package com.caucho.server.hmux;

import com.caucho.bam.ActorClient;
import com.caucho.bam.ActorError;
import com.caucho.bam.ActorStream;
import com.caucho.bam.Broker;
import com.caucho.bam.NotAuthorizedException;
import com.caucho.bam.QueryGet;
import com.caucho.bam.QuerySet;
import com.caucho.bam.SimpleActor;
import com.caucho.bam.hmtp.AuthQuery;
import com.caucho.bam.hmtp.AuthResult;
import com.caucho.bam.hmtp.EncryptedObject;
import com.caucho.bam.hmtp.GetPublicKeyQuery;
import com.caucho.bam.hmtp.SelfEncryptedCredentials;
import com.caucho.hemp.servlet.ServerLinkManager;
import com.caucho.security.SelfEncryptedCookie;
import com.caucho.server.cluster.ClusterServer;
import com.caucho.server.cluster.DynamicServerQuery;
import com.caucho.server.cluster.DynamicServerResult;
import com.caucho.server.cluster.Server;
import com.caucho.util.Alarm;
import com.caucho.util.L10N;
import java.util.logging.Logger;

/* loaded from: input_file:com/caucho/server/hmux/HmuxLinkService.class */
public class HmuxLinkService extends SimpleActor {
    private static final Logger log = Logger.getLogger(HmuxLinkService.class.getName());
    private static final L10N L = new L10N(HmuxLinkService.class);
    private ServerLinkManager _linkManager;
    private Server _server;
    private HmuxRequest _request;
    private ActorClient _adminConn;

    public HmuxLinkService(Server server, HmuxRequest hmuxRequest) {
        this._server = server;
        this._linkManager = this._server.getServerLinkManager();
        this._request = hmuxRequest;
        setBrokerStream(new HmuxBamStream(hmuxRequest));
    }

    @QueryGet
    public void getPublicKey(long j, String str, String str2, GetPublicKeyQuery getPublicKeyQuery) {
        getBrokerStream().queryResult(j, str2, str, this._linkManager.getPublicKey());
    }

    @QuerySet
    public void authLogin(long j, String str, String str2, AuthQuery authQuery) {
        Object credentials = authQuery.getCredentials();
        String adminCookie = this._server.getAdminCookie();
        if (adminCookie != null) {
            if (credentials instanceof EncryptedObject) {
                EncryptedObject encryptedObject = (EncryptedObject) credentials;
                credentials = this._linkManager.decrypt(this._linkManager.decryptKey(encryptedObject.getKeyAlgorithm(), encryptedObject.getEncKey()), encryptedObject.getEncData());
            } else {
                if (!(credentials instanceof SelfEncryptedCredentials)) {
                    getBrokerStream().queryError(j, str2, str, authQuery, new ActorError(ActorError.TYPE_AUTH, ActorError.FORBIDDEN, "passwords must be encrypted"));
                    return;
                }
                SelfEncryptedCookie decrypt = SelfEncryptedCookie.decrypt(adminCookie, ((SelfEncryptedCredentials) credentials).getEncData());
                credentials = decrypt.getCookie();
                if (Math.abs(decrypt.getCreateTime() - Alarm.getCurrentTime()) > 10800) {
                    log.warning(this + " expired credentials date");
                    getBrokerStream().queryError(j, str2, str, authQuery, new ActorError(ActorError.TYPE_AUTH, ActorError.FORBIDDEN, "expired credentials"));
                    return;
                }
            }
        }
        if (!(credentials instanceof String)) {
            getBrokerStream().queryError(j, str2, str, authQuery, new ActorError(ActorError.TYPE_AUTH, ActorError.FORBIDDEN, "unknown credentials: " + credentials));
            return;
        }
        String str3 = (String) credentials;
        if ((str3 != null || adminCookie != null) && (str3 == null || !"admin.resin".equals(authQuery.getUid()) || !str3.equals(adminCookie))) {
            throw new NotAuthorizedException(L.l("admin.resin login forbidden because the authentication cookies do not match"));
        }
        this._adminConn = this._server.getAdminBroker().getConnection("admin.resin", str3);
        this._request.setHmtpAdminConnection(this._adminConn);
        getBrokerStream().queryResult(j, str2, str, new AuthResult(this._adminConn.getJid()));
    }

    @QueryGet
    public void getDynamicService(long j, String str, String str2, DynamicServerQuery dynamicServerQuery) {
        ClusterServer findClusterServer = this._server.getResin().findClusterServer(dynamicServerQuery.getId());
        if (findClusterServer == null) {
            getBrokerStream().queryResult(j, str2, str, null);
        } else {
            getBrokerStream().queryResult(j, str2, str, new DynamicServerResult(findClusterServer.getId(), findClusterServer.getIndex(), findClusterServer.getAddress(), findClusterServer.getPort()));
        }
    }

    public ActorStream getBrokerStream(boolean z) {
        if (this._adminConn == null) {
            Broker adminBroker = this._server.getAdminBroker();
            String adminCookie = this._server.getAdminCookie();
            if (adminCookie != null) {
                throw new NotAuthorizedException(L.l("'{0}' anonymous login is not allowed in this server", adminCookie));
            }
            this._adminConn = adminBroker.getConnection("admin.resin", null);
        }
        return this._adminConn.getBrokerStream();
    }
}
