package eu.clarussecure.proxy.protocol.plugins.pgsql.message.ssl;

import eu.clarussecure.proxy.protocol.plugins.pgsql.PgsqlConstants;
import eu.clarussecure.proxy.protocol.plugins.pgsql.PgsqlSession;
import eu.clarussecure.proxy.protocol.plugins.pgsql.message.sql.TransferMode;
import eu.clarussecure.proxy.protocol.plugins.tcp.TCPConstants;
import eu.clarussecure.proxy.protocol.plugins.tcp.ssl.SSLSessionInitializer;
import eu.clarussecure.proxy.spi.CString;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/clarussecure/proxy/protocol/plugins/pgsql/message/ssl/SessionInitializer.class */
public class SessionInitializer {
    private static final Logger LOGGER = LoggerFactory.getLogger(SessionInitializer.class);
    private SSLSessionInitializer sslSessionInitializer = new SSLSessionInitializer();
    private AtomicBoolean sslRequestReceived = new AtomicBoolean(false);
    private AtomicInteger sslResponseReceived = new AtomicInteger(0);
    private AtomicBoolean sessionEncryptedOnFrontendSide = new AtomicBoolean(false);
    private AtomicBoolean sessionEncryptedOnBackendSide = new AtomicBoolean(false);

    public SessionMessageTransferMode<Void, Byte> processSSLRequest(ChannelHandlerContext channelHandlerContext, int i) throws IOException {
        LOGGER.debug("SSL request code: {}", Integer.valueOf(i));
        TransferMode transferMode = TransferMode.FORWARD;
        Byte b = null;
        LinkedHashMap linkedHashMap = null;
        this.sslRequestReceived.set(true);
        if (this.sslSessionInitializer.getClientMode() == SSLSessionInitializer.SSLMode.DISABLED) {
            LOGGER.trace("Reply to the frontend that SSL is required");
            transferMode = TransferMode.ERROR;
            linkedHashMap = new LinkedHashMap();
            linkedHashMap.put((byte) 83, CString.valueOf("FATAL"));
            linkedHashMap.put((byte) 77, CString.valueOf("SSL is disabled"));
            LOGGER.trace("SSL request is ignored (due to an error on the frontend side)");
        } else {
            LOGGER.trace("SSL is allowed or required on the frontend side");
            if (this.sslSessionInitializer.getServerMode() == SSLSessionInitializer.SSLMode.DISABLED) {
                addSSLHandlerOnFrontendSide(channelHandlerContext);
                LOGGER.trace("Reply SSL to the frontend");
                transferMode = TransferMode.FORGET;
                b = (byte) 83;
                LOGGER.trace("SSL request is ignored (SSL is disabled on the backend side)");
            } else {
                LOGGER.trace("Forward the SSL request (SSL is allowed or required on the backend side)");
            }
        }
        SessionMessageTransferMode<Void, Byte> sessionMessageTransferMode = new SessionMessageTransferMode<>(null, transferMode, b, linkedHashMap);
        LOGGER.debug("SSL request processed: transfer mode={}", sessionMessageTransferMode);
        return sessionMessageTransferMode;
    }

    public SessionMessageTransferMode<Byte, Void> processSSLResponse(ChannelHandlerContext channelHandlerContext, byte b) throws IOException {
        LOGGER.debug("SSL response code: {}", Byte.valueOf(b));
        TransferMode transferMode = TransferMode.FORWARD;
        Byte valueOf = Byte.valueOf(b);
        if (b == 83) {
            if (!this.sslRequestReceived.get()) {
                LOGGER.trace("SSL response is ignored (frontend did not request SSL)");
                transferMode = TransferMode.FORGET;
                valueOf = null;
                removeSessionInitializationResponseHandler(channelHandlerContext, false);
            } else if (this.sslSessionInitializer.getClientMode() == SSLSessionInitializer.SSLMode.DISABLED) {
                LOGGER.trace("SSL is disabled on the frontend side");
                LOGGER.trace("Modify SSL code to NO_SSL");
                valueOf = (byte) 78;
            } else if (getServerEndPoint(channelHandlerContext) != getPreferredServerEndPoint(channelHandlerContext)) {
                transferMode = TransferMode.FORGET;
                valueOf = null;
            } else {
                LOGGER.trace("Forward the SSL response (SSL was required by the frontend)");
                addSSLHandlerOnFrontendSide(channelHandlerContext);
            }
            addSSLHandlerOnBackendSide(channelHandlerContext);
        } else if (b == 78) {
            if (!this.sslRequestReceived.get()) {
                LOGGER.trace("SSL response is ignored (frontend did not request SSL)");
                transferMode = TransferMode.FORGET;
                valueOf = null;
                removeSessionInitializationResponseHandler(channelHandlerContext, false);
            } else if (getServerEndPoint(channelHandlerContext) != getPreferredServerEndPoint(channelHandlerContext)) {
                transferMode = TransferMode.FORGET;
                valueOf = null;
            } else {
                LOGGER.trace("Forward the SSL response (SSL was required by the frontend)");
            }
        }
        synchronized (this) {
            this.sslResponseReceived.incrementAndGet();
            notifyAll();
        }
        SessionMessageTransferMode<Byte, Void> sessionMessageTransferMode = new SessionMessageTransferMode<>(valueOf, transferMode);
        LOGGER.debug("SSL response processed: new code={}, transfer mode={}", valueOf, sessionMessageTransferMode);
        return sessionMessageTransferMode;
    }

