeCompleteCallback() {
            }

            @Override // dlshade.org.apache.bookkeeper.auth.AuthCallbacks.GenericCallback
            public void operationComplete(int i, Void r5) {
                if (i == 0) {
                    ServerSideHandler.this.authenticated = true;
                    AuthHandler.LOG.info("Authentication success on server side");
                } else if (AuthHandler.LOG.isDebugEnabled()) {
                    AuthHandler.LOG.debug("Authentication failed on server side");
                }
            }
        }

        /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$ServerSideHandler$AuthResponseCallback.class */
        static class AuthResponseCallback implements AuthCallbacks.GenericCallback<AuthToken> {
            final BookkeeperProtocol.Request req;
            final Channel channel;
            final String pluginName;

            AuthResponseCallback(BookkeeperProtocol.Request request, Channel channel, String str) {
                this.req = request;
                this.channel = channel;
                this.pluginName = str;
            }

            @Override // dlshade.org.apache.bookkeeper.auth.AuthCallbacks.GenericCallback
            public void operationComplete(int i, AuthToken authToken) {
                BookkeeperProtocol.Response.Builder header = BookkeeperProtocol.Response.newBuilder().setHeader(this.req.getHeader());
                if (i == 0) {
                    header.setStatus(BookkeeperProtocol.StatusCode.EOK).setAuthResponse(BookkeeperProtocol.AuthMessage.newBuilder().setAuthPluginName(this.pluginName).setPayload(ByteString.copyFrom(authToken.getData())).build());
                    this.channel.writeAndFlush(header.build());
                } else {
                    AuthHandler.LOG.error("Error processing auth message, closing connection");
                    header.setStatus(BookkeeperProtocol.StatusCode.EUA);
                    this.channel.writeAndFlush(header.build());
                    this.channel.close();
                }
            }
        }

        /* loaded from: input_file:dlshade/org/apache/bookkeeper/proto/AuthHandler$ServerSideHandler$AuthResponseCallbackLegacy.class */
        static class AuthResponseCallbackLegacy implements AuthCallbacks.GenericCallback<AuthToken> {
            final BookieProtocol.AuthRequest req;
            final Channel channel;

            AuthResponseCallbackLegacy(BookieProtocol.AuthRequest authRequest, Channel channel) {
                this.req = authRequest;
                this.channel = channel;
            }

            @Override // dlshade.org.apache.bookkeeper.auth.AuthCallbacks.GenericCallback
            public void operationComplete(int i, AuthToken authToken) {
                if (i != 0) {
                    AuthHandler.LOG.error("Error processing auth message, closing connection");
                    this.channel.close();
                } else {
                    this.channel.writeAndFlush(new BookieProtocol.AuthResponse(this.req.getProtocolVersion(), BookkeeperProtocol.AuthMessage.newBuilder().setAuthPluginName(this.req.authMessage.getAuthPluginName()).setPayload(ByteString.copyFrom(authToken.getData())).build()));
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerSideHandler(BookieConnectionPeer bookieConnectionPeer, BookieAuthProvider.Factory factory) {
            this.authProviderFactory = factory;
            this.connectionPeer = bookieConnectionPeer;
        }

        public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
            this.authProvider = this.authProviderFactory.newProvider(this.connectionPeer, new AuthHandshakeCompleteCallback());
            super.channelActive(channelHandlerContext);
        }

        public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
            if (this.authProvider != null) {
                this.authProvider.close();
            }
            super.channelInactive(channelHandlerContext);
        }

        public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (this.authProvider == null) {
                channelHandlerContext.channel().close();
                return;
            }
            if (this.authenticated) {
                super.channelRead(channelHandlerContext, obj);
                return;
            }
            if (obj instanceof BookieProtocol.AuthRequest) {
                BookieProtocol.AuthRequest authRequest = (BookieProtocol.AuthRequest) obj;
                if (!$assertionsDisabled && authRequest.getOpCode() != 3) {
                    throw new AssertionError();
                }
                if (!checkAuthPlugin(authRequest.getAuthMessage(), channelHandlerContext.channel())) {
                    channelHandlerContext.channel().close();
                    return;
                } else {
                    this.authProvider.process(AuthToken.wrap(authRequest.getAuthMessage().getPayload().toByteArray()), new AuthResponseCallbackLegacy(authRequest, channelHandlerContext.channel()));
                    return;
                }
            }
            if (obj instanceof BookieProtocol.Request) {
                BookieProtocol.Request request = (BookieProtocol.Request) obj;
                if (request.getOpCode() == 1) {
                    channelHandlerContext.channel().writeAndFlush(BookieProtocol.AddResponse.create(request.getProtocolVersion(), 102, request.getLedgerId(), request.getEntryId()));
                    return;
                } else if (request.getOpCode() == 2) {
                    channelHandlerContext.channel().writeAndFlush(new BookieProtocol.ReadResponse(request.getProtocolVersion(), 102, request.getLedgerId(), request.getEntryId()));
                    return;
                } else {
                    channelHandlerContext.channel().close();
                    return;
                }
            }
            if (!(obj instanceof BookkeeperProtocol.Request)) {
                channelHandlerContext.channel().close();
                return;
            }
            BookkeeperProtocol.Request request2 = (BookkeeperProtocol.Request) obj;
            if (request2.getHeader().getOperation() == BookkeeperProtocol.OperationType.AUTH && request2.hasAuthRequest() && checkAuthPlugin(request2.getAuthRequest(), channelHandlerContext.channel())) {
                this.authProvider.process(AuthToken.wrap(request2.getAuthRequest().getPayload().toByteArray()), new AuthResponseCallback(request2, channelHandlerContext.channel(), this.authProviderFactory.getPluginName()));
            } else if (request2.getHeader().getOperation() == BookkeeperProtocol.OperationType.START_TLS && request2.hasStartTLSRequest()) {
                super.channelRead(channelHandlerContext, obj);
            } else {
                channelHandlerContext.channel().writeAndFlush(BookkeeperProtocol.Response.newBuilder().setHeader(request2.getHeader()).setStatus(BookkeeperProtocol.StatusCode.EUA).build());
            }
        }

        private boolean checkAuthPlugin(BookkeeperProtocol.AuthMessage authMessage, Channel channel) {
            if (authMessage.hasAuthPluginName() && authMessage.getAuthPluginName().equals(this.authProviderFactory.getPluginName())) {
                return true;
            }
            AuthHandler.LOG.error("Received message from incompatible auth plugin. Local = {}, Remote = {}, Channel = {}", this.authProviderFactory.getPluginName(), authMessage.getAuthPluginName());
            return false;
        }

        public boolean isAuthenticated() {
            return this.authenticated;
        }

        static {
            $assertionsDisabled = !AuthHandler.class.desiredAssertionStatus();
        }
    }

    AuthHandler() {
    }
}
