package com.hivemq.extensions.handler;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import com.hivemq.bootstrap.ClientConnection;
import com.hivemq.bootstrap.ClientState;
import com.hivemq.bootstrap.netty.ChannelDependencies;
import com.hivemq.bootstrap.netty.ChannelHandlerNames;
import com.hivemq.configuration.service.FullConfigurationService;
import com.hivemq.configuration.service.InternalConfigurations;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.extension.sdk.api.client.parameter.ServerInformation;
import com.hivemq.extension.sdk.api.packets.auth.ModifiableDefaultPermissions;
import com.hivemq.extensions.ExtensionPriorityComparator;
import com.hivemq.extensions.HiveMQExtensions;
import com.hivemq.extensions.auth.AuthConnectInput;
import com.hivemq.extensions.auth.AuthInput;
import com.hivemq.extensions.auth.ConnectAuthConnectTask;
import com.hivemq.extensions.auth.ConnectAuthContext;
import com.hivemq.extensions.auth.ConnectAuthOutput;
import com.hivemq.extensions.auth.ConnectAuthTask;
import com.hivemq.extensions.auth.ConnectSimpleAuthTask;
import com.hivemq.extensions.auth.ReAuthContext;
import com.hivemq.extensions.auth.ReAuthOutput;
import com.hivemq.extensions.auth.ReAuthTask;
import com.hivemq.extensions.auth.parameter.AuthenticatorProviderInputImpl;
import com.hivemq.extensions.auth.parameter.ModifiableClientSettingsImpl;
import com.hivemq.extensions.client.ClientAuthenticators;
import com.hivemq.extensions.client.ClientAuthenticatorsImpl;
import com.hivemq.extensions.executor.PluginOutPutAsyncer;
import com.hivemq.extensions.executor.PluginTaskExecutorService;
import com.hivemq.extensions.packets.general.ModifiableDefaultPermissionsImpl;
import com.hivemq.extensions.services.auth.Authenticators;
import com.hivemq.extensions.services.auth.WrappedAuthenticatorProvider;
import com.hivemq.mqtt.handler.auth.MqttAuthSender;
import com.hivemq.mqtt.handler.connack.MqttConnacker;
import com.hivemq.mqtt.handler.connect.ConnectHandler;
import com.hivemq.mqtt.handler.disconnect.MqttServerDisconnector;
import com.hivemq.mqtt.message.auth.AUTH;
import com.hivemq.mqtt.message.connect.CONNECT;
import com.hivemq.mqtt.message.mqtt5.Mqtt5UserProperties;
import com.hivemq.mqtt.message.reason.Mqtt5ConnAckReasonCode;
import com.hivemq.mqtt.message.reason.Mqtt5DisconnectReasonCode;
import com.hivemq.util.ChannelAttributes;
import com.hivemq.util.ReasonStrings;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ScheduledFuture;
import javax.inject.Singleton;

@Singleton
/* loaded from: input_file:com/hivemq/extensions/handler/PluginAuthenticatorServiceImpl.class */
public class PluginAuthenticatorServiceImpl implements PluginAuthenticatorService {

    @VisibleForTesting
    static final String CONNACK_BAD_AUTHENTICATION_METHOD_LOG_STATEMENT = "Client with IP {} sent AUTH packet with a different authentication method than in the CONNECT packet. Disconnecting client.";

    @VisibleForTesting
    static final String DISCONNECT_BAD_AUTHENTICATION_METHOD_LOG_STATEMENT = "Client with IP {} sent AUTH packet with a different authentication method than in the CONNECT packet. Disconnecting client.";
    public static final String AUTH_FAILED_LOG = "Client with ip {} could not be authenticated";
    public static final String RE_AUTH_FAILED_LOG = "Client with ip {} could not be re-authenticated";

    @NotNull
    private final ConnectHandler connectHandler;

    @NotNull
    private final MqttConnacker connacker;

    @NotNull
    private final MqttServerDisconnector disconnector;

    @NotNull
    private final MqttAuthSender authSender;

    @NotNull
    private final Authenticators authenticators;

    @NotNull
    private final ChannelDependencies channelDependencies;

    @NotNull
    private final PluginOutPutAsyncer asyncer;

    @NotNull
    private final PluginTaskExecutorService pluginTaskExecutorService;

    @NotNull
    private final ServerInformation serverInformation;

    @NotNull
    private final ExtensionPriorityComparator priorityComparator;
    private final boolean validateUTF8;
    private final int timeout = InternalConfigurations.AUTH_PROCESS_TIMEOUT.get();

