package org.jivesoftware.openfire.session;

import java.io.IOException;
import java.io.InputStreamReader;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.httpclient.cookie.Cookie2;
import org.apache.log4j.Level;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.XMPPPacketReader;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.RoutingTable;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.net.MXParser;
import org.jivesoftware.openfire.net.SASLAuthentication;
import org.jivesoftware.openfire.net.SocketConnection;
import org.jivesoftware.openfire.net.SocketUtil;
import org.jivesoftware.openfire.server.OutgoingServerSocketReader;
import org.jivesoftware.openfire.server.RemoteServerManager;
import org.jivesoftware.openfire.server.ServerDialback;
import org.jivesoftware.openfire.session.ConnectionSettings;
import org.jivesoftware.openfire.spi.BasicStreamIDFactory;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.IQ;
import org.xmpp.packet.JID;
import org.xmpp.packet.Message;
import org.xmpp.packet.Packet;
import org.xmpp.packet.PacketError;
import org.xmpp.packet.Presence;

/* loaded from: input_file:org/jivesoftware/openfire/session/LocalOutgoingServerSession.class */
public class LocalOutgoingServerSession extends LocalServerSession implements OutgoingServerSession {
    private static final Logger Log = LoggerFactory.getLogger(LocalOutgoingServerSession.class);
    private static Pattern pattern = Pattern.compile("[a-zA-Z]");
    private Collection<String> authenticatedDomains;
    private final Collection<String> hostnames;
    private OutgoingServerSocketReader socketReader;

    public static boolean authenticateDomain(String str, String str2) {
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Authenticate local domain: '" + str + "' to remote domain: '" + str2 + "']");
        logger.debug("Start domain authentication ...");
        if (str2 == null || str2.length() == 0 || str2.trim().indexOf(32) > -1) {
            logger.warn("Unable to authenticate: remote domain is invalid.");
            return false;
        }
        try {
            if (!RemoteServerManager.canAccess(str2)) {
                logger.info("Unable to authenticate: Remote domain is not accessible according to our configuration (typical causes: server federation is disabled, or domain is blacklisted).");
                return false;
            }
            logger.debug("Searching for pre-existing outgoing sessions to the remote domain (if one exists, it will be re-used) ...");
            SessionManager sessionManager = SessionManager.getInstance();
            if (sessionManager == null) {
                logger.warn("Unable to authenticate: a SessionManager instance is not available. This should not occur unless Openfire is starting up or shutting down.");
                return false;
            }
            OutgoingServerSession outgoingServerSession = sessionManager.getOutgoingServerSession(str2);
            if (outgoingServerSession == null) {
                logger.debug("There are no pre-existing outgoing sessions to the remote domain itself. Searching for pre-existing outgoing sessions to super- or subdomains of the remote domain (if one exists, it might be re-usable) ...");
                Iterator<IncomingServerSession> it = sessionManager.getIncomingServerSessions(str2).iterator();
                while (it.hasNext()) {
                    Iterator<String> it2 = it.next().getValidatedDomains().iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            String next = it2.next();
                            outgoingServerSession = sessionManager.getOutgoingServerSession(next);
                            if (outgoingServerSession != null) {
                                logger.debug("An outgoing session to a different domain ('{}') hosted on the remote domain was found.", next);
                                if (outgoingServerSession.isUsingServerDialback()) {
                                    logger.debug("Dialback was used for '{}'. This session can be re-used.", next);
                                    break;
                                }
                                logger.debug("Dialback was not used for '{}'. This session cannot be re-used.", next);
                                outgoingServerSession = null;
                            }
                        }
                    }
                }
                if (outgoingServerSession == null) {
                    logger.debug("There are no pre-existing session to other domains hosted on the remote domain.");
                }
            }
            if (outgoingServerSession != null) {
                logger.debug("A pre-existing session can be re-used. The session was established using server dialback so it is possible to do piggybacking to authenticate more domains.");
                if (outgoingServerSession.getAuthenticatedDomains().contains(str) && outgoingServerSession.getHostnames().contains(str2)) {
                    logger.debug("Authentication successful (domain was already authenticated in the pre-existing session).");
                    return true;
                }
                if (outgoingServerSession.authenticateSubdomain(str, str2)) {
                    logger.debug("Authentication successful (domain authentication was added using a pre-existing session).");
                    return true;
                }
                logger.warn("Unable to authenticate: Unable to add authentication to pre-exising session.");
                return false;
            }
            logger.debug("Unable to re-use an existing session. Creating a new session ...");
            LocalOutgoingServerSession createOutgoingSession = createOutgoingSession(str, str2, RemoteServerManager.getPortForServer(str2));
            if (createOutgoingSession == null) {
                logger.warn("Unable to authenticate: Fail to create new session.");
                return false;
            }
            logger.debug("Created a new session.");
            createOutgoingSession.addAuthenticatedDomain(str);
            createOutgoingSession.addHostname(str2);
            sessionManager.outgoingServerSessionCreated(createOutgoingSession);
            logger.debug("Authentication successful.");
            return true;
        } catch (Exception e) {
            logger.error("An exception occurred while authenticating remote domain!", (Throwable) e);
            return false;
        }
    }

