package org.jivesoftware.openfire.server;

import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.Socket;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import javax.el.ELResolver;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.httpclient.cookie.Cookie2;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.XMPPPacketReader;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.RemoteConnectionFailedException;
import org.jivesoftware.openfire.RoutingTable;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.auth.AuthFactory;
import org.jivesoftware.openfire.forms.DataForm;
import org.jivesoftware.openfire.net.MXParser;
import org.jivesoftware.openfire.net.SASLAuthentication;
import org.jivesoftware.openfire.net.ServerTrafficCounter;
import org.jivesoftware.openfire.net.SocketConnection;
import org.jivesoftware.openfire.net.SocketUtil;
import org.jivesoftware.openfire.net.TLSStreamHandler;
import org.jivesoftware.openfire.session.ConnectionSettings;
import org.jivesoftware.openfire.session.IncomingServerSession;
import org.jivesoftware.openfire.session.LocalIncomingServerSession;
import org.jivesoftware.openfire.session.LocalOutgoingServerSession;
import org.jivesoftware.openfire.spi.BasicStreamIDFactory;
import org.jivesoftware.openfire.spi.ConnectionManagerImpl;
import org.jivesoftware.openfire.spi.ConnectionType;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.StringUtils;
import org.jivesoftware.util.cache.Cache;
import org.jivesoftware.util.cache.CacheFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmlpull.v1.XmlPullParserException;
import org.xmlpull.v1.XmlPullParserFactory;
import org.xmpp.packet.JID;
import org.xmpp.packet.PacketError;
import org.xmpp.packet.StreamError;

/* loaded from: input_file:org/jivesoftware/openfire/server/ServerDialback.class */
public class ServerDialback {
    private static final Logger Log = LoggerFactory.getLogger(ServerDialback.class);
    protected static String CHARSET = "UTF-8";
    private static Cache<String, String> secretKeyCache;
    private static XmlPullParserFactory FACTORY;
    private Connection connection;
    private String serverName;
    private SessionManager sessionManager = SessionManager.getInstance();
    private RoutingTable routingTable = XMPPServer.getInstance().getRoutingTable();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jivesoftware/openfire/server/ServerDialback$VerifyResult.class */
    public enum VerifyResult {
        decline,
        error,
        valid,
        invalid
    }

    public static boolean isEnabled() {
        return JiveGlobals.getBooleanProperty(ConnectionSettings.Server.DIALBACK_ENABLED, true);
    }

    public static boolean isEnabledForSelfSigned() {
        return JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_ACCEPT_SELFSIGNED_CERTS, false);
    }

    public static void setEnabledForSelfSigned(boolean z) {
        JiveGlobals.setProperty(ConnectionSettings.Server.TLS_ACCEPT_SELFSIGNED_CERTS, Boolean.toString(z));
    }

    public ServerDialback(Connection connection, String str) {
        this.connection = connection;
        this.serverName = str;
    }

