package org.wso2.andes.transport;

import java.lang.management.ManagementFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.wso2.andes.security.UsernamePasswordCallbackHandler;
import org.wso2.andes.transport.Connection;
import org.wso2.andes.transport.util.Logger;

/* loaded from: input_file:org/wso2/andes/transport/ClientDelegate.class */
public class ClientDelegate extends ConnectionDelegate {
    private static final Logger log = Logger.get(ClientDelegate.class);
    private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2";
    protected static final Oid KRB5_OID;
    private List<String> clientMechs;
    private ConnectionSettings conSettings;

    public ClientDelegate(ConnectionSettings connectionSettings) {
        this.conSettings = connectionSettings;
        this.clientMechs = Arrays.asList(connectionSettings.getSaslMechs().split(" "));
    }

    @Override // org.wso2.andes.transport.ProtocolDelegate
    public void init(Connection connection, ProtocolHeader protocolHeader) {
        if (protocolHeader.getMajor() == 0 && protocolHeader.getMinor() == 10) {
            return;
        }
        connection.exception((ConnectionException) new ProtocolVersionException(protocolHeader.getMajor(), protocolHeader.getMinor()));
    }

    @Override // org.wso2.andes.transport.MethodDelegate
    public void connectionStart(Connection connection, ConnectionStart connectionStart) {
        HashMap hashMap = new HashMap();
        if (this.conSettings.getClientProperties() != null) {
            hashMap.putAll(this.conSettings.getClientProperties());
        }
        hashMap.put("qpid.session_flow", 1);
        hashMap.put("qpid.client_pid", Integer.valueOf(getPID()));
        hashMap.put("qpid.client_process", System.getProperty("qpid.client_process", "Qpid Java Client"));
        List<Object> mechanisms = connectionStart.getMechanisms();
        if (mechanisms == null || mechanisms.isEmpty()) {
            connection.connectionStartOk(hashMap, null, null, connection.getLocale(), new Option[0]);
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : this.clientMechs) {
            if (mechanisms.contains(str)) {
                arrayList.add(str);
            }
        }
        if (arrayList.size() == 0) {
            connection.exception(new ConnectionException("The following SASL mechanisms " + this.clientMechs.toString() + " specified by the client are not supported by the broker"));
            return;
        }
        String[] strArr = new String[arrayList.size()];
        arrayList.toArray(strArr);
        connection.setServerProperties(connectionStart.getServerProperties());
        try {
            HashMap hashMap2 = new HashMap();
            if (this.conSettings.isUseSASLEncryption()) {
                hashMap2.put("javax.security.sasl.qop", "auth-conf");
            }
            UsernamePasswordCallbackHandler usernamePasswordCallbackHandler = new UsernamePasswordCallbackHandler();
            usernamePasswordCallbackHandler.initialise(this.conSettings.getUsername(), this.conSettings.getPassword());
            SaslClient createSaslClient = Sasl.createSaslClient(strArr, (String) null, this.conSettings.getSaslProtocol(), this.conSettings.getSaslServerName(), hashMap2, usernamePasswordCallbackHandler);
            connection.setSaslClient(createSaslClient);
            connection.connectionStartOk(hashMap, createSaslClient.getMechanismName(), createSaslClient.hasInitialResponse() ? createSaslClient.evaluateChallenge(new byte[0]) : null, connection.getLocale(), new Option[0]);
        } catch (SaslException e) {
            connection.exception((Throwable) e);
        }
    }

    @Override // org.wso2.andes.transport.MethodDelegate
    public void connectionSecure(Connection connection, ConnectionSecure connectionSecure) {
        try {
            connection.connectionSecureOk(connection.getSaslClient().evaluateChallenge(connectionSecure.getChallenge()), new Option[0]);
        } catch (SaslException e) {
            connection.exception((Throwable) e);
        }
    }

