package org.jivesoftware.openfire.session;

import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.StreamID;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.auth.AuthToken;
import org.jivesoftware.openfire.auth.UnauthorizedException;
import org.jivesoftware.openfire.cluster.ClusterManager;
import org.jivesoftware.openfire.http.HttpBindManager;
import org.jivesoftware.openfire.net.SASLAuthentication;
import org.jivesoftware.openfire.privacy.PrivacyList;
import org.jivesoftware.openfire.privacy.PrivacyListManager;
import org.jivesoftware.openfire.roster.RosterManager;
import org.jivesoftware.openfire.session.ConnectionSettings;
import org.jivesoftware.openfire.spi.ConnectionConfiguration;
import org.jivesoftware.openfire.streammanagement.StreamManager;
import org.jivesoftware.openfire.user.PresenceEventDispatcher;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.LocaleUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmpp.packet.JID;
import org.xmpp.packet.Packet;
import org.xmpp.packet.Presence;
import org.xmpp.packet.StreamError;

/* loaded from: input_file:org/jivesoftware/openfire/session/LocalClientSession.class */
public class LocalClientSession extends LocalSession implements ClientSession {
    private static final String ETHERX_NAMESPACE = "http://etherx.jabber.org/streams";
    private static final String FLASH_NAMESPACE = "http://www.jabber.com/streams/flash";
    private boolean messageCarbonsEnabled;
    protected AuthToken authToken;
    private boolean initialized;
    private boolean wasAvailable;
    private boolean offlineFloodStopped;
    private Presence presence;
    private int conflictCount;
    private String activeList;
    private String defaultList;
    private static final Logger Log = LoggerFactory.getLogger(LocalClientSession.class);
    private static Set<String> allowedIPs = new HashSet();
    private static Set<String> allowedAnonymIPs = new HashSet();
    private static Set<String> blockedIPs = new HashSet();

    @Deprecated
    public static Map<String, String> getAllowedIPs() {
        HashMap hashMap = new HashMap();
        Iterator<String> it = allowedIPs.iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), null);
        }
        return hashMap;
    }

    public static Set<String> getWhitelistedIPs() {
        return allowedIPs;
    }

    public static Map<String, String> getAllowedAnonymIPs() {
        HashMap hashMap = new HashMap();
        Iterator<String> it = allowedAnonymIPs.iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), null);
        }
        return hashMap;
    }

    public static Set<String> getWhitelistedAnonymousIPs() {
        return allowedAnonymIPs;
    }

