package org.jivesoftware.openfire.session;

import com.jcraft.jzlib.ZInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.net.ssl.SSLHandshakeException;
import javax.servlet.jsp.tagext.TagAttributeInfo;
import org.apache.commons.httpclient.cookie.Cookie2;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.XMPPPacketReader;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.RoutingTable;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.net.DNSUtil;
import org.jivesoftware.openfire.net.MXParser;
import org.jivesoftware.openfire.net.SocketConnection;
import org.jivesoftware.openfire.server.OutgoingServerSocketReader;
import org.jivesoftware.openfire.server.RemoteServerManager;
import org.jivesoftware.openfire.server.ServerDialback;
import org.jivesoftware.openfire.spi.BasicStreamIDFactory;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.Log;
import org.jivesoftware.util.StringUtils;
import org.logicalcobwebs.proxool.ProxoolConstants;
import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.IQ;
import org.xmpp.packet.JID;
import org.xmpp.packet.Message;
import org.xmpp.packet.Packet;
import org.xmpp.packet.PacketError;
import org.xmpp.packet.Presence;

/* loaded from: input_file:org/jivesoftware/openfire/session/LocalOutgoingServerSession.class */
public class LocalOutgoingServerSession extends LocalSession implements OutgoingServerSession {
    private static Pattern pattern = Pattern.compile("[a-zA-Z]");
    private Collection<String> authenticatedDomains;
    private final Collection<String> hostnames;
    private OutgoingServerSocketReader socketReader;
    private boolean usingServerDialback;

    public static boolean authenticateDomain(String str, String str2) {
        SessionManager sessionManager;
        if (str2 == null || str2.length() == 0 || str2.trim().indexOf(32) > -1) {
            return false;
        }
        try {
            if (!RemoteServerManager.canAccess(str2) || (sessionManager = SessionManager.getInstance()) == null) {
                return false;
            }
            OutgoingServerSession outgoingServerSession = sessionManager.getOutgoingServerSession(str2);
            if (outgoingServerSession == null) {
                Iterator<IncomingServerSession> it = sessionManager.getIncomingServerSessions(str2).iterator();
                while (it.hasNext()) {
                    Iterator<String> it2 = it.next().getValidatedDomains().iterator();
                    while (it2.hasNext()) {
                        outgoingServerSession = sessionManager.getOutgoingServerSession(it2.next());
                        if (outgoingServerSession != null) {
                            if (outgoingServerSession.isUsingServerDialback()) {
                                break;
                            }
                            outgoingServerSession = null;
                        }
                    }
                }
            }
            if (outgoingServerSession == null) {
                int portForServer = RemoteServerManager.getPortForServer(str2);
                outgoingServerSession = sessionManager.getOutgoingServerSession(str2);
                if (outgoingServerSession == null) {
                    LocalOutgoingServerSession createOutgoingSession = createOutgoingSession(str, str2, portForServer);
                    if (createOutgoingSession != null) {
                        createOutgoingSession.addAuthenticatedDomain(str);
                        createOutgoingSession.addHostname(str2);
                        sessionManager.outgoingServerSessionCreated(createOutgoingSession);
                        return true;
                    }
                    if (!pattern.matcher(str2).find()) {
                        return false;
                    }
                    for (String str3 : sessionManager.getOutgoingServers()) {
                        if (str2.contains(str3)) {
                            sessionManager.getOutgoingServerSession(str3).addHostname(str2);
                            return true;
                        }
                    }
                    int indexOf = str2.indexOf(46);
                    while (indexOf > -1 && indexOf < str2.length()) {
                        String substring = str2.substring(indexOf + 1);
                        String xMPPDomain = XMPPServer.getInstance().getServerInfo().getXMPPDomain();
                        if ("com".equals(substring) || "net".equals(substring) || "org".equals(substring) || "gov".equals(substring) || "edu".equals(substring) || xMPPDomain.equals(substring)) {
                            return false;
                        }
                        LocalOutgoingServerSession createOutgoingSession2 = createOutgoingSession(str, substring, portForServer);
                        if (createOutgoingSession2 != null) {
                            createOutgoingSession2.addAuthenticatedDomain(str);
                            createOutgoingSession2.addHostname(str2);
                            createOutgoingSession2.addHostname(substring);
                            sessionManager.outgoingServerSessionCreated(createOutgoingSession2);
                            return true;
                        }
                        indexOf = str2.indexOf(46, indexOf + 1);
                    }
                    return false;
                }
            }
            if (outgoingServerSession.getAuthenticatedDomains().contains(str) && outgoingServerSession.getHostnames().contains(str2)) {
                return true;
            }
            return outgoingServerSession.authenticateSubdomain(str, str2);
        } catch (Exception e) {
            Log.error("Error authenticating domain with remote server: " + str2, e);
            return false;
        }
    }