    public ServerDialback() {
    }

    public LocalOutgoingServerSession createOutgoingSession(String str, String str2, int i) {
        Socket createSocketToXmppDomain;
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Acting as Originating Server: Create Outgoing Session from: " + str + " to RS at: " + str2 + " (port: " + i + ")]");
        logger.debug("Creating new outgoing session...");
        try {
            createSocketToXmppDomain = SocketUtil.createSocketToXmppDomain(str2, i);
        } catch (Exception e) {
            logger.error("An exception occurred while creating outgoing session to remote server:", (Throwable) e);
            if (this.connection != null) {
                this.connection.close();
            }
        }
        if (createSocketToXmppDomain == null) {
            logger.info("Unable to create new outgoing session: Cannot create a plain socket connection with any applicable remote host.");
            return null;
        }
        this.connection = new SocketConnection(XMPPServer.getInstance().getPacketDeliverer(), createSocketToXmppDomain, false);
        logger.debug("Send the stream header and wait for response...");
        StringBuilder sb = new StringBuilder();
        sb.append("<stream:stream");
        sb.append(" xmlns:stream=\"http://etherx.jabber.org/streams\"");
        sb.append(" xmlns=\"jabber:server\"");
        sb.append(" to=\"").append(str2).append("\"");
        sb.append(" from=\"").append(str).append("\"");
        sb.append(" xmlns:db=\"jabber:server:dialback\"");
        sb.append(">");
        this.connection.deliverRawText(sb.toString());
        int soTimeout = createSocketToXmppDomain.getSoTimeout();
        createSocketToXmppDomain.setSoTimeout(RemoteServerManager.getSocketTimeout());
        XMPPPacketReader xMPPPacketReader = new XMPPPacketReader();
        xMPPPacketReader.setXPPFactory(FACTORY);
        xMPPPacketReader.getXPPParser().setInput(new InputStreamReader(ServerTrafficCounter.wrapInputStream(createSocketToXmppDomain.getInputStream()), CHARSET));
        MXParser xPPParser = xMPPPacketReader.getXPPParser();
        for (int eventType = xPPParser.getEventType(); eventType != 2; eventType = xPPParser.next()) {
        }
        logger.debug("Got a response. Check if the remote server supports dialback...");
        if ("jabber:server:dialback".equals(xPPParser.getNamespace("db"))) {
            logger.debug("Dialback seems to be supported by the remote server.");
            createSocketToXmppDomain.setSoTimeout(soTimeout);
            String attributeValue = xPPParser.getAttributeValue("", "id");
            OutgoingServerSocketReader outgoingServerSocketReader = new OutgoingServerSocketReader(xMPPPacketReader);
            if (authenticateDomain(outgoingServerSocketReader, str, str2, attributeValue)) {
                logger.debug("Successfully authenticated the connection with dialback.");
                LocalOutgoingServerSession localOutgoingServerSession = new LocalOutgoingServerSession(str, this.connection, outgoingServerSocketReader, BasicStreamIDFactory.createStreamID(attributeValue));
                this.connection.init(localOutgoingServerSession);
                localOutgoingServerSession.setAddress(new JID(null, str2, null));
                logger.debug("Successfully created new outgoing session!");
                return localOutgoingServerSession;
            }
            logger.debug("Failed to authenticate the connection with dialback.");
            this.connection.close();
        } else {
            logger.debug("Error! Invalid namespace in packet: '{}'. Closing connection.", xPPParser.getText());
            this.connection.deliverRawText(new StreamError(StreamError.Condition.invalid_namespace).toXML());
            this.connection.close();
        }
        logger.warn("Unable to create a new outgoing session");
        return null;
    }

    public boolean authenticateDomain(OutgoingServerSocketReader outgoingServerSocketReader, String str, String str2, String str3) {
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Acting as Originating Server: Authenticate domain: " + str + " with RS: " + str2 + " (id: " + str3 + ")]");
        logger.debug("Authenticating domain ...");
        String createDigest = AuthFactory.createDigest(str3, getSecretkey());
        synchronized (outgoingServerSocketReader) {
            logger.debug("Sending dialback key and wait for the validation response...");
            StringBuilder sb = new StringBuilder();
            sb.append("<db:result");
            sb.append(" from=\"").append(str).append("\"");
            sb.append(" to=\"").append(str2).append("\">");
            sb.append(createDigest);
            sb.append("</db:result>");
            this.connection.deliverRawText(sb.toString());
            while (true) {
                try {
                    Element element = outgoingServerSocketReader.getElement(RemoteServerManager.getSocketTimeout(), TimeUnit.MILLISECONDS);
                    if (element == null) {
                        logger.debug("Failed to authenticate domain: Time out waiting for validation response.");
                        return false;
                    }
                    if ("db".equals(element.getNamespacePrefix()) && DataForm.TYPE_RESULT.equals(element.getName())) {
                        if ("valid".equals(element.attributeValue(ELResolver.TYPE))) {
                            logger.debug("Authenticated succeeded!");
                            return true;
                        }
                        logger.debug("Failed to authenticate domain: the validation response was received, but did not grant authentication.");
                        return false;
                    }
                    logger.warn("Ignoring unexpected answer while waiting for dialback validation: " + element.asXML());
                } catch (InterruptedException e) {
                    logger.debug("Failed to authenticate domain: An interrupt was received while waiting for validation response (is Openfire shutting down?)");
                    return false;
                }
            }
        }
    }