    @Inject
    public PluginAuthenticatorServiceImpl(@NotNull ConnectHandler connectHandler, @NotNull MqttConnacker mqttConnacker, @NotNull MqttServerDisconnector mqttServerDisconnector, @NotNull MqttAuthSender mqttAuthSender, @NotNull FullConfigurationService fullConfigurationService, @NotNull Authenticators authenticators, @NotNull ChannelDependencies channelDependencies, @NotNull PluginOutPutAsyncer pluginOutPutAsyncer, @NotNull PluginTaskExecutorService pluginTaskExecutorService, @NotNull HiveMQExtensions hiveMQExtensions, @NotNull ServerInformation serverInformation) {
        this.connectHandler = connectHandler;
        this.connacker = mqttConnacker;
        this.disconnector = mqttServerDisconnector;
        this.authenticators = authenticators;
        this.channelDependencies = channelDependencies;
        this.asyncer = pluginOutPutAsyncer;
        this.pluginTaskExecutorService = pluginTaskExecutorService;
        this.authSender = mqttAuthSender;
        this.priorityComparator = new ExtensionPriorityComparator(hiveMQExtensions);
        this.serverInformation = serverInformation;
        this.validateUTF8 = fullConfigurationService.securityConfiguration().validateUTF8();
    }

    @Override // com.hivemq.extensions.handler.PluginAuthenticatorService
    public void authenticateConnect(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull ClientConnection clientConnection, @NotNull CONNECT connect, @NotNull ModifiableClientSettingsImpl modifiableClientSettingsImpl) {
        String authMethod = connect.getAuthMethod();
        if (authMethod != null) {
            clientConnection.setAuthMethod(authMethod);
        }
        ModifiableDefaultPermissionsImpl modifiableDefaultPermissionsImpl = new ModifiableDefaultPermissionsImpl();
        clientConnection.setAuthPermissions(modifiableDefaultPermissionsImpl);
        Map<String, WrappedAuthenticatorProvider> authenticatorProviderMap = this.authenticators.getAuthenticatorProviderMap();
        if (authenticatorProviderMap.isEmpty()) {
            this.connectHandler.connectSuccessfulUndecided(channelHandlerContext, clientConnection, connect, modifiableClientSettingsImpl);
            return;
        }
        if (authMethod != null) {
            channelHandlerContext.pipeline().addAfter(ChannelHandlerNames.MQTT_MESSAGE_DECODER, ChannelHandlerNames.AUTH_IN_PROGRESS_MESSAGE_HANDLER, this.channelDependencies.getAuthInProgressMessageHandler());
        }
        AuthenticatorProviderInputImpl authenticatorProviderInputImpl = new AuthenticatorProviderInputImpl(this.serverInformation, channelHandlerContext.channel(), connect.getClientIdentifier());
        AuthConnectInput authConnectInput = new AuthConnectInput(connect, channelHandlerContext.channel());
        ClientAuthenticators clientAuthenticators = getClientAuthenticators(channelHandlerContext);
        ConnectAuthContext connectAuthContext = new ConnectAuthContext(channelHandlerContext, this.authSender, authenticatorProviderMap.size(), new ConnectAuthOutput(this.asyncer, this.validateUTF8, modifiableDefaultPermissionsImpl, modifiableClientSettingsImpl, this.timeout, authMethod != null), this.connectHandler, this.connacker, connect, true);
        for (Map.Entry<String, WrappedAuthenticatorProvider> entry : authenticatorProviderMap.entrySet()) {
            String key = entry.getKey();
            WrappedAuthenticatorProvider value = entry.getValue();
            if (value.isEnhanced()) {
                this.pluginTaskExecutorService.handlePluginInOutTaskExecution(connectAuthContext, authConnectInput, connectAuthContext, new ConnectAuthConnectTask(value, authenticatorProviderInputImpl, key, clientAuthenticators));
            } else {
                this.pluginTaskExecutorService.handlePluginInOutTaskExecution(connectAuthContext, authConnectInput, connectAuthContext, new ConnectSimpleAuthTask(value, authenticatorProviderInputImpl, key));
            }
        }
    }