    @Override // org.wso2.andes.transport.MethodDelegate
    public void connectionTune(Connection connection, ConnectionTune connectionTune) {
        int calculateHeartbeatInterval = calculateHeartbeatInterval(this.conSettings.getHeartbeatInterval(), connectionTune.getHeartbeatMin(), connectionTune.getHeartbeatMax());
        connection.connectionTuneOk(connectionTune.getChannelMax(), connectionTune.getMaxFrameSize(), calculateHeartbeatInterval, new Option[0]);
        connection.setIdleTimeout(calculateHeartbeatInterval * 1000 * 2);
        int channelMax = connectionTune.getChannelMax();
        connection.setChannelMax(channelMax == 0 ? 65535 : channelMax);
        connection.connectionOpen(this.conSettings.getVhost(), null, Option.INSIST);
    }

    @Override // org.wso2.andes.transport.MethodDelegate
    public void connectionOpenOk(Connection connection, ConnectionOpenOk connectionOpenOk) {
        SaslClient saslClient = connection.getSaslClient();
        if (saslClient != null) {
            if (saslClient.getMechanismName().equals("GSSAPI")) {
                String kerberosUser = getKerberosUser();
                if (kerberosUser != null) {
                    connection.setUserID(kerberosUser);
                }
            } else if (saslClient.getMechanismName().equals("EXTERNAL") && connection.getSecurityLayer() != null) {
                connection.setUserID(connection.getSecurityLayer().getUserID());
            }
        }
        if (connection.isConnectionResuming()) {
            connection.setState(Connection.State.RESUMING);
        } else {
            connection.setState(Connection.State.OPEN);
        }
    }

    @Override // org.wso2.andes.transport.MethodDelegate
    public void connectionRedirect(Connection connection, ConnectionRedirect connectionRedirect) {
        throw new UnsupportedOperationException();
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.wso2.andes.transport.ConnectionDelegate, org.wso2.andes.transport.MethodDelegate
    public void connectionHeartbeat(Connection connection, ConnectionHeartbeat connectionHeartbeat) {
        connection.connectionHeartbeat(new Option[0]);
    }

    private int calculateHeartbeatInterval(int i, int i2, int i3) {
        if (i == 0) {
            log.info("Idle timeout is 0 sec. Heartbeats are disabled.", new Object[0]);
            return 0;
        }
        if (i >= i2 && i <= i3) {
            return i;
        }
        log.info("The broker does not support the configured connection idle timeout of %s sec, using the brokers max supported value of %s sec instead.", Integer.valueOf(i), Integer.valueOf(i3));
        return i3;
    }

    private int getPID() {
        String name = ManagementFactory.getRuntimeMXBean().getName();
        if (name == null || name.indexOf(64) <= 0) {
            log.warn("Unable to get the client PID due to unsupported format : " + name, new Object[0]);
            return -1;
        }
        try {
            return Integer.parseInt(name.substring(0, name.indexOf(64)));
        } catch (Exception e) {
            log.warn("Unable to get the client PID due to error", e);
            return -1;
        }
    }

    private String getKerberosUser() {
        log.debug("Obtaining userID from kerberos", new Object[0]);
        String str = this.conSettings.getSaslProtocol() + "@" + this.conSettings.getSaslServerName();
        GSSManager gSSManager = GSSManager.getInstance();
        try {
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(str, GSSName.NT_HOSTBASED_SERVICE, KRB5_OID), KRB5_OID, (GSSCredential) null, Integer.MAX_VALUE);
            createContext.initSecContext(new byte[0], 0, 1);
            if (createContext.getSrcName() != null) {
                return createContext.getSrcName().toString();
            }
            return null;
        } catch (GSSException e) {
            log.warn("Unable to retrieve userID from Kerberos due to error", e);
            return null;
        }
    }

    static {
        Oid oid;
        try {
            oid = new Oid(KRB5_OID_STR);
        } catch (GSSException e) {
            oid = null;
        }
        KRB5_OID = oid;
    }
}