    private static LocalOutgoingServerSession createOutgoingSession(String str, String str2, int i) {
        SocketConnection socketConnection;
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Create outgoing session for: " + str + " to " + str2 + "]");
        logger.debug("Creating new session...");
        logger.debug("Creating plain socket connection to a host that belongs to the remote XMPP domain.");
        Socket createSocketToXmppDomain = SocketUtil.createSocketToXmppDomain(str2, i);
        if (createSocketToXmppDomain == null) {
            logger.info("Unable to create new session: Cannot create a plain socket connection with any applicable remote host.");
            return null;
        }
        SocketConnection socketConnection2 = null;
        try {
            socketConnection = new SocketConnection(XMPPServer.getInstance().getPacketDeliverer(), createSocketToXmppDomain, false);
            logger.debug("Send the stream header and wait for response...");
            StringBuilder sb = new StringBuilder();
            sb.append("<stream:stream");
            sb.append(" xmlns:db=\"jabber:server:dialback\"");
            sb.append(" xmlns:stream=\"http://etherx.jabber.org/streams\"");
            sb.append(" xmlns=\"jabber:server\"");
            sb.append(" from=\"").append(str).append("\"");
            sb.append(" to=\"").append(str2).append("\"");
            sb.append(" version=\"1.0\">");
            socketConnection.deliverRawText(sb.toString());
            int soTimeout = createSocketToXmppDomain.getSoTimeout();
            createSocketToXmppDomain.setSoTimeout(Level.TRACE_INT);
            XMPPPacketReader xMPPPacketReader = new XMPPPacketReader();
            xMPPPacketReader.getXPPParser().setInput(new InputStreamReader(createSocketToXmppDomain.getInputStream(), StandardCharsets.UTF_8));
            MXParser xPPParser = xMPPPacketReader.getXPPParser();
            for (int eventType = xPPParser.getEventType(); eventType != 2; eventType = xPPParser.next()) {
            }
            String attributeValue = xPPParser.getAttributeValue("", Cookie2.VERSION);
            String attributeValue2 = xPPParser.getAttributeValue("", "id");
            logger.debug("Got a response (stream ID: {}, version: {}). Check if the remote server is XMPP 1.0 compliant...", attributeValue2, attributeValue);
            if (attributeValue == null || decodeVersion(attributeValue)[0] < 1) {
                logger.debug("The remote server is not XMPP 1.0 compliant.");
            } else {
                logger.debug("The remote server is XMPP 1.0 compliant (or at least reports to be).");
                createSocketToXmppDomain.setSoTimeout(soTimeout);
                logger.debug("Processing stream features of the remote domain...");
                Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
                if (rootElement != null) {
                    logger.debug("Check if both us as well as the remote server have enabled STARTTLS and/or dialback ...");
                    if (JiveGlobals.getBooleanProperty(ConnectionSettings.Server.TLS_ENABLED, true) && rootElement.element("starttls") != null) {
                        logger.debug("Both us and the remote server support the STARTTLS feature. Secure and authenticate the connection with TLS & SASL...");
                        LocalOutgoingServerSession secureAndAuthenticate = secureAndAuthenticate(str2, socketConnection, xMPPPacketReader, sb, str);
                        if (secureAndAuthenticate != null) {
                            logger.debug("Successfully secured/authenticated the connection with TLS/SASL)!");
                            logger.debug("Successfully created new session!");
                            return secureAndAuthenticate;
                        }
                        logger.debug("Unable to secure and authenticate the connection with TLS & SASL.");
                    } else {
                        if (socketConnection.getTlsPolicy() == Connection.TLSPolicy.required) {
                            logger.debug("I have no StartTLS yet I must TLS");
                            socketConnection.close();
                            return null;
                        }
                        if (ServerDialback.isEnabled() && rootElement.element("dialback") != null) {
                            logger.debug("Both us and the remote server support the 'dialback' feature. Authenticate the connection with dialback...");
                            ServerDialback serverDialback = new ServerDialback(socketConnection, str);
                            OutgoingServerSocketReader outgoingServerSocketReader = new OutgoingServerSocketReader(xMPPPacketReader);
                            if (serverDialback.authenticateDomain(outgoingServerSocketReader, str, str2, attributeValue2)) {
                                logger.debug("Successfully authenticated the connection with dialback!");
                                new BasicStreamIDFactory();
                                LocalOutgoingServerSession localOutgoingServerSession = new LocalOutgoingServerSession(str, socketConnection, outgoingServerSocketReader, BasicStreamIDFactory.createStreamID(attributeValue2));
                                socketConnection.init(localOutgoingServerSession);
                                localOutgoingServerSession.setAddress(new JID(null, str2, null));
                                logger.debug("Successfully created new session!");
                                return localOutgoingServerSession;
                            }
                            logger.debug("Unable to authenticate the connection with dialback.");
                        }
                    }
                } else {
                    logger.debug("Error! No data from the remote server (expected a 'feature' element).");
                }
            }
            logger.debug("Something went wrong so close the connection and try server dialback over a plain connection");
        } catch (SSLHandshakeException e) {
            logger.info("STARTTLS negotiation failed. Closing connection (without sending any data such as <failure/> or </stream>).", (Throwable) e);
            if (0 != 0) {
                socketConnection2.forceClose();
            }
        } catch (Exception e2) {
            logger.warn("An exception occurred while creating an encrypted session. Closing connection.", (Throwable) e2);
            if (0 != 0) {
                socketConnection2.close();
            }
        }
        if (socketConnection.getTlsPolicy() == Connection.TLSPolicy.required) {
            logger.debug("I have no StartTLS yet I must TLS");
            socketConnection.close();
            return null;
        }
        socketConnection.close();
        if (!ServerDialback.isEnabled()) {
            logger.warn("Unable to create a new session: exhausted all options (not trying dialback as a fallback, as server dialback is disabled by configuration.");
            return null;
        }
        logger.debug("Unable to create a new session. Going to try connecting using server dialback as a fallback.");
        LocalOutgoingServerSession createOutgoingSession = new ServerDialback().createOutgoingSession(str, str2, i);
        if (createOutgoingSession != null) {
            logger.debug("Successfully created new session (using dialback as a fallback)!");
            return createOutgoingSession;
        }
        logger.warn("Unable to create a new session: Dialback (as a fallback) failed.");
        return null;
    }