    public LocalIncomingServerSession createIncomingSession(XMPPPacketReader xMPPPacketReader) throws IOException, XmlPullParserException {
        MXParser xPPParser = xMPPPacketReader.getXPPParser();
        if (!"jabber:server:dialback".equals(xPPParser.getNamespace("db"))) {
            Log.debug("ServerDialback: Received a stanza in an invalid namespace while trying to process an incoming session: {}", xPPParser.getNamespace("db"));
            this.connection.deliverRawText(new StreamError(StreamError.Condition.invalid_namespace).toXML());
            this.connection.close();
            return null;
        }
        Log.debug("ServerDialback: Processing incoming session.");
        StreamID nextStreamID = this.sessionManager.nextStreamID();
        this.connection.deliverRawText("<stream:stream xmlns:stream=\"http://etherx.jabber.org/streams\" xmlns=\"jabber:server\" xmlns:db=\"jabber:server:dialback\" id=\"" + nextStreamID.toString() + "\">");
        try {
            Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
            if ("db".equals(rootElement.getNamespacePrefix()) && DataForm.TYPE_RESULT.equals(rootElement.getName())) {
                String attributeValue = rootElement.attributeValue("from");
                String attributeValue2 = rootElement.attributeValue("to");
                Log.debug("ServerDialback: RS - Validating remote domain for incoming session from {} to {}", attributeValue, attributeValue2);
                if (!validateRemoteDomain(rootElement, nextStreamID)) {
                    Log.debug("ServerDialback: RS - Validation of remote domain for incoming session from {} to {} was not successful.", attributeValue, attributeValue2);
                    return null;
                }
                Log.debug("ServerDialback: RS - Validation of remote domain for incoming session from {} to {} was successful.", attributeValue, attributeValue2);
                LocalIncomingServerSession createIncomingServerSession = this.sessionManager.createIncomingServerSession(this.connection, nextStreamID, attributeValue);
                createIncomingServerSession.addValidatedDomain(attributeValue);
                createIncomingServerSession.setLocalDomain(attributeValue2);
                return createIncomingServerSession;
            }
            if (!"db".equals(rootElement.getNamespacePrefix()) || !"verify".equals(rootElement.getName())) {
                Log.debug("ServerDialback: Received an invalid/unknown packet while trying to process an incoming session: {}", rootElement.asXML());
                this.connection.deliverRawText(new StreamError(StreamError.Condition.invalid_xml).toXML());
                this.connection.close();
                return null;
            }
            verifyReceivedKey(rootElement, this.connection);
            this.connection.close();
            Log.debug("ServerDialback: AS - Connection closed for host: " + rootElement.attributeValue("from") + " id: " + rootElement.attributeValue("id"));
            return null;
        } catch (Exception e) {
            Log.error("An error occured while creating a server session", (Throwable) e);
            this.connection.close();
            return null;
        }
    }

    protected void dialbackError(String str, String str2, PacketError packetError) {
        this.connection.deliverRawText("<db:result type=\"error\" from=\"" + str + "\" to=\"" + str2 + "\">" + packetError.toXML() + "</db:result>");
    }