    private int getServerEndPoint(ChannelHandlerContext channelHandlerContext) {
        Integer num = (Integer) channelHandlerContext.channel().attr(TCPConstants.SERVER_ENDPOINT_NUMBER_KEY).get();
        if (num == null) {
            throw new NullPointerException(TCPConstants.SERVER_ENDPOINT_NUMBER_KEY.name() + " is not set");
        }
        PgsqlSession pgsqlSession = getPgsqlSession(channelHandlerContext);
        if (num.intValue() < 0 || num.intValue() >= pgsqlSession.getServerSideChannels().size()) {
            throw new IndexOutOfBoundsException(String.format("invalid %s: value: %d, number of server endpoints: %d ", TCPConstants.SERVER_ENDPOINT_NUMBER_KEY.name(), num, Integer.valueOf(pgsqlSession.getServerSideChannels().size())));
        }
        return num.intValue();
    }

    private int getPreferredServerEndPoint(ChannelHandlerContext channelHandlerContext) {
        Integer num = (Integer) channelHandlerContext.channel().attr(TCPConstants.PREFERRED_SERVER_ENDPOINT_KEY).get();
        if (num == null) {
            throw new NullPointerException(TCPConstants.PREFERRED_SERVER_ENDPOINT_KEY.name() + " is not set");
        }
        PgsqlSession pgsqlSession = getPgsqlSession(channelHandlerContext);
        if (num.intValue() < 0 || num.intValue() >= pgsqlSession.getServerSideChannels().size()) {
            throw new IndexOutOfBoundsException(String.format("invalid %s: value: %d, number of server endpoints: %d ", TCPConstants.PREFERRED_SERVER_ENDPOINT_KEY.name(), num, Integer.valueOf(pgsqlSession.getServerSideChannels().size())));
        }
        return num.intValue();
    }

    public SessionMessageTransferMode<Void, Void> processStartupMessage(ChannelHandlerContext channelHandlerContext) throws IOException {
        LOGGER.debug("Start-up message");
        TransferMode transferMode = TransferMode.FORWARD;
        LinkedHashMap linkedHashMap = null;
        if (this.sslRequestReceived.get()) {
            LOGGER.trace("Session initialization completed");
            LOGGER.trace("Session {} on the frontend side", this.sessionEncryptedOnFrontendSide.get() ? "encrypted with SSL" : "not encrypted");
            LOGGER.trace("Session {} on the backend side", this.sessionEncryptedOnBackendSide.get() ? "encrypted with SSL" : "not encrypted");
        } else if (this.sslSessionInitializer.getClientMode() == SSLSessionInitializer.SSLMode.REQUIRED) {
            LOGGER.trace("Reply to the frontend that SSL is required");
            transferMode = TransferMode.ERROR;
            linkedHashMap = new LinkedHashMap();
            linkedHashMap.put((byte) 83, CString.valueOf("FATAL"));
            linkedHashMap.put((byte) 77, CString.valueOf("SSL is required"));
            LOGGER.trace("SSL request is ignored (due to an error on the frontend side)");
        } else if (this.sslSessionInitializer.getServerMode() == SSLSessionInitializer.SSLMode.REQUIRED) {
            LOGGER.trace("Handle SSL initialization with the backend");
            transferMode = TransferMode.ORCHESTRATE;
        } else {
            LOGGER.trace("Session initialization completed");
            LOGGER.trace("Session {} on the frontend side", this.sessionEncryptedOnFrontendSide.get() ? "encrypted with SSL" : "not encrypted");
            LOGGER.trace("Session {} on the backend side", this.sessionEncryptedOnBackendSide.get() ? "encrypted with SSL" : "not encrypted");
        }
        removeSessionInitializationRequestHandler(channelHandlerContext);
        if (transferMode != TransferMode.ORCHESTRATE) {
            removeSessionInitializationResponseHandler(channelHandlerContext, true);
            skipSSLResponse(channelHandlerContext);
        }
        SessionMessageTransferMode<Void, Void> sessionMessageTransferMode = new SessionMessageTransferMode<>((Object) null, transferMode, linkedHashMap);
        LOGGER.debug("Start-up message processed: transfer mode={}", sessionMessageTransferMode);
        return sessionMessageTransferMode;
    }

