package tigase.xmpp.impl;

import java.util.Map;
import java.util.Queue;
import java.util.logging.Level;
import java.util.logging.Logger;
import tigase.db.NonAuthUserRepository;
import tigase.io.SSLContextContainerIfc;
import tigase.kernel.beans.Bean;
import tigase.server.Command;
import tigase.server.Packet;
import tigase.server.xmppsession.SessionManager;
import tigase.vhosts.VHostItem;
import tigase.xml.Element;
import tigase.xmpp.StanzaType;
import tigase.xmpp.XMPPPreprocessorIfc;
import tigase.xmpp.XMPPProcessor;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;

@Bean(name = "starttls", parent = SessionManager.class, active = true)
/* loaded from: input_file:tigase/xmpp/impl/StartTLS.class */
public class StartTLS extends XMPPProcessor implements XMPPProcessorIfc, XMPPPreprocessorIfc {
    public static final String EL_NAME = "starttls";
    protected static final String ID = "starttls";
    private static final String[][] ELEMENTS = {new String[]{"starttls"}, new String[]{"proceed"}, new String[]{"failure"}};
    private static final Logger log = Logger.getLogger(StartTLS.class.getName());
    private static final String XMLNS = "urn:ietf:params:xml:ns:xmpp-tls";
    private static final String[] XMLNSS = {XMLNS, XMLNS, XMLNS};
    private static final Element[] F_REQUIRED = {new Element("starttls", new Element[]{new Element("required")}, new String[]{"xmlns"}, new String[]{XMLNS})};
    private static final Element[] F_NOT_REQUIRED = {new Element("starttls", new String[]{"xmlns"}, new String[]{XMLNS})};
    private Element failure = new Element("failure", new String[]{"xmlns"}, new String[]{XMLNS});
    private Element proceed = new Element("proceed", new String[]{"xmlns"}, new String[]{XMLNS});

    @Override // tigase.xmpp.XMPPImplIfc
    public String id() {
        return "starttls";
    }

    @Override // tigase.xmpp.XMPPProcessorIfc
    public void process(Packet packet, XMPPResourceConnection xMPPResourceConnection, NonAuthUserRepository nonAuthUserRepository, Queue<Packet> queue, Map<String, Object> map) {
        if (xMPPResourceConnection == null) {
            return;
        }
        if (!packet.isElement("starttls", XMLNS)) {
            log.log(Level.WARNING, "Unknown TLS element: {0}", packet);
            queue.offer(packet.swapFromTo(this.failure, null, null));
            queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
        } else if (xMPPResourceConnection.getSessionData("starttls") != null) {
            log.log(Level.FINEST, "Multiple TLS requests, possible DOS attack, closing connection: {0}", packet);
            queue.offer(packet.swapFromTo(this.failure, null, null));
            queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
        } else {
            xMPPResourceConnection.putSessionData("starttls", SSLContextContainerIfc.ALLOW_SELF_SIGNED_CERTS_VAL);
            Packet packet2 = Command.STARTTLS.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId(), Command.DataType.submit);
            Command.setData(packet2, this.proceed);
            queue.offer(packet2);
        }
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[][] supElementNamePaths() {
        return ELEMENTS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[] supNamespaces() {
        return XMLNSS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supStreamFeatures(XMPPResourceConnection xMPPResourceConnection) {
        if (xMPPResourceConnection == null || xMPPResourceConnection.getSessionData("starttls") != null || xMPPResourceConnection.isEncrypted()) {
            return null;
        }
        return (xMPPResourceConnection.getDomain() == null || !xMPPResourceConnection.isTlsRequired()) ? F_NOT_REQUIRED : F_REQUIRED;
    }

    @Override // tigase.xmpp.XMPPPreprocessorIfc
    public boolean preProcess(Packet packet, XMPPResourceConnection xMPPResourceConnection, NonAuthUserRepository nonAuthUserRepository, Queue<Packet> queue, Map<String, Object> map) {
        boolean z = false;
        if (xMPPResourceConnection == null || xMPPResourceConnection.isServerSession()) {
            return false;
        }
        VHostItem domain = xMPPResourceConnection.getDomain();
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "VHost: {0}", new Object[]{domain});
        }
        if (domain != null && xMPPResourceConnection.isTlsRequired() && !xMPPResourceConnection.isEncrypted() && !packet.isElement("starttls", XMLNS)) {
            z = true;
        }
        return z;
    }
}