    public boolean validateRemoteDomain(Element element, StreamID streamID) {
        VerifyResult verifyKey;
        String attributeValue = element.attributeValue("to");
        String attributeValue2 = element.attributeValue("from");
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Acting as Receiving Server: Validate domain:" + attributeValue + "(id " + streamID + ") for OS: " + attributeValue2 + "]");
        logger.debug("Validating domain...");
        if (this.connection.getTlsPolicy() == Connection.TLSPolicy.required && !this.connection.isSecure()) {
            this.connection.deliverRawText(new StreamError(StreamError.Condition.policy_violation).toXML());
            this.connection.close();
            return false;
        }
        if (!RemoteServerManager.canAccess(attributeValue2)) {
            this.connection.deliverRawText(new StreamError(StreamError.Condition.policy_violation).toXML());
            this.connection.close();
            logger.debug("Unable to validate domain: Remote domain is not allowed to establish a connection to this server.");
            return false;
        }
        if (isHostUnknown(attributeValue)) {
            dialbackError(attributeValue, attributeValue2, new PacketError(PacketError.Condition.item_not_found, PacketError.Type.cancel, "Service not hosted here"));
            logger.debug("Unable to validate domain: recipient not recognized as a local domain.");
            return false;
        }
        logger.debug("Check if the remote domain already has a connection to the target domain/subdomain");
        boolean z = false;
        Iterator<IncomingServerSession> it = this.sessionManager.getIncomingServerSessions(attributeValue2).iterator();
        while (it.hasNext()) {
            if (attributeValue.equals(it.next().getLocalDomain())) {
                z = true;
            }
        }
        if (z && !this.sessionManager.isMultipleServerConnectionsAllowed()) {
            dialbackError(attributeValue, attributeValue2, new PacketError(PacketError.Condition.resource_constraint, PacketError.Type.cancel, "Incoming session already exists"));
            logger.debug("Unable to validate domain: An incoming connection already exists from this remote domain, and multiple connections are not allowed.");
            return false;
        }
        logger.debug("Checking to see if the remote server provides stronger authentication based on SASL. If that's the case, dialback-based authentication can be skipped.");
        if (SASLAuthentication.verifyCertificates(this.connection.getPeerCertificates(), attributeValue2, true)) {
            logger.debug("Host authenticated based on SASL. Weaker dialback-based authentication is skipped.");
            StringBuilder sb = new StringBuilder();
            sb.append("<db:result");
            sb.append(" from=\"").append(attributeValue).append("\"");
            sb.append(" to=\"").append(attributeValue2).append("\"");
            sb.append(" type=\"valid\"");
            sb.append("/>");
            this.connection.deliverRawText(sb.toString());
            logger.debug("Domain validated successfully!");
            return true;
        }
        logger.debug("Unable to authenticate host based on stronger SASL. Proceeding with dialback...");
        String textTrim = element.getTextTrim();
        Socket createSocketToXmppDomain = SocketUtil.createSocketToXmppDomain(attributeValue2, RemoteServerManager.getPortForServer(attributeValue2));
        if (createSocketToXmppDomain == null) {
            logger.debug("Unable to validate domain: No server available for verifying key of remote server.");
            dialbackError(attributeValue, attributeValue2, new PacketError(PacketError.Condition.remote_server_not_found, PacketError.Type.cancel, "Unable to connect to authoritative server"));
            return false;
        }
        try {
            logger.debug("Verifying dialback key...");
            try {
                verifyKey = verifyKey(textTrim, streamID, attributeValue, attributeValue2, createSocketToXmppDomain, false);
            } catch (SSLHandshakeException e) {
                logger.debug("Verification of dialback key failed due to TLS failure. Retry without TLS...", (Throwable) e);
                SocketAddress remoteSocketAddress = createSocketToXmppDomain.getRemoteSocketAddress();
                createSocketToXmppDomain.close();
                logger.debug("Re-opening socket (with the same remote peer)...");
                Socket socket = new Socket();
                socket.connect(remoteSocketAddress, RemoteServerManager.getSocketTimeout());
                logger.debug("Successfully re-opened socket! Try to validate dialback key again (without TLS this time)...");
                verifyKey = verifyKey(textTrim, streamID, attributeValue, attributeValue2, socket, true);
            }
            switch (verifyKey) {
                case valid:
                case invalid:
                    boolean z2 = verifyKey == VerifyResult.valid;
                    logger.debug("Dialback key is" + (z2 ? "valid" : "invalid") + ". Sending verification result to remote domain.");
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append("<db:result");
                    sb2.append(" from=\"").append(attributeValue).append("\"");
                    sb2.append(" to=\"").append(attributeValue2).append("\"");
                    sb2.append(" type=\"");
                    sb2.append(z2 ? "valid" : "invalid");
                    sb2.append("\"/>");
                    this.connection.deliverRawText(sb2.toString());
                    if (z2) {
                        logger.debug("Successfully validated domain!");
                        return true;
                    }
                    logger.debug("Close the underlying connection as key verification failed.");
                    this.connection.close();
                    logger.debug("Unable to validate domain: dialback key is invalid.");
                    return false;
                default:
                    logger.debug("Unable to validate domain: key verification did not complete (the AS likely returned an error or a time out occurred).");
                    dialbackError(attributeValue, attributeValue2, new PacketError(PacketError.Condition.remote_server_timeout, PacketError.Type.cancel, "Authoritative server returned error"));
                    return false;
            }
        } catch (Exception e2) {
            dialbackError(attributeValue, attributeValue2, new PacketError(PacketError.Condition.remote_server_timeout, PacketError.Type.cancel, "Authoritative server failed"));
            logger.warn("Unable to validate domain: An exception occurred while verifying the dialback key.", (Throwable) e2);
            return false;
        }
    }

    private boolean isHostUnknown(String str) {
        boolean z = !this.serverName.equals(str);
        if (z && str.contains(this.serverName)) {
            z = !this.routingTable.hasComponentRoute(new JID(str));
        }
        return z;
    }