    @Override // com.hivemq.extensions.handler.PluginAuthenticatorService
    public void authenticateAuth(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull ClientConnection clientConnection, @NotNull AUTH auth) {
        boolean z = clientConnection.getClientState() == ClientState.RE_AUTHENTICATING;
        if (!auth.getAuthMethod().equals(clientConnection.getAuthMethod())) {
            badAuthMethodDisconnect(channelHandlerContext, auth, z);
            return;
        }
        ScheduledFuture<?> authFuture = clientConnection.getAuthFuture();
        if (authFuture != null) {
            authFuture.cancel(true);
            clientConnection.setAuthFuture(null);
        }
        int i = 0;
        Map<String, WrappedAuthenticatorProvider> authenticatorProviderMap = this.authenticators.getAuthenticatorProviderMap();
        Iterator<Map.Entry<String, WrappedAuthenticatorProvider>> it = authenticatorProviderMap.entrySet().iterator();
        while (it.hasNext()) {
            if (it.next().getValue().isEnhanced()) {
                i++;
            }
        }
        if (i == 0) {
            noAuthAvailableDisconnect(channelHandlerContext, z);
            return;
        }
        String clientId = clientConnection.getClientId();
        AuthenticatorProviderInputImpl authenticatorProviderInputImpl = new AuthenticatorProviderInputImpl(this.serverInformation, channelHandlerContext.channel(), clientId);
        AuthInput authInput = new AuthInput(clientId, channelHandlerContext.channel(), auth, z);
        ModifiableDefaultPermissions authPermissions = clientConnection.getAuthPermissions();
        ModifiableClientSettingsImpl settingsFromChannel = getSettingsFromChannel(channelHandlerContext.channel());
        ClientAuthenticators clientAuthenticators = getClientAuthenticators(channelHandlerContext);
        if (z) {
            ReAuthContext reAuthContext = new ReAuthContext(clientId, channelHandlerContext, this.authSender, i, new ReAuthOutput(this.asyncer, this.validateUTF8, authPermissions, settingsFromChannel, this.timeout), this.disconnector);
            for (Map.Entry<String, WrappedAuthenticatorProvider> entry : authenticatorProviderMap.entrySet()) {
                String key = entry.getKey();
                WrappedAuthenticatorProvider value = entry.getValue();
                if (value.isEnhanced()) {
                    this.pluginTaskExecutorService.handlePluginInOutTaskExecution(reAuthContext, authInput, reAuthContext, new ReAuthTask(value, authenticatorProviderInputImpl, key, clientAuthenticators));
                }
            }
            return;
        }
        ConnectAuthContext connectAuthContext = new ConnectAuthContext(channelHandlerContext, this.authSender, i, new ConnectAuthOutput(this.asyncer, this.validateUTF8, authPermissions, settingsFromChannel, this.timeout, true), this.connectHandler, this.connacker, clientConnection.getAuthConnect(), false);
        for (Map.Entry<String, WrappedAuthenticatorProvider> entry2 : authenticatorProviderMap.entrySet()) {
            String key2 = entry2.getKey();
            WrappedAuthenticatorProvider value2 = entry2.getValue();
            if (value2.isEnhanced()) {
                this.pluginTaskExecutorService.handlePluginInOutTaskExecution(connectAuthContext, authInput, connectAuthContext, new ConnectAuthTask(value2, authenticatorProviderInputImpl, key2, clientAuthenticators));
            }
        }
    }

    private void badAuthMethodDisconnect(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull AUTH auth, boolean z) {
        String format = String.format(ReasonStrings.DISCONNECT_PROTOCOL_ERROR_AUTH_METHOD, auth.getType().name());
        if (z) {
            this.disconnector.disconnect(channelHandlerContext.channel(), "Client with IP {} sent AUTH packet with a different authentication method than in the CONNECT packet. Disconnecting client.", "Different auth method", Mqtt5DisconnectReasonCode.BAD_AUTHENTICATION_METHOD, format, Mqtt5UserProperties.NO_USER_PROPERTIES, true, false);
        } else {
            this.connacker.connackError(channelHandlerContext.channel(), "Client with IP {} sent AUTH packet with a different authentication method than in the CONNECT packet. Disconnecting client.", "Different auth method", Mqtt5ConnAckReasonCode.BAD_AUTHENTICATION_METHOD, format, Mqtt5UserProperties.NO_USER_PROPERTIES, true);
        }
    }

    private void noAuthAvailableDisconnect(@NotNull ChannelHandlerContext channelHandlerContext, boolean z) {
        if (z) {
            this.disconnector.disconnect(channelHandlerContext.channel(), RE_AUTH_FAILED_LOG, ReasonStrings.RE_AUTH_FAILED_NO_AUTHENTICATOR, Mqtt5DisconnectReasonCode.NOT_AUTHORIZED, ReasonStrings.RE_AUTH_FAILED_NO_AUTHENTICATOR, Mqtt5UserProperties.NO_USER_PROPERTIES, true, false);
        } else {
            this.connacker.connackError(channelHandlerContext.channel(), AUTH_FAILED_LOG, ReasonStrings.AUTH_FAILED_NO_AUTHENTICATOR, Mqtt5ConnAckReasonCode.NOT_AUTHORIZED, ReasonStrings.AUTH_FAILED_NO_AUTHENTICATOR, Mqtt5UserProperties.NO_USER_PROPERTIES, true);
        }
    }

    @NotNull
    private ModifiableClientSettingsImpl getSettingsFromChannel(@NotNull Channel channel) {
        ClientConnection clientConnection = (ClientConnection) channel.attr(ChannelAttributes.CLIENT_CONNECTION).get();
        Integer clientReceiveMaximum = clientConnection.getClientReceiveMaximum();
        Preconditions.checkNotNull(clientReceiveMaximum, "Receive maximum must not be null here");
        return new ModifiableClientSettingsImpl(clientReceiveMaximum.intValue(), clientConnection.getQueueSizeMaximum());
    }

    @NotNull
    private ClientAuthenticators getClientAuthenticators(@NotNull ChannelHandlerContext channelHandlerContext) {
        ClientConnection clientConnection = (ClientConnection) channelHandlerContext.channel().attr(ChannelAttributes.CLIENT_CONNECTION).get();
        if (clientConnection.getExtensionClientAuthenticators() == null) {
            clientConnection.setExtensionClientAuthenticators(new ClientAuthenticatorsImpl(this.priorityComparator));
        }
        return clientConnection.getExtensionClientAuthenticators();
    }
}
