package org.jivesoftware.openfire.handler;

import gnu.inet.encoding.Stringprep;
import gnu.inet.encoding.StringprepException;
import java.net.UnknownHostException;
import java.util.ArrayList;
import org.dom4j.DocumentHelper;
import org.dom4j.Element;
import org.dom4j.QName;
import org.jivesoftware.openfire.IQHandlerInfo;
import org.jivesoftware.openfire.PacketException;
import org.jivesoftware.openfire.RoutingTable;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.auth.AuthFactory;
import org.jivesoftware.openfire.auth.AuthToken;
import org.jivesoftware.openfire.auth.ConnectionException;
import org.jivesoftware.openfire.auth.InternalUnauthenticatedException;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.event.SessionEventDispatcher;
import org.jivesoftware.openfire.session.ClientSession;
import org.jivesoftware.openfire.session.LocalClientSession;
import org.jivesoftware.openfire.session.Session;
import org.jivesoftware.openfire.user.UserManager;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.LocaleUtils;
import org.logicalcobwebs.proxool.ProxoolConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmpp.packet.IQ;
import org.xmpp.packet.JID;
import org.xmpp.packet.PacketError;
import org.xmpp.packet.StreamError;

/* loaded from: input_file:org/jivesoftware/openfire/handler/IQAuthHandler.class */
public class IQAuthHandler extends IQHandler implements IQAuthInfo {
    private static final Logger Log = LoggerFactory.getLogger(IQAuthHandler.class);
    private boolean anonymousAllowed;
    private Element probeResponse;
    private IQHandlerInfo info;
    private String serverName;
    private UserManager userManager;
    private RoutingTable routingTable;
    private IQRegisterHandler registerHandler;

    public IQAuthHandler() {
        super("XMPP Authentication handler");
        this.info = new IQHandlerInfo("query", "jabber:iq:auth");
        this.probeResponse = DocumentHelper.createElement(QName.get("query", "jabber:iq:auth"));
        this.probeResponse.addElement("username");
        if (AuthFactory.isPlainSupported()) {
            this.probeResponse.addElement("password");
        }
        if (AuthFactory.isDigestSupported()) {
            this.probeResponse.addElement("digest");
        }
        this.probeResponse.addElement("resource");
        this.anonymousAllowed = JiveGlobals.getBooleanProperty("xmpp.auth.anonymous");
    }