    private static LocalOutgoingServerSession createOutgoingSession(String str, String str2, int i) {
        boolean booleanProperty = JiveGlobals.getBooleanProperty("xmpp.server.tls.enabled", true);
        if (RemoteServerManager.getConfiguration(str2) != null) {
        }
        Connection connection = null;
        String str3 = null;
        int i2 = i;
        Socket socket = new Socket();
        try {
            DNSUtil.HostAddress resolveXMPPServerDomain = DNSUtil.resolveXMPPServerDomain(str2, i);
            str3 = resolveXMPPServerDomain.getHost();
            i2 = resolveXMPPServerDomain.getPort();
            Log.debug("LocalOutgoingServerSession: OS - Trying to connect to " + str2 + ProxoolConstants.URL_DELIMITER + i + "(DNS lookup: " + str3 + ProxoolConstants.URL_DELIMITER + i2 + ")");
            socket.connect(new InetSocketAddress(str3, i2), RemoteServerManager.getSocketTimeout());
            Log.debug("LocalOutgoingServerSession: OS - Plain connection to " + str2 + ProxoolConstants.URL_DELIMITER + i + " successful");
            try {
                SocketConnection socketConnection = new SocketConnection(XMPPServer.getInstance().getPacketDeliverer(), socket, false);
                StringBuilder sb = new StringBuilder();
                sb.append("<stream:stream");
                sb.append(" xmlns:db=\"jabber:server:dialback\"");
                sb.append(" xmlns:stream=\"http://etherx.jabber.org/streams\"");
                sb.append(" xmlns=\"jabber:server\"");
                sb.append(" to=\"").append(str2).append("\"");
                sb.append(" version=\"1.0\">");
                socketConnection.deliverRawText(sb.toString());
                int soTimeout = socket.getSoTimeout();
                socket.setSoTimeout(5000);
                XMPPPacketReader xMPPPacketReader = new XMPPPacketReader();
                xMPPPacketReader.getXPPParser().setInput(new InputStreamReader(socket.getInputStream(), CHARSET));
                MXParser xPPParser = xMPPPacketReader.getXPPParser();
                for (int eventType = xPPParser.getEventType(); eventType != 2; eventType = xPPParser.next()) {
                }
                String attributeValue = xPPParser.getAttributeValue("", Cookie2.VERSION);
                String attributeValue2 = xPPParser.getAttributeValue("", TagAttributeInfo.ID);
                if (attributeValue != null && decodeVersion(attributeValue)[0] >= 1) {
                    socket.setSoTimeout(soTimeout);
                    Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
                    if (rootElement == null) {
                        Log.debug("LocalOutgoingServerSession: OS - Error, <starttls> was not received");
                    } else if (booleanProperty && rootElement.element("starttls") != null) {
                        LocalOutgoingServerSession secureAndAuthenticate = secureAndAuthenticate(str2, socketConnection, xMPPPacketReader, sb, str);
                        if (secureAndAuthenticate != null) {
                            return secureAndAuthenticate;
                        }
                    } else if (ServerDialback.isEnabled() && rootElement.element("dialback") != null) {
                        Log.debug("LocalOutgoingServerSession: OS - About to try connecting using server dialback XMPP 1.0 with: " + str2);
                        ServerDialback serverDialback = new ServerDialback(socketConnection, str);
                        OutgoingServerSocketReader outgoingServerSocketReader = new OutgoingServerSocketReader(xMPPPacketReader);
                        if (serverDialback.authenticateDomain(outgoingServerSocketReader, str, str2, attributeValue2)) {
                            Log.debug("LocalOutgoingServerSession: OS - SERVER DIALBACK XMPP 1.0 with " + str2 + " was successful");
                            LocalOutgoingServerSession localOutgoingServerSession = new LocalOutgoingServerSession(str, socketConnection, outgoingServerSocketReader, new BasicStreamIDFactory().createStreamID(attributeValue2));
                            socketConnection.init(localOutgoingServerSession);
                            localOutgoingServerSession.setAddress(new JID(null, str2, null));
                            return localOutgoingServerSession;
                        }
                        Log.debug("LocalOutgoingServerSession: OS - Error, SERVER DIALBACK with " + str2 + " failed");
                    }
                }
                if (socketConnection != null) {
                    socketConnection.close();
                }
            } catch (SSLHandshakeException e) {
                Log.debug("LocalOutgoingServerSession: Handshake error while creating secured outgoing session to remote server: " + str2 + "(DNS lookup: " + str3 + ProxoolConstants.URL_DELIMITER + i2 + ")", e);
                if (0 != 0) {
                    connection.close();
                }
            } catch (XmlPullParserException e2) {
                Log.warn("Error creating secured outgoing session to remote server: " + str2 + "(DNS lookup: " + str3 + ProxoolConstants.URL_DELIMITER + i2 + ")", e2);
                if (0 != 0) {
                    connection.close();
                }
            } catch (Exception e3) {
                Log.error("Error creating secured outgoing session to remote server: " + str2 + "(DNS lookup: " + str3 + ProxoolConstants.URL_DELIMITER + i2 + ")", e3);
                if (0 != 0) {
                    connection.close();
                }
            }
            if (!ServerDialback.isEnabled()) {
                return null;
            }
            Log.debug("LocalOutgoingServerSession: OS - Going to try connecting using server dialback with: " + str2);
            return new ServerDialback().createOutgoingSession(str, str2, i);
        } catch (Exception e4) {
            Log.error("Error trying to connect to remote server: " + str2 + "(DNS lookup: " + str3 + ProxoolConstants.URL_DELIMITER + i2 + ")", e4);
            return null;
        }
    }