    private VerifyResult sendVerifyKey(String str, StreamID streamID, String str2, String str3, Writer writer, XMPPPacketReader xMPPPacketReader, Socket socket, boolean z) throws IOException, XmlPullParserException, RemoteConnectionFailedException {
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Acting as Receiving Server: Verify key with AS: " + str3 + " for OS: " + str2 + " (id " + streamID + ")]");
        VerifyResult verifyResult = VerifyResult.error;
        logger.debug("Send the Authoritative Server a stream header and wait for answer.");
        writer.write("<stream:stream xmlns:stream=\"http://etherx.jabber.org/streams\" xmlns=\"jabber:server\" xmlns:db=\"jabber:server:dialback\" to=\"" + str3 + "\" from=\"" + str2 + "\" version=\"1.0\">");
        writer.flush();
        MXParser xPPParser = xMPPPacketReader.getXPPParser();
        for (int eventType = xPPParser.getEventType(); eventType != 2; eventType = xPPParser.next()) {
        }
        logger.debug("Got a response.");
        if (xPPParser.getAttributeValue("", Cookie2.VERSION) != null && xPPParser.getAttributeValue("", Cookie2.VERSION).equals("1.0")) {
            logger.debug("The remote server is XMPP 1.0 compliant (or at least reports to be).");
            try {
                Element element = xMPPPacketReader.parseDocument().getRootElement().element("starttls");
                if (!z && element != null) {
                    writer.write("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
                    writer.flush();
                    try {
                        Document parseDocument = xMPPPacketReader.parseDocument();
                        if (!parseDocument.getRootElement().getName().equals("proceed")) {
                            logger.warn("Unable to verify key: Got {} instead of proceed for starttls", parseDocument.getRootElement().getName());
                            logger.debug("Like this: {}", parseDocument.asXML());
                            return VerifyResult.error;
                        }
                        logger.debug("Negotiating TLS with AS... ");
                        TLSStreamHandler tLSStreamHandler = new TLSStreamHandler(socket, ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager()).getListener(ConnectionType.SOCKET_S2S, false).generateConnectionConfiguration(), true);
                        tLSStreamHandler.start();
                        BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(tLSStreamHandler.getOutputStream(), StandardCharsets.UTF_8));
                        xMPPPacketReader.getXPPParser().setInput(new InputStreamReader(tLSStreamHandler.getInputStream(), StandardCharsets.UTF_8));
                        logger.debug("Successfully negotiated TLS with AS... ");
                        return sendVerifyKey(str, streamID, str2, str3, bufferedWriter, xMPPPacketReader, socket, z);
                    } catch (DocumentException e) {
                        logger.warn("Unable to verify key: XML Error!", (Throwable) e);
                        return VerifyResult.error;
                    }
                }
            } catch (DocumentException e2) {
                logger.warn("Unable to verify key: XML Error!", (Throwable) e2);
                return VerifyResult.error;
            }
        }
        if (!"jabber:server:dialback".equals(xPPParser.getNamespace("db"))) {
            writer.write(new StreamError(StreamError.Condition.invalid_namespace).toXML());
            writer.flush();
            throw new RemoteConnectionFailedException("Invalid namespace");
        }
        logger.debug("Request for verification of the key and wait for response");
        StringBuilder sb = new StringBuilder();
        sb.append("<db:verify");
        sb.append(" from=\"").append(str2).append("\"");
        sb.append(" to=\"").append(str3).append("\"");
        sb.append(" id=\"").append(streamID.getID()).append("\">");
        sb.append(str);
        sb.append("</db:verify>");
        writer.write(sb.toString());
        writer.flush();
        try {
            Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
            if ("db".equals(rootElement.getNamespacePrefix()) && "verify".equals(rootElement.getName())) {
                if (rootElement.attributeValue("id") == null || !streamID.equals(BasicStreamIDFactory.createStreamID(rootElement.attributeValue("id")))) {
                    writer.write(new StreamError(StreamError.Condition.invalid_id).toXML());
                    writer.flush();
                    throw new RemoteConnectionFailedException("Invalid ID");
                }
                if (isHostUnknown(rootElement.attributeValue("to"))) {
                    writer.write(new StreamError(StreamError.Condition.host_unknown).toXML());
                    writer.flush();
                    throw new RemoteConnectionFailedException("Host unknown");
                }
                if (!str3.equals(rootElement.attributeValue("from"))) {
                    writer.write(new StreamError(StreamError.Condition.invalid_from).toXML());
                    writer.flush();
                    throw new RemoteConnectionFailedException("Invalid From");
                }
                if ("valid".equals(rootElement.attributeValue(ELResolver.TYPE))) {
                    logger.debug("Key was VERIFIED by the Authoritative Server.");
                    verifyResult = VerifyResult.valid;
                } else if ("invalid".equals(rootElement.attributeValue(ELResolver.TYPE))) {
                    logger.debug("Key was NOT VERIFIED by the Authoritative Server.");
                    verifyResult = VerifyResult.invalid;
                } else {
                    logger.debug("Key was ERRORED by the Authoritative Server.");
                    verifyResult = VerifyResult.error;
                }
            } else {
                logger.debug("db:verify answer was: " + rootElement.asXML());
            }
            return verifyResult;
        } catch (RuntimeException | DocumentException e3) {
            logger.error("An error occurred while connecting to the Authoritative Server:", e3);
            throw new RemoteConnectionFailedException("Error connecting to the Authoritative Server");
        }
    }