    public void waitForResponses(ChannelHandlerContext channelHandlerContext) throws IOException {
        PgsqlSession pgsqlSession = getPgsqlSession(channelHandlerContext);
        synchronized (this) {
            while (this.sslResponseReceived.get() < pgsqlSession.getServerSideChannels().size()) {
                try {
                    wait();
                } catch (InterruptedException e) {
                    throw new IOException(e);
                }
            }
        }
    }

    private void addSSLHandlerOnFrontendSide(ChannelHandlerContext channelHandlerContext) throws IOException {
        this.sslSessionInitializer.addSSLHandlerOnClientSide(channelHandlerContext, getPgsqlSession(channelHandlerContext).getClientSideChannel().pipeline()).addListener(new GenericFutureListener<Future<? super Channel>>() { // from class: eu.clarussecure.proxy.protocol.plugins.pgsql.message.ssl.SessionInitializer.1
            public void operationComplete(Future<? super Channel> future) throws Exception {
                SessionInitializer.this.sessionEncryptedOnFrontendSide.set(true);
                SessionInitializer.LOGGER.trace("SSL handshake for frontend side completed");
            }
        });
    }

    private void addSSLHandlerOnBackendSide(ChannelHandlerContext channelHandlerContext) throws SSLException {
        this.sslSessionInitializer.addSSLHandlerOnServerSide(channelHandlerContext).addListener(new GenericFutureListener<Future<? super Channel>>() { // from class: eu.clarussecure.proxy.protocol.plugins.pgsql.message.ssl.SessionInitializer.2
            public void operationComplete(Future<? super Channel> future) throws Exception {
                SessionInitializer.this.sessionEncryptedOnBackendSide.set(true);
                SessionInitializer.LOGGER.trace("SSL handshake for backend side completed");
            }
        });
    }

    private void removeSessionInitializationRequestHandler(ChannelHandlerContext channelHandlerContext) {
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        ChannelHandler channelHandler = pipeline.get("SessionInitializationRequestHandler");
        if (channelHandler != null) {
            pipeline.remove(channelHandler);
        }
    }

    private void removeSessionInitializationResponseHandler(ChannelHandlerContext channelHandlerContext, boolean z) {
        List singletonList;
        if (z) {
            singletonList = getPgsqlSession(channelHandlerContext).getServerSideChannels();
        } else {
            singletonList = Collections.singletonList(getPgsqlSession(channelHandlerContext).getServerSideChannel(getServerEndPoint(channelHandlerContext)));
        }
        Iterator it = singletonList.iterator();
        while (it.hasNext()) {
            ChannelPipeline pipeline = ((Channel) it.next()).pipeline();
            ChannelHandler channelHandler = pipeline.get("SessionInitializationResponseHandler");
            if (channelHandler != null) {
                pipeline.remove(channelHandler);
            }
        }
    }

    private void skipSSLResponse(ChannelHandlerContext channelHandlerContext) {
        Iterator it = getPgsqlSession(channelHandlerContext).getServerSideChannels().iterator();
        while (it.hasNext()) {
            ((Channel) it.next()).pipeline().get("PgsqlPartCodec").skipFirstMessages();
        }
    }

    public SessionMessageTransferMode<Void, Void> processCancelRequest(ChannelHandlerContext channelHandlerContext, int i, int i2, int i3) throws IOException {
        LOGGER.debug("Cancel request: code={}, process ID={}, secret key={}", new Object[]{Integer.valueOf(i), Integer.valueOf(i2), Integer.valueOf(i3)});
        TransferMode transferMode = TransferMode.FORWARD;
        LOGGER.trace("Forward the cancel request");
        SessionMessageTransferMode<Void, Void> sessionMessageTransferMode = new SessionMessageTransferMode<>((Object) null, transferMode, (Map<Byte, CString>) null);
        LOGGER.debug("Cancel request processed: transfer mode={}", sessionMessageTransferMode);
        return sessionMessageTransferMode;
    }

    private PgsqlSession getPgsqlSession(ChannelHandlerContext channelHandlerContext) {
        return (PgsqlSession) channelHandlerContext.channel().attr(PgsqlConstants.SESSION_KEY).get();
    }
}