    @Override // org.jivesoftware.openfire.handler.IQHandler
    public IQ handleIQ(IQ iq) throws UnauthorizedException, PacketException {
        IQ createResultIQ;
        JID from = iq.getFrom();
        LocalClientSession localClientSession = (LocalClientSession) this.sessionManager.getSession(from);
        if (localClientSession == null) {
            Log.error("Error during authentication. Session not found in " + this.sessionManager.getPreAuthenticatedKeys() + " for key " + from);
            IQ createResultIQ2 = IQ.createResultIQ(iq);
            createResultIQ2.setChildElement(iq.getChildElement().createCopy());
            createResultIQ2.setError(PacketError.Condition.internal_server_error);
            return createResultIQ2;
        }
        boolean z = false;
        if (JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
            try {
                Element element = iq.getElement().element("query");
                Element createCopy = this.probeResponse.createCopy();
                if (IQ.Type.get == iq.getType()) {
                    String elementText = element.elementText("username");
                    if (elementText != null) {
                        createCopy.element("username").setText(elementText);
                    }
                    createResultIQ = IQ.createResultIQ(iq);
                    createResultIQ.setChildElement(createCopy);
                    if (localClientSession.getStatus() != 3) {
                        createResultIQ.setTo((JID) null);
                    }
                } else if (element.elements().isEmpty()) {
                    createResultIQ = anonymousLogin(localClientSession, iq);
                    z = localClientSession.getStatus() == 3;
                } else {
                    String elementText2 = element.elementText("username");
                    String elementText3 = element.elementText("password");
                    String str = null;
                    if (element.element("digest") != null) {
                        str = element.elementText("digest").toLowerCase();
                    }
                    if (localClientSession.getStatus() != 3) {
                        createResultIQ = login(elementText2, element, iq, elementText3, localClientSession, str);
                        z = localClientSession.getStatus() == 3;
                    } else if (elementText3 == null || elementText3.trim().length() == 0) {
                        createResultIQ = IQ.createResultIQ(iq);
                        createResultIQ.setError(PacketError.Condition.not_allowed);
                        createResultIQ.setType(IQ.Type.error);
                    } else if (localClientSession.getUsername().equalsIgnoreCase(elementText2)) {
                        createResultIQ = passwordReset(elementText3, iq, elementText2, localClientSession);
                    } else {
                        if (!XMPPServer.getInstance().getAdmins().contains(new JID(from.getNode(), from.getDomain(), null, true))) {
                            throw new UnauthorizedException();
                        }
                        createResultIQ = passwordReset(elementText3, iq, elementText2, localClientSession);
                    }
                }
            } catch (ConnectionException e) {
                createResultIQ = IQ.createResultIQ(iq);
                createResultIQ.setChildElement(iq.getChildElement().createCopy());
                createResultIQ.setError(PacketError.Condition.internal_server_error);
            } catch (InternalUnauthenticatedException e2) {
                createResultIQ = IQ.createResultIQ(iq);
                createResultIQ.setChildElement(iq.getChildElement().createCopy());
                createResultIQ.setError(PacketError.Condition.internal_server_error);
            } catch (UnauthorizedException e3) {
                createResultIQ = IQ.createResultIQ(iq);
                createResultIQ.setChildElement(iq.getChildElement().createCopy());
                createResultIQ.setError(PacketError.Condition.not_authorized);
            } catch (UserNotFoundException e4) {
                createResultIQ = IQ.createResultIQ(iq);
                createResultIQ.setChildElement(iq.getChildElement().createCopy());
                createResultIQ.setError(PacketError.Condition.not_authorized);
            }
        } else {
            createResultIQ = IQ.createResultIQ(iq);
            createResultIQ.setChildElement(iq.getChildElement().createCopy());
            createResultIQ.setError(PacketError.Condition.not_authorized);
        }
        localClientSession.process(createResultIQ);
        if (!z) {
            return null;
        }
        SessionEventDispatcher.dispatchEvent(localClientSession, SessionEventDispatcher.EventType.resource_bound);
        return null;
    }

    private IQ login(String str, Element element, IQ iq, String str2, LocalClientSession localClientSession, String str3) throws UnauthorizedException, UserNotFoundException, ConnectionException, InternalUnauthenticatedException {
        if (str == null || str.trim().length() == 0) {
            throw new UnauthorizedException("Invalid username (empty or null).");
        }
        try {
            Stringprep.nodeprep(str);
            String elementText = element.elementText("resource");
            if (elementText == null) {
                IQ createResultIQ = IQ.createResultIQ(iq);
                createResultIQ.setChildElement(iq.getChildElement().createCopy());
                createResultIQ.setError(PacketError.Condition.not_acceptable);
                return createResultIQ;
            }
            try {
                elementText = JID.resourceprep(elementText);
                if (!JiveGlobals.getBooleanProperty("xmpp.auth.iqauth", true)) {
                    throw new UnauthorizedException();
                }
                String lowerCase = str.toLowerCase();
                AuthToken authToken = null;
                if (str2 != null && AuthFactory.isPlainSupported()) {
                    authToken = AuthFactory.authenticate(lowerCase, str2);
                } else if (str3 != null && AuthFactory.isDigestSupported()) {
                    authToken = AuthFactory.authenticate(lowerCase, localClientSession.getStreamID().toString(), str3);
                }
                if (authToken == null) {
                    throw new UnauthorizedException();
                }
                ClientSession clientRoute = this.routingTable.getClientRoute(new JID(lowerCase, this.serverName, elementText, true));
                if (clientRoute != null) {
                    try {
                        int conflictKickLimit = this.sessionManager.getConflictKickLimit();
                        if (conflictKickLimit == -1) {
                            IQ createResultIQ2 = IQ.createResultIQ(iq);
                            createResultIQ2.setChildElement(iq.getChildElement().createCopy());
                            createResultIQ2.setError(PacketError.Condition.forbidden);
                            return createResultIQ2;
                        }
                        if (clientRoute.incrementConflictCount() <= conflictKickLimit) {
                            IQ createResultIQ3 = IQ.createResultIQ(iq);
                            createResultIQ3.setChildElement(iq.getChildElement().createCopy());
                            createResultIQ3.setError(PacketError.Condition.forbidden);
                            return createResultIQ3;
                        }
                        clientRoute.deliverRawText(new StreamError(StreamError.Condition.conflict).toXML());
                        clientRoute.close();
                    } catch (Exception e) {
                        Log.error("Error during login", (Throwable) e);
                    }
                }
                localClientSession.setAuthToken(authToken, elementText);
                iq.setFrom(localClientSession.getAddress());
                return IQ.createResultIQ(iq);
            } catch (StringprepException e2) {
                throw new UnauthorizedException("Invalid resource: " + elementText, e2);
            }
        } catch (StringprepException e3) {
            throw new UnauthorizedException("Invalid username: " + str, e3);
        }
    }