    private VerifyResult verifyKey(String str, StreamID streamID, String str2, String str3, Socket socket, boolean z) throws IOException, XmlPullParserException, RemoteConnectionFailedException {
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Acting as Receiving Server: Verify key with AS: " + str3 + " for OS: " + str2 + " (id " + streamID + ")]");
        logger.debug("Verifying key ...");
        BufferedWriter bufferedWriter = null;
        socket.setSoTimeout(RemoteServerManager.getSocketTimeout());
        VerifyResult verifyResult = VerifyResult.error;
        try {
            XMPPPacketReader xMPPPacketReader = new XMPPPacketReader();
            xMPPPacketReader.setXPPFactory(FACTORY);
            xMPPPacketReader.getXPPParser().setInput(new InputStreamReader(socket.getInputStream(), CHARSET));
            bufferedWriter = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream(), CHARSET));
            VerifyResult sendVerifyKey = sendVerifyKey(str, streamID, str2, str3, bufferedWriter, xMPPPacketReader, socket, z);
            try {
                bufferedWriter.write("</stream:stream>");
                bufferedWriter.flush();
                socket.close();
            } catch (IOException e) {
            }
            switch (sendVerifyKey) {
                case valid:
                    logger.debug("Successfully verified key!");
                    break;
                case invalid:
                    logger.debug("Unable to verify key: AS reports that the key is invalid.");
                    break;
                case decline:
                case error:
                default:
                    logger.debug("Unable to verify key: An error occurred.");
                    break;
            }
            return sendVerifyKey;
        } finally {
            try {
                bufferedWriter.write("</stream:stream>");
                bufferedWriter.flush();
                socket.close();
            } catch (IOException e2) {
            }
        }
    }

    public static boolean verifyReceivedKey(Element element, Connection connection) {
        String attributeValue = element.attributeValue("from");
        String attributeValue2 = element.attributeValue("to");
        String textTrim = element.getTextTrim();
        StreamID createStreamID = BasicStreamIDFactory.createStreamID(element.attributeValue("id"));
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Acting as Authoritative Server: Verify key sent by RS: " + attributeValue + " (id " + createStreamID + ")]");
        logger.debug("Verifying key... ");
        boolean equals = AuthFactory.createDigest(createStreamID.getID(), getSecretkey()).equals(textTrim);
        StringBuilder sb = new StringBuilder();
        sb.append("<db:verify");
        sb.append(" from=\"").append(attributeValue2).append("\"");
        sb.append(" to=\"").append(attributeValue).append("\"");
        sb.append(" type=\"");
        sb.append(equals ? "valid" : "invalid");
        sb.append("\" id=\"").append(createStreamID.getID()).append("\"/>");
        connection.deliverRawText(sb.toString());
        logger.debug("Verification successful! Key was: " + (equals ? "VALID" : "INVALID"));
        return equals;
    }

    private static String getSecretkey() {
        Lock lock = CacheFactory.getLock("secretKey", secretKeyCache);
        try {
            lock.lock();
            String str = secretKeyCache.get("secretKey");
            if (str == null) {
                str = StringUtils.randomString(10);
                secretKeyCache.put("secretKey", str);
            }
            return str;
        } finally {
            lock.unlock();
        }
    }

    static {
        FACTORY = null;
        try {
            FACTORY = XmlPullParserFactory.newInstance(MXParser.class.getName(), null);
        } catch (XmlPullParserException e) {
            Log.error("Error creating a parser factory", (Throwable) e);
        }
        secretKeyCache = CacheFactory.createCache("Secret Keys Cache");
    }
}