    private static LocalOutgoingServerSession secureAndAuthenticate(String str, SocketConnection socketConnection, XMPPPacketReader xMPPPacketReader, StringBuilder sb, String str2) throws Exception {
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Secure/Authenticate connection for: " + str2 + " to: " + str + "]");
        logger.debug("Securing and authenticating connection ...");
        logger.debug("Indicating we want TLS and wait for response.");
        socketConnection.deliverRawText("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
        MXParser xPPParser = xMPPPacketReader.getXPPParser();
        Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
        if (rootElement == null || !rootElement.getName().equals("proceed")) {
            logger.debug("Failed to secure and authenticate connection: <proceed> was not received!");
            return null;
        }
        logger.debug("Received 'proceed' from remote server. Negotiating TLS...");
        try {
            socketConnection.startTLS(true);
            logger.debug("TLS negotiation was successful. Connection secured. Proceeding with authentication...");
            if (!SASLAuthentication.verifyCertificates(socketConnection.getPeerCertificates(), str, true)) {
                if (!ServerDialback.isEnabled() && !ServerDialback.isEnabledForSelfSigned()) {
                    logger.warn("Unable to authenticated the connection: SASL authentication failed (and dialback is not available).");
                    return null;
                }
                logger.debug("SASL authentication failed. Will continue with dialback.");
            }
            logger.debug("TLS negotiation was successful so initiate a new stream.");
            socketConnection.deliverRawText(sb.toString());
            xPPParser.setInput(new InputStreamReader(socketConnection.getTLSStreamHandler().getInputStream(), StandardCharsets.UTF_8));
            for (int eventType = xPPParser.getEventType(); eventType != 2; eventType = xPPParser.next()) {
            }
            String attributeValue = xPPParser.getAttributeValue("", "id");
            Element rootElement2 = xMPPPacketReader.parseDocument().getRootElement();
            if (rootElement2 == null) {
                logger.debug("Failed to secure and authenticate connection: neither SASL mechanisms nor SERVER DIALBACK were offered by the remote host.");
                return null;
            }
            boolean z = false;
            if (rootElement2.element("mechanisms") != null) {
                Iterator elementIterator = rootElement2.element("mechanisms").elementIterator();
                while (true) {
                    if (!elementIterator.hasNext()) {
                        break;
                    }
                    if ("EXTERNAL".equals(((Element) elementIterator.next()).getTextTrim())) {
                        z = true;
                        break;
                    }
                }
            }
            logger.debug("Remote server is offering dialback: {}, EXTERNAL SASL:", Boolean.valueOf(rootElement2.element("dialback") != null), Boolean.valueOf(z));
            LocalOutgoingServerSession localOutgoingServerSession = null;
            if (z) {
                logger.debug("Trying to authenticate with EXTERNAL SASL.");
                localOutgoingServerSession = attemptSASLexternal(socketConnection, xPPParser, xMPPPacketReader, str2, str, attributeValue, sb);
                if (localOutgoingServerSession == null) {
                    logger.debug("Failed to authenticate with EXTERNAL SASL.");
                } else {
                    logger.debug("Successfully authenticated with EXTERNAL SASL.");
                }
            }
            if (localOutgoingServerSession == null) {
                logger.debug("Trying to authenticate with dialback.");
                localOutgoingServerSession = attemptDialbackOverTLS(socketConnection, xMPPPacketReader, str2, str, attributeValue);
                if (localOutgoingServerSession == null) {
                    logger.debug("Failed to authenticate with dialback.");
                } else {
                    logger.debug("Successfully authenticated with dialback.");
                }
            }
            if (localOutgoingServerSession != null) {
                logger.debug("Successfully secured and authenticated connection!");
                return localOutgoingServerSession;
            }
            logger.warn("Unable to secure and authenticate connection: Exhausted all options.");
            return null;
        } catch (Exception e) {
            logger.debug("TLS negotiation failed: " + e.getMessage());
            throw e;
        }
    }