    private IQ passwordReset(String str, IQ iq, String str2, Session session) throws UnauthorizedException {
        if (!this.registerHandler.canChangePassword() || str == null || str.length() == 0) {
            throw new UnauthorizedException();
        }
        try {
            this.userManager.getUser(str2).setPassword(str);
            IQ createResultIQ = IQ.createResultIQ(iq);
            ArrayList arrayList = new ArrayList();
            arrayList.add(str2);
            arrayList.add(session.toString());
            Log.info(LocaleUtils.getLocalizedString("admin.password.update", arrayList));
            return createResultIQ;
        } catch (UserNotFoundException e) {
            throw new UnauthorizedException();
        }
    }

    private IQ anonymousLogin(LocalClientSession localClientSession, IQ iq) {
        IQ createResultIQ = IQ.createResultIQ(iq);
        if (this.anonymousAllowed) {
            boolean z = false;
            try {
                String hostAddress = localClientSession.getConnection().getHostAddress();
                if (!LocalClientSession.getAllowedAnonymIPs().isEmpty() && !LocalClientSession.getAllowedAnonymIPs().containsKey(hostAddress)) {
                    byte[] address = localClientSession.getConnection().getAddress();
                    String str = (address[0] & 255) + ProxoolConstants.ALIAS_DELIMITER + (address[1] & 255) + ProxoolConstants.ALIAS_DELIMITER + (address[2] & 255) + ".*";
                    String str2 = (address[0] & 255) + ProxoolConstants.ALIAS_DELIMITER + (address[1] & 255) + ".*.*";
                    String str3 = (address[0] & 255) + ".*.*.*";
                    if (!LocalClientSession.getAllowedAnonymIPs().containsKey(str) && !LocalClientSession.getAllowedAnonymIPs().containsKey(str2)) {
                        if (!LocalClientSession.getAllowedAnonymIPs().containsKey(str3)) {
                            z = true;
                        }
                    }
                }
            } catch (UnknownHostException e) {
                z = true;
            }
            if (z) {
                createResultIQ.setChildElement(iq.getChildElement().createCopy());
                createResultIQ.setError(PacketError.Condition.forbidden);
            } else {
                localClientSession.setAnonymousAuth();
                createResultIQ.setTo(localClientSession.getAddress());
                createResultIQ.setChildElement("query", "jabber:iq:auth").addElement("resource").setText(localClientSession.getAddress().getResource());
            }
        } else {
            createResultIQ.setChildElement(iq.getChildElement().createCopy());
            createResultIQ.setError(PacketError.Condition.forbidden);
        }
        return createResultIQ;
    }

    @Override // org.jivesoftware.openfire.handler.IQAuthInfo
    public boolean isAnonymousAllowed() {
        return this.anonymousAllowed;
    }

    @Override // org.jivesoftware.openfire.handler.IQAuthInfo
    public void setAllowAnonymous(boolean z) throws UnauthorizedException {
        this.anonymousAllowed = z;
        JiveGlobals.setProperty("xmpp.auth.anonymous", Boolean.toString(this.anonymousAllowed));
    }

    @Override // org.jivesoftware.openfire.handler.IQHandler, org.jivesoftware.openfire.container.BasicModule, org.jivesoftware.openfire.container.Module
    public void initialize(XMPPServer xMPPServer) {
        super.initialize(xMPPServer);
        this.userManager = xMPPServer.getUserManager();
        this.routingTable = xMPPServer.getRoutingTable();
        this.registerHandler = xMPPServer.getIQRegisterHandler();
        this.serverName = xMPPServer.getServerInfo().getXMPPDomain();
    }

    @Override // org.jivesoftware.openfire.handler.IQHandler
    public IQHandlerInfo getInfo() {
        return this.info;
    }
}
