package org.jenkinsci.remoting.engine;

import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.remoting.Channel;
import hudson.remoting.ChannelBuilder;
import hudson.remoting.SocketChannelStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.nio.channels.Channels;
import java.nio.channels.SocketChannel;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.jenkinsci.remoting.engine.JnlpClientDatabase;
import org.jenkinsci.remoting.protocol.IOHub;
import org.jenkinsci.remoting.protocol.NetworkLayer;
import org.jenkinsci.remoting.protocol.ProtocolStack;
import org.jenkinsci.remoting.protocol.impl.AckFilterLayer;
import org.jenkinsci.remoting.protocol.impl.AgentProtocolClientFilterLayer;
import org.jenkinsci.remoting.protocol.impl.BIONetworkLayer;
import org.jenkinsci.remoting.protocol.impl.ChannelApplicationLayer;
import org.jenkinsci.remoting.protocol.impl.ConnectionHeadersFilterLayer;
import org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException;
import org.jenkinsci.remoting.protocol.impl.NIONetworkLayer;
import org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer;
import org.jenkinsci.remoting.util.IOUtils;
import org.jenkinsci.remoting.util.VersionNumber;

/* loaded from: input_file:org/jenkinsci/remoting/engine/JnlpProtocol4Handler.class */
public class JnlpProtocol4Handler extends JnlpProtocolHandler<Jnlp4ConnectionState> {
    private static final Logger LOGGER = Logger.getLogger(JnlpProtocol4Handler.class.getName());

    @NonNull
    private final ExecutorService threadPool;

    @NonNull
    private final IOHub ioHub;

    @NonNull
    private final SSLContext context;
    private final boolean needClientAuth;

    /* renamed from: org.jenkinsci.remoting.engine.JnlpProtocol4Handler$1, reason: invalid class name */
    /* loaded from: input_file:org/jenkinsci/remoting/engine/JnlpProtocol4Handler$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$jenkinsci$remoting$engine$JnlpClientDatabase$ValidationResult = new int[JnlpClientDatabase.ValidationResult.values().length];

        static {
            try {
                $SwitchMap$org$jenkinsci$remoting$engine$JnlpClientDatabase$ValidationResult[JnlpClientDatabase.ValidationResult.IDENTITY_PROVED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$jenkinsci$remoting$engine$JnlpClientDatabase$ValidationResult[JnlpClientDatabase.ValidationResult.INVALID.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/jenkinsci/remoting/engine/JnlpProtocol4Handler$Handler.class */
    private class Handler extends Channel.Listener implements SSLEngineFilterLayer.Listener, ConnectionHeadersFilterLayer.Listener, ChannelApplicationLayer.Listener, ProtocolStack.Listener, ChannelApplicationLayer.ChannelDecorator {

        @NonNull
        private final Jnlp4ConnectionState event;
        private JnlpClientDatabase clientDatabase;
        private final boolean client = true;

        Handler(@NonNull Jnlp4ConnectionState jnlp4ConnectionState) {
            this.event = jnlp4ConnectionState;
        }

        Handler(@NonNull Jnlp4ConnectionState jnlp4ConnectionState, JnlpClientDatabase jnlpClientDatabase) {
            this.event = jnlp4ConnectionState;
            this.clientDatabase = jnlpClientDatabase;
        }

        @Override // org.jenkinsci.remoting.protocol.impl.SSLEngineFilterLayer.Listener
        public void onHandshakeCompleted(SSLSession sSLSession) throws ConnectionRefusalException {
            X509Certificate x509Certificate;
            try {
                x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
            } catch (ClassCastException e) {
                throw new ConnectionRefusalException("Unsupported server certificate type", e);
            } catch (SSLPeerUnverifiedException e2) {
                if (JnlpProtocol4Handler.this.needClientAuth) {
                    throw new ConnectionRefusalException("Client must provide authentication", e2);
                }
                x509Certificate = null;
            }
            this.event.fireBeforeProperties(x509Certificate);
        }