    public static Set<String> getBlacklistedIPs() {
        return blockedIPs;
    }

    public static LocalClientSession createSession(String str, XmlPullParser xmlPullParser, Connection connection) throws XmlPullParserException {
        boolean equals = xmlPullParser.getPrefix().equals("flash");
        connection.setFlashClient(equals);
        if (!xmlPullParser.getName().equals("stream") && !equals) {
            throw new XmlPullParserException(LocaleUtils.getLocalizedString("admin.error.bad-stream"));
        }
        if (!xmlPullParser.getNamespace(xmlPullParser.getPrefix()).equals(ETHERX_NAMESPACE) && (!equals || !xmlPullParser.getNamespace(xmlPullParser.getPrefix()).equals(FLASH_NAMESPACE))) {
            throw new XmlPullParserException(LocaleUtils.getLocalizedString("admin.error.bad-namespace"));
        }
        if (!isAllowed(connection)) {
            String str2 = "Unknown";
            try {
                str2 = connection.getHostAddress();
            } catch (UnknownHostException e) {
            }
            Log.debug("LocalClientSession: Closed connection to client attempting to connect from: " + str2);
            connection.deliverRawText(new StreamError(StreamError.Condition.not_authorized).toXML());
            connection.close();
            return null;
        }
        Locale forLanguageTag = Locale.forLanguageTag("en");
        int i = 0;
        int i2 = 0;
        for (int i3 = 0; i3 < xmlPullParser.getAttributeCount(); i3++) {
            if ("lang".equals(xmlPullParser.getAttributeName(i3))) {
                forLanguageTag = Locale.forLanguageTag(xmlPullParser.getAttributeValue(i3));
            }
            if ("version".equals(xmlPullParser.getAttributeName(i3))) {
                try {
                    int[] decodeVersion = decodeVersion(xmlPullParser.getAttributeValue(i3));
                    i = decodeVersion[0];
                    i2 = decodeVersion[1];
                } catch (Exception e2) {
                    Log.error(e2.getMessage(), e2);
                }
            }
        }
        if (i > 1) {
            i = 1;
            i2 = 0;
        } else if (i == 1 && i2 > 0) {
            i2 = 0;
        }
        connection.setXMPPVersion(i, i2);
        ConnectionConfiguration configuration = connection.getConfiguration();
        if (connection.isSecure()) {
            connection.setTlsPolicy(Connection.TLSPolicy.disabled);
        } else {
            boolean z = false;
            try {
                z = configuration.getIdentityStore().getAllCertificates().size() > 0;
            } catch (Exception e3) {
                Log.error(e3.getMessage(), e3);
            }
            Connection.TLSPolicy tlsPolicy = configuration.getTlsPolicy();
            if (Connection.TLSPolicy.required == tlsPolicy && !z) {
                Log.error("Client session rejected. TLS is required but no certificates were created.");
                return null;
            }
            connection.setTlsPolicy(z ? tlsPolicy : Connection.TLSPolicy.disabled);
        }
        connection.setCompressionPolicy(configuration.getCompressionPolicy());
        LocalClientSession createClientSession = SessionManager.getInstance().createClientSession(connection, forLanguageTag);
        StringBuilder sb = new StringBuilder(HttpBindManager.HTTP_BIND_THREADS_DEFAULT);
        sb.append("<?xml version='1.0' encoding='");
        sb.append(CHARSET);
        sb.append("'?>");
        if (equals) {
            sb.append("<flash:stream xmlns:flash=\"http://www.jabber.com/streams/flash\" ");
        } else {
            sb.append("<stream:stream ");
        }
        sb.append("xmlns:stream=\"http://etherx.jabber.org/streams\" xmlns=\"jabber:client\" from=\"");
        sb.append(str);
        sb.append("\" id=\"");
        sb.append(createClientSession.getStreamID().toString());
        sb.append("\" xml:lang=\"");
        sb.append(forLanguageTag.toLanguageTag());
        if (i != 0) {
            sb.append("\" version=\"");
            sb.append(i).append('.').append(i2);
        }
        sb.append("\">");
        connection.deliverRawText(sb.toString());
        if (i == 0) {
            return createClientSession;
        }
        StringBuilder sb2 = new StringBuilder(490);
        sb2.append("<stream:features>");
        if (connection.getTlsPolicy() != Connection.TLSPolicy.disabled) {
            sb2.append("<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\">");
            if (connection.getTlsPolicy() == Connection.TLSPolicy.required) {
                sb2.append("<required/>");
            }
            sb2.append("</starttls>");
        }
        sb2.append(SASLAuthentication.getSASLMechanisms(createClientSession));
        String availableStreamFeatures = createClientSession.getAvailableStreamFeatures();
        if (availableStreamFeatures != null) {
            sb2.append(availableStreamFeatures);
        }
        sb2.append("</stream:features>");
        connection.deliverRawText(sb2.toString());
        return createClientSession;
    }

    public static boolean isAllowed(Connection connection) {
        try {
            String hostAddress = connection.getHostAddress();
            byte[] address = connection.getAddress();
            if (blockedIPs.contains(hostAddress) || isAddressInRange(address, blockedIPs)) {
                return false;
            }
            if (!allowedIPs.isEmpty() && !allowedIPs.contains(hostAddress)) {
                if (!isAddressInRange(address, allowedIPs)) {
                    return false;
                }
            }
            return true;
        } catch (UnknownHostException e) {
            return false;
        }
    }