    private static LocalOutgoingServerSession secureAndAuthenticate(String str, SocketConnection socketConnection, XMPPPacketReader xMPPPacketReader, StringBuilder sb, String str2) throws Exception {
        Log.debug("LocalOutgoingServerSession: OS - Indicating we want TLS to " + str);
        socketConnection.deliverRawText("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
        MXParser xPPParser = xMPPPacketReader.getXPPParser();
        Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
        if (rootElement == null || !rootElement.getName().equals("proceed")) {
            Log.debug("LocalOutgoingServerSession: OS - Error, <proceed> was not received");
            return null;
        }
        Log.debug("LocalOutgoingServerSession: OS - Negotiating TLS with " + str);
        socketConnection.startTLS(true, str, JiveGlobals.getBooleanProperty("xmpp.server.certificate.verify", true) && JiveGlobals.getBooleanProperty("xmpp.server.certificate.verify.chain", true) && !JiveGlobals.getBooleanProperty("xmpp.server.certificate.accept-selfsigned", false) ? Connection.ClientAuth.needed : Connection.ClientAuth.wanted);
        Log.debug("LocalOutgoingServerSession: OS - TLS negotiation with " + str + " was successful");
        socketConnection.deliverRawText(sb.toString());
        xPPParser.setInput(new InputStreamReader(socketConnection.getTLSStreamHandler().getInputStream(), CHARSET));
        for (int eventType = xPPParser.getEventType(); eventType != 2; eventType = xPPParser.next()) {
        }
        String attributeValue = xPPParser.getAttributeValue("", TagAttributeInfo.ID);
        Element rootElement2 = xMPPPacketReader.parseDocument().getRootElement();
        if (rootElement2 == null || (rootElement2.element("mechanisms") == null && rootElement2.element("dialback") == null)) {
            Log.debug("LocalOutgoingServerSession: OS - Error, no SASL mechanisms or SERVER DIALBACK were offered by " + str);
            return null;
        }
        if (Connection.CompressionPolicy.optional == Connection.CompressionPolicy.valueOf(JiveGlobals.getProperty("xmpp.server.compression.policy", Connection.CompressionPolicy.disabled.toString()))) {
            Element element = rootElement2.element("compression");
            if (element != null) {
                boolean z = false;
                Iterator elementIterator = element.elementIterator("method");
                while (elementIterator.hasNext()) {
                    if ("zlib".equals(((Element) elementIterator.next()).getTextTrim())) {
                        z = true;
                    }
                }
                if (z) {
                    socketConnection.deliverRawText("<compress xmlns='http://jabber.org/protocol/compress'><method>zlib</method></compress>");
                    if ("compressed".equals(xMPPPacketReader.parseDocument().getRootElement().getName())) {
                        socketConnection.addCompression();
                        socketConnection.startCompression();
                        Log.debug("LocalOutgoingServerSession: OS - Stream compression was successful with " + str);
                        socketConnection.deliverRawText(sb.toString());
                        ZInputStream zInputStream = new ZInputStream(socketConnection.getTLSStreamHandler().getInputStream());
                        zInputStream.setFlushMode(1);
                        xPPParser.setInput(new InputStreamReader(zInputStream, CHARSET));
                        for (int eventType2 = xPPParser.getEventType(); eventType2 != 2; eventType2 = xPPParser.next()) {
                        }
                        rootElement2 = xMPPPacketReader.parseDocument().getRootElement();
                        if (rootElement2 == null || rootElement2.element("mechanisms") == null) {
