package org.jboss.remoting3.remote;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Map;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.jboss.remoting3.RemotingOptions;
import org.jboss.remoting3.security.ServerAuthenticationProvider;
import org.jboss.remoting3.spi.ConnectionProviderContext;
import org.jboss.xnio.Buffers;
import org.jboss.xnio.IoUtils;
import org.jboss.xnio.log.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jboss/remoting3/remote/ServerInitialAuthenticationHandler.class */
public final class ServerInitialAuthenticationHandler extends AbstractMessageHandler {
    private final RemoteConnection remoteConnection;
    private final Map<String, ?> saslPropertyMap;
    private final Map<String, SaslServerFactory> allowedMechs;
    private final ServerAuthenticationProvider authenticationProvider;
    private final ConnectionProviderContext connectionProviderContext;
    private int retries;
    private static final Logger log = Loggers.serverSasl;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerInitialAuthenticationHandler(RemoteConnection remoteConnection, Map<String, ?> map, Map<String, SaslServerFactory> map2, ServerAuthenticationProvider serverAuthenticationProvider, ConnectionProviderContext connectionProviderContext) {
        super(remoteConnection);
        this.remoteConnection = remoteConnection;
        this.saslPropertyMap = map;
        this.allowedMechs = map2;
        this.authenticationProvider = serverAuthenticationProvider;
        this.connectionProviderContext = connectionProviderContext;
        this.retries = remoteConnection.getOptionMap().get(RemotingOptions.AUTHENTICATION_RETRIES, 3);
    }

    public void handleMessage(ByteBuffer byteBuffer) {
        switch (byteBuffer.get()) {
            case 1:
                try {
                    String modifiedUtf8 = Buffers.getModifiedUtf8(byteBuffer);
                    SaslServerFactory saslServerFactory = this.allowedMechs.get(modifiedUtf8);
                    if (saslServerFactory == null) {
                        log.trace("Rejected invalid SASL mechanism %s", modifiedUtf8);
                        rejectAuth();
                        return;
                    }
                    log.trace("Selected SASL mechanism %s", modifiedUtf8);
                    SaslServer createSaslServer = saslServerFactory.createSaslServer(modifiedUtf8, "remote", this.connectionProviderContext.getEndpoint().getName(), this.saslPropertyMap, this.authenticationProvider.getCallbackHandler());
                    this.remoteConnection.setMessageHandler(new ServerAuthenticationHandler(this.remoteConnection, createSaslServer, this.connectionProviderContext, this));
                    log.trace("Sending initial challenge");
                    try {
                        this.remoteConnection.sendAuthMessage((byte) 2, createSaslServer.evaluateResponse(SaslUtils.EMPTY));
                        return;
                    } catch (SaslException e) {
                        log.trace("Rejected invalid SASL response: %s", e);
                        rejectAuth();
                        return;
                    }
                } catch (IOException e2) {
                    IoUtils.safeClose(this.remoteConnection);
                    log.trace("Failed to send auth message: %s", e2);
                    return;
                }
            default:
                log.warn("Server received invalid auth request message");
                IoUtils.safeClose(this.remoteConnection);
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void rejectAuth() throws IOException {
        this.remoteConnection.sendAuthReject("Authentication failed");
        int i = this.retries;
        this.retries = i - 1;
        if (i == 0) {
            this.remoteConnection.terminate();
        }
    }
}