    public static boolean isAllowedAnonymous(Connection connection) {
        try {
            String hostAddress = connection.getHostAddress();
            byte[] address = connection.getAddress();
            if (blockedIPs.contains(hostAddress) || isAddressInRange(address, blockedIPs)) {
                return false;
            }
            if (!allowedAnonymIPs.isEmpty() && !allowedAnonymIPs.contains(hostAddress)) {
                if (!isAddressInRange(address, allowedAnonymIPs)) {
                    return false;
                }
            }
            return true;
        } catch (UnknownHostException e) {
            return false;
        }
    }

    public static boolean isAddressInRange(byte[] bArr, Set<String> set) {
        return set.contains(new StringBuilder().append(bArr[0] & 255).append(".").append(bArr[1] & 255).append(".").append(bArr[2] & 255).append(".").append(bArr[3] & 255).toString()) || set.contains(new StringBuilder().append(bArr[0] & 255).append(".").append(bArr[1] & 255).append(".").append(bArr[2] & 255).append(".*").toString()) || set.contains(new StringBuilder().append(bArr[0] & 255).append(".").append(bArr[1] & 255).append(".*.*").toString()) || set.contains(new StringBuilder().append(bArr[0] & 255).append(".*.*.*").toString());
    }

    @Deprecated
    public static void setAllowedIPs(Map<String, String> map) {
        setWhitelistedIPs(map.keySet());
    }

    public static void setWhitelistedIPs(Set<String> set) {
        if (set == null) {
            throw new NullPointerException();
        }
        allowedIPs = set;
        if (allowedIPs.isEmpty()) {
            JiveGlobals.deleteProperty(ConnectionSettings.Client.LOGIN_ALLOWED);
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = allowedIPs.iterator();
        if (it.hasNext()) {
            sb.append(it.next());
        }
        while (it.hasNext()) {
            sb.append(", ").append(it.next());
        }
        JiveGlobals.setProperty(ConnectionSettings.Client.LOGIN_ALLOWED, sb.toString());
    }

    @Deprecated
    public static void setAllowedAnonymIPs(Map<String, String> map) {
        setWhitelistedAnonymousIPs(map.keySet());
    }

    public static void setWhitelistedAnonymousIPs(Set<String> set) {
        if (set == null) {
            throw new NullPointerException();
        }
        allowedAnonymIPs = set;
        if (allowedAnonymIPs.isEmpty()) {
            JiveGlobals.deleteProperty(ConnectionSettings.Client.LOGIN_ANONYM_ALLOWED);
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = allowedAnonymIPs.iterator();
        if (it.hasNext()) {
            sb.append(it.next());
        }
        while (it.hasNext()) {
            sb.append(", ").append(it.next());
        }
        JiveGlobals.setProperty(ConnectionSettings.Client.LOGIN_ANONYM_ALLOWED, sb.toString());
    }

    public static void setBlacklistedIPs(Set<String> set) {
        if (set == null) {
            throw new NullPointerException();
        }
        blockedIPs = set;
        if (blockedIPs.isEmpty()) {
            JiveGlobals.deleteProperty(ConnectionSettings.Client.LOGIN_BLOCKED);
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = set.iterator();
        if (it.hasNext()) {
            sb.append(it.next());
        }
        while (it.hasNext()) {
            sb.append(", ").append(it.next());
        }
        JiveGlobals.setProperty(ConnectionSettings.Client.LOGIN_BLOCKED, sb.toString());
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public PrivacyList getActiveList() {
        if (this.activeList == null) {
            return null;
        }
        try {
            return PrivacyListManager.getInstance().getPrivacyList(getUsername(), this.activeList);
        } catch (UserNotFoundException e) {
            Log.error(e.getMessage(), e);
            return null;
        }
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public void setActiveList(PrivacyList privacyList) {
        this.activeList = privacyList != null ? privacyList.getName() : null;
        if (ClusterManager.isClusteringStarted()) {
            SessionManager.getInstance().getSessionInfoCache().put(getAddress().toString(), new ClientSessionInfo(this));
        }
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public PrivacyList getDefaultList() {
        if (this.defaultList == null) {
            return null;
        }
        try {
            return PrivacyListManager.getInstance().getPrivacyList(getUsername(), this.defaultList);
        } catch (UserNotFoundException e) {
            Log.error(e.getMessage(), e);
            return null;
        }
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public void setDefaultList(PrivacyList privacyList) {
        if (this.defaultList == null && privacyList == null) {
            return;
        }
        if (privacyList == null || !privacyList.getName().equals(this.defaultList)) {
            this.defaultList = privacyList != null ? privacyList.getName() : null;
            if (ClusterManager.isClusteringStarted()) {
                SessionManager.getInstance().getSessionInfoCache().put(getAddress().toString(), new ClientSessionInfo(this));
            }
        }
    }