        @Override // org.jenkinsci.remoting.protocol.impl.ConnectionHeadersFilterLayer.Listener
        public void onReceiveHeaders(Map<String, String> map) throws ConnectionRefusalException {
            if (!this.client) {
                String str = map.get(JnlpConnectionState.CLIENT_NAME_KEY);
                if (this.clientDatabase != null && this.clientDatabase.exists(str)) {
                    X509Certificate certificate = this.event.getCertificate();
                    switch (AnonymousClass1.$SwitchMap$org$jenkinsci$remoting$engine$JnlpClientDatabase$ValidationResult[(certificate == null ? JnlpClientDatabase.ValidationResult.UNCHECKED : this.clientDatabase.validateCertificate(str, certificate)).ordinal()]) {
                        case VersionNumber.Item.STRING_ITEM /* 1 */:
                            break;
                        case 2:
                            JnlpProtocol4Handler.LOGGER.log(Level.WARNING, "An attempt was made to connect as {0} from {1} with an invalid client certificate", new Object[]{str, this.event.getRemoteEndpointDescription()});
                            throw new ConnectionRefusalException("Authentication failure");
                        default:
                            String secretOf = this.clientDatabase.getSecretOf(str);
                            if (secretOf == null) {
                                throw new ConnectionRefusalException("Unknown client name: " + str);
                            }
                            if (!MessageDigest.isEqual(secretOf.getBytes(StandardCharsets.UTF_8), map.get(JnlpConnectionState.SECRET_KEY).getBytes(StandardCharsets.UTF_8))) {
                                JnlpProtocol4Handler.LOGGER.log(Level.WARNING, "An attempt was made to connect as {0} from {1} with an incorrect secret", new Object[]{str, this.event.getRemoteEndpointDescription()});
                                throw new ConnectionRefusalException("Authorization failure");
                            }
                            break;
                    }
                } else {
                    throw new ConnectionRefusalException("Unknown client name: " + str);
                }
            }
            this.event.fireAfterProperties(map);
        }

        @Override // org.jenkinsci.remoting.protocol.impl.ChannelApplicationLayer.Listener
        public void onChannel(@NonNull Channel channel) {
            channel.addListener(this);
            JnlpProtocol4Handler.this.threadPool.execute(() -> {
                if (channel.isClosingOrClosed()) {
                    return;
                }
                this.event.fireAfterChannel(channel);
            });
        }

        @Override // org.jenkinsci.remoting.protocol.impl.ChannelApplicationLayer.ChannelDecorator
        @NonNull
        public ChannelBuilder decorate(@NonNull ChannelBuilder channelBuilder) {
            if (!this.client) {
                channelBuilder.withMode(Channel.Mode.NEGOTIATE);
            }
            this.event.fireBeforeChannel(channelBuilder);
            return this.event.getChannelBuilder();
        }

        @Override // hudson.remoting.Channel.Listener
        public void onClosed(Channel channel, IOException iOException) {
            if (channel != this.event.getChannel()) {
                return;
            }
            this.event.fireChannelClosed(iOException);
            channel.removeListener(this);
            IOUtils.closeQuietly(this.event.getSocket());
        }

        @Override // org.jenkinsci.remoting.protocol.ProtocolStack.Listener
        public void onClosed(ProtocolStack<?> protocolStack, IOException iOException) {
            try {
                this.event.fireAfterDisconnect();
            } finally {
                protocolStack.removeListener(this);
                IOUtils.closeQuietly(this.event.getSocket());
            }
        }
    }

    public JnlpProtocol4Handler(@Nullable JnlpClientDatabase jnlpClientDatabase, @NonNull ExecutorService executorService, @NonNull IOHub iOHub, @NonNull SSLContext sSLContext, boolean z, boolean z2) {
        super(jnlpClientDatabase, z2);
        this.threadPool = executorService;
        this.ioHub = iOHub;
        this.context = sSLContext;
        this.needClientAuth = z;
    }