                            Log.debug("LocalOutgoingServerSession: OS - Error, EXTERNAL SASL was not offered by " + str);
                            return null;
                        }
                    } else {
                        Log.debug("LocalOutgoingServerSession: OS - Stream compression was rejected by " + str);
                    }
                } else {
                    Log.debug("LocalOutgoingServerSession: OS - Stream compression found but zlib method is not supported by" + str);
                }
            } else {
                Log.debug("LocalOutgoingServerSession: OS - Stream compression not supoprted by " + str);
            }
        }
        boolean z2 = rootElement2.element("dialback") != null;
        if (!z2 || !socketConnection.isUsingSelfSignedCertificate()) {
            Iterator elementIterator2 = rootElement2.element("mechanisms").elementIterator();
            while (elementIterator2.hasNext()) {
                if ("EXTERNAL".equals(((Element) elementIterator2.next()).getTextTrim())) {
                    Log.debug("LocalOutgoingServerSession: OS - Starting EXTERNAL SASL with " + str);
                    if (!doExternalAuthentication(str2, socketConnection, xMPPPacketReader)) {
                        Log.debug("LocalOutgoingServerSession: OS - Error, EXTERNAL SASL authentication with " + str + " failed");
                        return null;
                    }
                    Log.debug("LocalOutgoingServerSession: OS - EXTERNAL SASL with " + str + " was successful");
                    socketConnection.deliverRawText(sb.toString());
                    xPPParser.resetInput();
                    for (int eventType3 = xPPParser.getEventType(); eventType3 != 2; eventType3 = xPPParser.next()) {
                    }
                    LocalOutgoingServerSession localOutgoingServerSession = new LocalOutgoingServerSession(str2, socketConnection, new OutgoingServerSocketReader(xMPPPacketReader), new BasicStreamIDFactory().createStreamID(xPPParser.getAttributeValue("", TagAttributeInfo.ID)));
                    socketConnection.init(localOutgoingServerSession);
                    localOutgoingServerSession.setAddress(new JID(null, str, null));
                    localOutgoingServerSession.usingServerDialback = false;
                    return localOutgoingServerSession;
                }
            }
        }
        if (!z2 || (!ServerDialback.isEnabled() && !ServerDialback.isEnabledForSelfSigned())) {
            Log.debug("LocalOutgoingServerSession: OS - Error, EXTERNAL SASL and SERVER DIALBACK were not offered by " + str);
            return null;
        }
        Log.debug("LocalOutgoingServerSession: OS - About to try connecting using server dialback over TLS with: " + str);
        ServerDialback serverDialback = new ServerDialback(socketConnection, str2);
        OutgoingServerSocketReader outgoingServerSocketReader = new OutgoingServerSocketReader(xMPPPacketReader);
        if (!serverDialback.authenticateDomain(outgoingServerSocketReader, str2, str, attributeValue)) {
            Log.debug("LocalOutgoingServerSession: OS - Error, SERVER DIALBACK with " + str + " failed");
            return null;
        }
        Log.debug("LocalOutgoingServerSession: OS - SERVER DIALBACK OVER TLS with " + str + " was successful");
        LocalOutgoingServerSession localOutgoingServerSession2 = new LocalOutgoingServerSession(str2, socketConnection, outgoingServerSocketReader, new BasicStreamIDFactory().createStreamID(attributeValue));
        socketConnection.init(localOutgoingServerSession2);
        localOutgoingServerSession2.setAddress(new JID(null, str, null));
        return localOutgoingServerSession2;
    }

