package org.eclipse.hono.authentication;

import io.vertx.proton.ProtonConnection;
import io.vertx.proton.ProtonHelper;
import io.vertx.proton.ProtonReceiver;
import io.vertx.proton.ProtonSender;
import org.apache.qpid.proton.amqp.transport.AmqpError;
import org.apache.qpid.proton.amqp.transport.Source;
import org.eclipse.hono.config.ServiceConfigProperties;
import org.eclipse.hono.service.amqp.AmqpEndpoint;
import org.eclipse.hono.service.amqp.AmqpServiceBase;
import org.eclipse.hono.service.auth.AddressAuthzHelper;
import org.eclipse.hono.util.Constants;
import org.eclipse.hono.util.ResourceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/authentication/SimpleAuthenticationServer.class */
public final class SimpleAuthenticationServer extends AmqpServiceBase<ServiceConfigProperties> {
    private static final Logger LOG = LoggerFactory.getLogger(SimpleAuthenticationServer.class);

    public void setConfig(ServiceConfigProperties serviceConfigProperties) {
        setSpecificConfig(serviceConfigProperties);
    }

    protected String getServiceName() {
        return "hono-auth";
    }

    protected void setRemoteConnectionOpenHandler(ProtonConnection protonConnection) {
        protonConnection.sessionOpenHandler(protonSession -> {
            handleSessionOpen(protonConnection, protonSession);
        });
        protonConnection.senderOpenHandler(protonSender -> {
            handleSenderOpen(protonConnection, protonSender);
        });
        protonConnection.disconnectHandler(protonConnection2 -> {
            protonConnection2.close();
            protonConnection2.disconnect();
        });
        protonConnection.closeHandler(asyncResult -> {
            protonConnection.close();
            protonConnection.disconnect();
        });
        protonConnection.openHandler(asyncResult2 -> {
            if (asyncResult2.failed()) {
                LOG.debug("ignoring peer's open frame containing error", asyncResult2.cause());
            } else {
                processRemoteOpen((ProtonConnection) asyncResult2.result());
            }
        });
    }

    protected void processRemoteOpen(ProtonConnection protonConnection) {
        if (AddressAuthzHelper.isAddressAuthzCapabilitySet(protonConnection)) {
            LOG.debug("client [container: {}] requests transfer of authenticated user's authorities in open frame", protonConnection.getRemoteContainer());
            AddressAuthzHelper.processAddressAuthzCapability(protonConnection);
        }
        protonConnection.open();
        this.vertx.setTimer(5000L, l -> {
            if (protonConnection.isDisconnected()) {
                return;
            }
            LOG.debug("connection with client [{}] timed out after 5 seconds, closing connection", protonConnection.getRemoteContainer());
            protonConnection.setCondition(ProtonHelper.condition(Constants.AMQP_ERROR_INACTIVITY, "client must retrieve token within 5 secs after opening connection")).close();
        });
    }

    protected void handleReceiverOpen(ProtonConnection protonConnection, ProtonReceiver protonReceiver) {
        protonReceiver.setCondition(ProtonHelper.condition(AmqpError.NOT_ALLOWED, "cannot write to node"));
        protonReceiver.close();
    }

    protected void handleSenderOpen(ProtonConnection protonConnection, ProtonSender protonSender) {
        Source remoteSource = protonSender.getRemoteSource();
        LOG.debug("client [{}] wants to open a link for receiving messages [address: {}]", protonConnection.getRemoteContainer(), remoteSource);
        if (!ResourceIdentifier.isValid(remoteSource.getAddress())) {
            handleUnknownEndpoint(protonConnection, protonSender, remoteSource.getAddress());
            return;
        }
        ResourceIdentifier fromString = ResourceIdentifier.fromString(remoteSource.getAddress());
        AmqpEndpoint endpoint = getEndpoint(fromString);
        if (endpoint == null) {
            handleUnknownEndpoint(protonConnection, protonSender, fromString.toString());
        } else if ("ANONYMOUS".equals(Constants.getClientPrincipal(protonConnection).getName())) {
            protonConnection.setCondition(ProtonHelper.condition(AmqpError.UNAUTHORIZED_ACCESS, "client must authenticate using SASL")).close();
        } else {
            protonSender.setSource(protonSender.getRemoteSource());
            endpoint.onLinkAttach(protonConnection, protonSender, fromString);
        }
    }
}