    @Override // org.jenkinsci.remoting.engine.JnlpProtocolHandler
    public String getName() {
        return "JNLP4-connect";
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.jenkinsci.remoting.engine.JnlpProtocolHandler
    @NonNull
    public Jnlp4ConnectionState createConnectionState(@NonNull Socket socket, @NonNull List<? extends JnlpConnectionStateListener> list) {
        return new Jnlp4ConnectionState(socket, list);
    }

    @Override // org.jenkinsci.remoting.engine.JnlpProtocolHandler
    @NonNull
    public Future<Channel> handle(@NonNull Socket socket, @NonNull Map<String, String> map, @NonNull List<? extends JnlpConnectionStateListener> list) throws IOException {
        NetworkLayer createNetworkLayer = createNetworkLayer(socket);
        SSLEngine createSSLEngine = createSSLEngine(socket);
        createSSLEngine.setWantClientAuth(true);
        createSSLEngine.setNeedClientAuth(this.needClientAuth);
        createSSLEngine.setUseClientMode(false);
        Handler handler = new Handler(createConnectionState(socket, list), getClientDatabase());
        return (Future) ProtocolStack.on(createNetworkLayer).filter(new AckFilterLayer()).filter(new SSLEngineFilterLayer(createSSLEngine, handler)).filter(new ConnectionHeadersFilterLayer(map, handler)).named(String.format("%s connection from %s", getName(), socket.getRemoteSocketAddress())).listener(handler).build(new ChannelApplicationLayer(this.threadPool, handler, map.get(JnlpConnectionState.COOKIE_KEY))).get();
    }

    @Override // org.jenkinsci.remoting.engine.JnlpProtocolHandler
    @NonNull
    public Future<Channel> connect(@NonNull Socket socket, @NonNull Map<String, String> map, @NonNull List<? extends JnlpConnectionStateListener> list) throws IOException {
        NetworkLayer createNetworkLayer = createNetworkLayer(socket);
        SSLEngine createSSLEngine = createSSLEngine(socket);
        createSSLEngine.setUseClientMode(true);
        Handler handler = new Handler(createConnectionState(socket, list));
        return (Future) ProtocolStack.on(createNetworkLayer).filter(new AgentProtocolClientFilterLayer(getName())).filter(new AckFilterLayer()).filter(new SSLEngineFilterLayer(createSSLEngine, handler)).filter(new ConnectionHeadersFilterLayer(map, handler)).named(String.format("%s connection to %s", getName(), socket.getRemoteSocketAddress())).listener(handler).build(new ChannelApplicationLayer(this.threadPool, handler)).get();
    }

    private NetworkLayer createNetworkLayer(Socket socket) throws IOException {
        SocketChannel channel = isPreferNio() ? socket.getChannel() : null;
        return channel == null ? new BIONetworkLayer(this.ioHub, Channels.newChannel(SocketChannelStream.in(socket)), Channels.newChannel(SocketChannelStream.out(socket))) : new NIONetworkLayer(this.ioHub, channel, channel);
    }

    private SSLEngine createSSLEngine(Socket socket) {
        SocketAddress remoteSocketAddress = socket.getRemoteSocketAddress();
        if (!(remoteSocketAddress instanceof InetSocketAddress)) {
            return this.context.createSSLEngine();
        }
        InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteSocketAddress;
        return this.context.createSSLEngine(inetSocketAddress.getHostName(), inetSocketAddress.getPort());
    }

    @Override // org.jenkinsci.remoting.engine.JnlpProtocolHandler
    @NonNull
    public /* bridge */ /* synthetic */ Jnlp4ConnectionState createConnectionState(@NonNull Socket socket, @NonNull List list) throws IOException {
        return createConnectionState(socket, (List<? extends JnlpConnectionStateListener>) list);
    }
}