    public LocalClientSession(String str, Connection connection, StreamID streamID, Locale locale) {
        super(str, connection, streamID, locale);
        this.wasAvailable = false;
        this.offlineFloodStopped = false;
        this.presence = null;
        this.conflictCount = 0;
        this.presence = new Presence();
        this.presence.setType(Presence.Type.unavailable);
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public String getUsername() throws UserNotFoundException {
        if (this.authToken == null) {
            throw new UserNotFoundException();
        }
        return getAddress().getNode();
    }

    public void setAuthToken(AuthToken authToken) {
        this.authToken = authToken;
    }

    public void setAuthToken(AuthToken authToken, String str) {
        setAddress(new JID(authToken.getUsername(), getServerName(), str));
        this.authToken = authToken;
        setStatus(3);
        setDefaultList(PrivacyListManager.getInstance().getDefaultPrivacyList(authToken.getUsername()));
        this.sessionManager.addSession(this);
    }

    public void setAnonymousAuth() {
        String resource = getAddress().getResource();
        setAddress(new JID(resource, getServerName(), resource, true));
        setStatus(3);
        if (this.authToken == null) {
            this.authToken = new AuthToken(resource, true);
        }
        this.sessionManager.addSession(this);
    }

    public AuthToken getAuthToken() {
        return this.authToken;
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public boolean isAnonymousUser() {
        return this.authToken == null || this.authToken.isAnonymous();
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public boolean isInitialized() {
        return this.initialized;
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public void setInitialized(boolean z) {
        this.initialized = z;
    }

    public boolean wasAvailable() {
        return this.wasAvailable;
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public boolean canFloodOfflineMessages() {
        if (this.offlineFloodStopped || this.presence.getPriority() < 0) {
            return false;
        }
        Iterator<ClientSession> it = this.sessionManager.getSessions(getAddress().getNode()).iterator();
        while (it.hasNext()) {
            if (it.next().isOfflineFloodStopped()) {
                return false;
            }
        }
        return true;
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public boolean isOfflineFloodStopped() {
        return this.offlineFloodStopped;
    }