    private static LocalOutgoingServerSession attemptDialbackOverTLS(Connection connection, XMPPPacketReader xMPPPacketReader, String str, String str2, String str3) {
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[Dialback over TLS for: " + str + " to: " + str2 + " (Stream ID: " + str3 + ")]");
        if (!ServerDialback.isEnabled() && !ServerDialback.isEnabledForSelfSigned()) {
            logger.debug("Skipping server dialback attempt as it has been disabled by local configuration.");
            return null;
        }
        logger.debug("Trying to connecting using dialback over TLS.");
        ServerDialback serverDialback = new ServerDialback(connection, str);
        OutgoingServerSocketReader outgoingServerSocketReader = new OutgoingServerSocketReader(xMPPPacketReader);
        if (!serverDialback.authenticateDomain(outgoingServerSocketReader, str, str2, str3)) {
            logger.debug("Dialback over TLS failed");
            return null;
        }
        logger.debug("Dialback over TLS was successful.");
        new BasicStreamIDFactory();
        LocalOutgoingServerSession localOutgoingServerSession = new LocalOutgoingServerSession(str, connection, outgoingServerSocketReader, BasicStreamIDFactory.createStreamID(str3));
        connection.init(localOutgoingServerSession);
        localOutgoingServerSession.setAddress(new JID(null, str2, null));
        return localOutgoingServerSession;
    }