    private static boolean doExternalAuthentication(String str, SocketConnection socketConnection, XMPPPacketReader xMPPPacketReader) throws DocumentException, IOException, XmlPullParserException {
        socketConnection.deliverRawText("<auth xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\" mechanism=\"EXTERNAL\">" + StringUtils.encodeBase64(str) + "</auth>");
        Element rootElement = xMPPPacketReader.parseDocument().getRootElement();
        return rootElement != null && "success".equals(rootElement.getName());
    }

    public LocalOutgoingServerSession(String str, Connection connection, OutgoingServerSocketReader outgoingServerSocketReader, StreamID streamID) {
        super(str, connection, streamID);
        this.authenticatedDomains = new HashSet();
        this.hostnames = new HashSet();
        this.usingServerDialback = true;
        this.socketReader = outgoingServerSocketReader;
        outgoingServerSocketReader.setSession(this);
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    boolean canProcess(Packet packet) {
        String domain = packet.getFrom().getDomain();
        if (getAuthenticatedDomains().contains(domain)) {
            return true;
        }
        synchronized (domain.intern()) {
            if (getAuthenticatedDomains().contains(domain) || authenticateSubdomain(domain, packet.getTo().getDomain())) {
                return true;
            }
            returnErrorToSender(packet);
            return false;
        }
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    void deliver(Packet packet) throws UnauthorizedException {
        if (this.conn == null || this.conn.isClosed()) {
            return;
        }
        this.conn.deliver(packet);
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public boolean authenticateSubdomain(String str, String str2) {
        if (!this.usingServerDialback) {
            addAuthenticatedDomain(str);
            addHostname(str2);
            return true;
        }
        if (!new ServerDialback(getConnection(), str).authenticateDomain(this.socketReader, str, str2, getStreamID().getID())) {
            return false;
        }
        addAuthenticatedDomain(str);
        addHostname(str2);
        return true;
    }

    private void returnErrorToSender(Packet packet) {
        RoutingTable routingTable = XMPPServer.getInstance().getRoutingTable();
        try {
            if (packet instanceof IQ) {
                if (((IQ) packet).isResponse()) {
                    Log.debug("XMPP specs forbid us to respond with an IQ error to: " + packet.toXML());
                    return;
                }
                IQ iq = new IQ();
                iq.setID(packet.getID());
                iq.setTo(packet.getFrom());
                iq.setFrom(packet.getTo());
                iq.setChildElement(((IQ) packet).getChildElement().createCopy());
                iq.setError(PacketError.Condition.remote_server_not_found);
                routingTable.routePacket(iq.getTo(), iq, true);
            } else if (packet instanceof Presence) {
                Presence presence = new Presence();
                presence.setID(packet.getID());
                presence.setTo(packet.getFrom());
                presence.setFrom(packet.getTo());
                presence.setError(PacketError.Condition.remote_server_not_found);
                routingTable.routePacket(presence.getTo(), presence, true);
            } else if (packet instanceof Message) {
                Message message = new Message();
                message.setID(packet.getID());
                message.setTo(packet.getFrom());
                message.setFrom(packet.getTo());
                message.setType(((Message) packet).getType());
                message.setThread(((Message) packet).getThread());
                message.setError(PacketError.Condition.remote_server_not_found);
                routingTable.routePacket(message.getTo(), message, true);
            }
        } catch (Exception e) {
            Log.warn("Error returning error to sender. Original packet: " + packet, e);
        }
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public Collection<String> getAuthenticatedDomains() {
        return Collections.unmodifiableCollection(this.authenticatedDomains);
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public void addAuthenticatedDomain(String str) {
        this.authenticatedDomains.add(str);
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public Collection<String> getHostnames() {
        Collection<String> unmodifiableCollection;
        synchronized (this.hostnames) {
            unmodifiableCollection = Collections.unmodifiableCollection(this.hostnames);
        }
        return unmodifiableCollection;
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public void addHostname(String str) {
        synchronized (this.hostnames) {
            this.hostnames.add(str);
        }
        XMPPServer.getInstance().getRoutingTable().addServerRoute(new JID(null, str, null, true), this);
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    public String getAvailableStreamFeatures() {
        return null;
    }

    @Override // org.jivesoftware.openfire.session.OutgoingServerSession
    public boolean isUsingServerDialback() {
        return this.usingServerDialback;
    }
}