    public void setOfflineFloodStopped(boolean z) {
        this.offlineFloodStopped = z;
        if (ClusterManager.isClusteringStarted()) {
            SessionManager.getInstance().getSessionInfoCache().put(getAddress().toString(), new ClientSessionInfo(this));
        }
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public Presence getPresence() {
        return this.presence;
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public void setPresence(Presence presence) {
        Presence presence2 = this.presence;
        this.presence = presence;
        if (presence2.isAvailable() && !this.presence.isAvailable()) {
            this.sessionManager.sessionUnavailable(this);
            setInitialized(false);
            PresenceEventDispatcher.unavailableSession(this, presence);
        } else if (!presence2.isAvailable() && this.presence.isAvailable()) {
            this.sessionManager.sessionAvailable(this, presence);
            this.wasAvailable = true;
            PresenceEventDispatcher.availableSession(this, presence);
        } else if (this.presence.isAvailable() && presence2.getPriority() != this.presence.getPriority()) {
            this.sessionManager.changePriority(this, presence2.getPriority());
            PresenceEventDispatcher.presenceChanged(this, presence);
        } else if (this.presence.isAvailable()) {
            PresenceEventDispatcher.presenceChanged(this, presence);
        }
        if (ClusterManager.isClusteringStarted()) {
            SessionManager.getInstance().getSessionInfoCache().put(getAddress().toString(), new ClientSessionInfo(this));
        }
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    public String getAvailableStreamFeatures() {
        if (this.conn.getTlsPolicy() == Connection.TLSPolicy.required && !this.conn.isSecure()) {
            return null;
        }
        StringBuilder sb = new StringBuilder(HttpBindManager.HTTP_BIND_THREADS_DEFAULT);
        if (this.conn.getCompressionPolicy() != Connection.CompressionPolicy.disabled && !this.conn.isCompressed()) {
            sb.append("<compression xmlns=\"http://jabber.org/features/compress\"><method>zlib</method></compression>");
        }
        if (RosterManager.isRosterVersioningEnabled()) {
            sb.append("<ver xmlns=\"urn:xmpp:features:rosterver\"/>");
        }
        if (getAuthToken() == null) {
            if (XMPPServer.getInstance().getIQRouter().supports("jabber:iq:auth")) {
                sb.append("<auth xmlns=\"http://jabber.org/features/iq-auth\"/>");
            }
            if (XMPPServer.getInstance().getIQRegisterHandler().isInbandRegEnabled()) {
                sb.append("<register xmlns=\"http://jabber.org/features/iq-register\"/>");
            }
        } else {
            sb.append("<bind xmlns=\"urn:ietf:params:xml:ns:xmpp-bind\"/>");
            sb.append("<session xmlns=\"urn:ietf:params:xml:ns:xmpp-session\"><optional/></session>");
            if (JiveGlobals.getBooleanProperty(StreamManager.SM_ACTIVE, true)) {
                sb.append(String.format("<sm xmlns='%s'/>", StreamManager.NAMESPACE_V2));
                sb.append(String.format("<sm xmlns='%s'/>", StreamManager.NAMESPACE_V3));
            }
        }
        return sb.toString();
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public int incrementConflictCount() {
        this.conflictCount++;
        return this.conflictCount;
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public boolean isMessageCarbonsEnabled() {
        return this.messageCarbonsEnabled;
    }

    @Override // org.jivesoftware.openfire.session.ClientSession
    public void setMessageCarbonsEnabled(boolean z) {
        this.messageCarbonsEnabled = z;
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    public boolean canProcess(Packet packet) {
        PrivacyList activeList = getActiveList();
        if (activeList != null) {
            return !activeList.shouldBlockPacket(packet);
        }
        PrivacyList defaultList = getDefaultList();
        return defaultList == null || !defaultList.shouldBlockPacket(packet);
    }

    public void deliver(Packet packet) throws UnauthorizedException {
        if (this.conn != null) {
            this.conn.deliver(packet);
        }
        this.streamManager.sentStanza(packet);
    }

    @Override // org.jivesoftware.openfire.session.LocalSession
    public String toString() {
        return super.toString() + " presence: " + this.presence;
    }

    static {
        StringTokenizer stringTokenizer = new StringTokenizer(JiveGlobals.getProperty(ConnectionSettings.Client.LOGIN_ALLOWED, ""), ", ");
        while (stringTokenizer.hasMoreTokens()) {
            allowedIPs.add(stringTokenizer.nextToken().trim());
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(JiveGlobals.getProperty(ConnectionSettings.Client.LOGIN_ANONYM_ALLOWED, ""), ", ");
        while (stringTokenizer2.hasMoreTokens()) {
            allowedAnonymIPs.add(stringTokenizer2.nextToken().trim());
        }
        StringTokenizer stringTokenizer3 = new StringTokenizer(JiveGlobals.getProperty(ConnectionSettings.Client.LOGIN_BLOCKED, ""), ", ");
        while (stringTokenizer3.hasMoreTokens()) {
            blockedIPs.add(stringTokenizer3.nextToken().trim());
        }
    }
}