    private static LocalOutgoingServerSession attemptSASLexternal(SocketConnection socketConnection, MXParser mXParser, XMPPPacketReader xMPPPacketReader, String str, String str2, String str3, StringBuilder sb) throws DocumentException, IOException, XmlPullParserException {
        Logger logger = LoggerFactory.getLogger(Log.getName() + "[EXTERNAL SASL for: " + str + " to: " + str2 + " (Stream ID: " + str3 + ")]");
        logger.debug("Starting EXTERNAL SASL.");
        if (!doExternalAuthentication(str, socketConnection, xMPPPacketReader)) {
            logger.debug("EXTERNAL SASL failed.");
            return null;
        }
        logger.debug("EXTERNAL SASL was successful.");
        socketConnection.deliverRawText(sb.toString());
        mXParser.setInput(new InputStreamReader(socketConnection.getTLSStreamHandler().getInputStream(), StandardCharsets.UTF_8));
        int eventType = mXParser.getEventType();
        while (eventType != 2) {
            eventType = mXParser.next();
        }
        String attributeValue = mXParser.getAttributeValue("", "id");
        new BasicStreamIDFactory();
        LocalOutgoingServerSession localOutgoingServerSession = new LocalOutgoingServerSession(str, socketConnection, new OutgoingServerSocketReader(xMPPPacketReader), BasicStreamIDFactory.createStreamID(attributeValue));
        socketConnection.init(localOutgoingServerSession);
        localOutgoingServerSession.setAddress(new JID(null, str2, null));
        localOutgoingServerSession.usingServerDialback = false;
        return localOutgoingServerSession;
    }

    private static boolean doExternalAuthentication(String str, SocketConnection socketConnection, XMPPPacketReader xMPPPacketReader) throws DocumentException, IOException, XmlPullParserException {
        socketConnection.deliverRawText("<auth xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\" mechanism=\"EXTERNAL\">" + StringUtils.encodeBase64(str) + "</auth>");
        Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
        return rootElement != null && "success".equals(rootElement.getName());
    }

    public LocalOutgoingServerSession(String str, Connection connection, OutgoingServerSocketReader outgoingServerSocketReader, StreamID streamID) {
        super(str, connection, streamID);
        this.authenticatedDomains = new HashSet();
        this.hostnames = new HashSet();
        this.socketReader = outgoingServerSocketReader;
        outgoingServerSocketReader.setSession(this);
    }

    @Override // org.jivesoftware.openfire.session.LocalServerSession, org.jivesoftware.openfire.session.LocalSession
    boolean canProcess(Packet packet) {
        String domain = packet.getFrom().getDomain();
        boolean z = true;
        if (!getAuthenticatedDomains().contains(domain)) {
            synchronized (("Auth::" + domain).intern()) {
                if (!getAuthenticatedDomains().contains(domain) && !authenticateSubdomain(domain, packet.getTo().getDomain())) {
                    z = false;
                }
            }
        }
        if (!z) {
            returnErrorToSender(packet);
        }
        return z;
    }

    @Override // org.jivesoftware.openfire.session.LocalServerSession, org.jivesoftware.openfire.session.LocalSession
    void deliver(Packet packet) throws UnauthorizedException {
        if (this.conn.isClosed()) {
            return;
        }
        this.conn.deliver(packet);
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public boolean authenticateSubdomain(String str, String str2) {
        if (!this.usingServerDialback) {
            addAuthenticatedDomain(str);
            addHostname(str2);
            return true;
        }
        if (!new ServerDialback(getConnection(), str).authenticateDomain(this.socketReader, str, str2, getStreamID().getID())) {
            return false;
        }
        addAuthenticatedDomain(str);
        addHostname(str2);
        return true;
    }

    private void returnErrorToSender(Packet packet) {
        RoutingTable routingTable = XMPPServer.getInstance().getRoutingTable();
        if (packet.getError() != null) {
            Log.debug("Possible double bounce: " + packet.toXML());
        }
        try {
            if (packet instanceof IQ) {
                if (((IQ) packet).isResponse()) {
                    Log.debug("XMPP specs forbid us to respond with an IQ error to: " + packet.toXML());
                    return;
                }
                IQ iq = new IQ();
                iq.setID(packet.getID());
                iq.setTo(packet.getFrom());
                iq.setFrom(packet.getTo());
                iq.setChildElement(((IQ) packet).getChildElement().createCopy());
                iq.setType(IQ.Type.error);
                iq.setError(PacketError.Condition.remote_server_not_found);
                routingTable.routePacket(iq.getTo(), iq, true);
            } else if (packet instanceof Presence) {
                if (((Presence) packet).getType() == Presence.Type.error) {
                    Log.debug("Double-bounce of presence: " + packet.toXML());
                    return;
                }
                Presence presence = new Presence();
                presence.setID(packet.getID());
                presence.setTo(packet.getFrom());
                presence.setFrom(packet.getTo());
                presence.setType(Presence.Type.error);
                presence.setError(PacketError.Condition.remote_server_not_found);
                routingTable.routePacket(presence.getTo(), presence, true);
            } else if (packet instanceof Message) {
                if (((Message) packet).getType() == Message.Type.error) {
                    Log.debug("Double-bounce of message: " + packet.toXML());
                    return;
                }
                Message message = new Message();
                message.setID(packet.getID());
                message.setTo(packet.getFrom());
                message.setFrom(packet.getTo());
                message.setType(Message.Type.error);
                message.setThread(((Message) packet).getThread());
                message.setError(PacketError.Condition.remote_server_not_found);
                routingTable.routePacket(message.getTo(), message, true);
            }
        } catch (Exception e) {
            Log.error("Error returning error to sender. Original packet: " + packet, (Throwable) e);
        }
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public Collection<String> getAuthenticatedDomains() {
        return Collections.unmodifiableCollection(this.authenticatedDomains);
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public void addAuthenticatedDomain(String str) {
        this.authenticatedDomains.add(str);
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public Collection<String> getHostnames() {
        Collection<String> unmodifiableCollection;
        synchronized (this.hostnames) {
            unmodifiableCollection = Collections.unmodifiableCollection(this.hostnames);
        }
        return unmodifiableCollection;
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public void addHostname(String str) {
        synchronized (this.hostnames) {
            this.hostnames.add(str);
        }
        XMPPServer.getInstance().getRoutingTable().addServerRoute(new JID(null, str, null, true), this);
    }

    @Override // org.jivesoftware.openfire.session.LocalServerSession, org.jivesoftware.openfire.session.LocalSession
    public String getAvailableStreamFeatures() {
        return null;
    }
}
