package org.opcfoundation.ua.transport.tcp.nio;

import ch.qos.logback.core.FileAppender;
import java.io.IOException;
import java.net.Socket;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import org.opcfoundation.ua.builtintypes.StatusCode;
import org.opcfoundation.ua.builtintypes.UnsignedInteger;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.core.CloseSecureChannelRequest;
import org.opcfoundation.ua.core.EndpointConfiguration;
import org.opcfoundation.ua.core.MessageSecurityMode;
import org.opcfoundation.ua.core.OpenSecureChannelRequest;
import org.opcfoundation.ua.core.SecurityTokenRequestType;
import org.opcfoundation.ua.core.StatusCodes;
import org.opcfoundation.ua.encoding.EncoderContext;
import org.opcfoundation.ua.encoding.EncoderMode;
import org.opcfoundation.ua.encoding.IEncodeable;
import org.opcfoundation.ua.encoding.binary.BinaryEncoder;
import org.opcfoundation.ua.encoding.binary.EncoderCalc;
import org.opcfoundation.ua.transport.AsyncWrite;
import org.opcfoundation.ua.transport.CloseableObject;
import org.opcfoundation.ua.transport.CloseableObjectState;
import org.opcfoundation.ua.transport.Endpoint;
import org.opcfoundation.ua.transport.EndpointBinding;
import org.opcfoundation.ua.transport.IConnectionListener;
import org.opcfoundation.ua.transport.ServerSecureChannel;
import org.opcfoundation.ua.transport.endpoint.AbstractServerSecureChannel;
import org.opcfoundation.ua.transport.endpoint.EndpointBindingCollection;
import org.opcfoundation.ua.transport.security.Cert;
import org.opcfoundation.ua.transport.security.CertificateValidator;
import org.opcfoundation.ua.transport.security.KeyPair;
import org.opcfoundation.ua.transport.security.SecurityAlgorithm;
import org.opcfoundation.ua.transport.security.SecurityConfiguration;
import org.opcfoundation.ua.transport.security.SecurityMode;
import org.opcfoundation.ua.transport.security.SecurityPolicy;
import org.opcfoundation.ua.transport.tcp.impl.Acknowledge;
import org.opcfoundation.ua.transport.tcp.impl.ChunkAsymmEncryptSigner;
import org.opcfoundation.ua.transport.tcp.impl.ChunkFactory;
import org.opcfoundation.ua.transport.tcp.impl.ChunkSymmEncryptSigner;
import org.opcfoundation.ua.transport.tcp.impl.ChunkUtils;
import org.opcfoundation.ua.transport.tcp.impl.ErrorMessage;
import org.opcfoundation.ua.transport.tcp.impl.Hello;
import org.opcfoundation.ua.transport.tcp.impl.SecurityToken;
import org.opcfoundation.ua.transport.tcp.impl.TcpMessageType;
import org.opcfoundation.ua.transport.tcp.nio.Channel;
import org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder;
import org.opcfoundation.ua.utils.CertificateUtils;
import org.opcfoundation.ua.utils.CryptoUtil;
import org.opcfoundation.ua.utils.IStatefulObject;
import org.opcfoundation.ua.utils.ObjectUtils;
import org.opcfoundation.ua.utils.StackUtils;
import org.opcfoundation.ua.utils.StateListener;
import org.opcfoundation.ua.utils.TimerUtil;
import org.opcfoundation.ua.utils.asyncsocket.AsyncInputStream;
import org.opcfoundation.ua.utils.asyncsocket.AsyncSocket;
import org.opcfoundation.ua.utils.asyncsocket.AsyncSocketImpl;
import org.opcfoundation.ua.utils.asyncsocket.BufferMonitorState;
import org.opcfoundation.ua.utils.asyncsocket.MonitorListener;
import org.opcfoundation.ua.utils.asyncsocket.SocketState;
import org.opcfoundation.ua.utils.bytebuffer.ByteBufferArrayWriteable2;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opc-ua-stack-1.3.346-197.jar:org/opcfoundation/ua/transport/tcp/nio/OpcTcpServerConnection.class */
public class OpcTcpServerConnection extends AbstractServerConnection {
    private static final Logger logger;
    private static long handshakeTimeout;
    int agreedProtocolVersion;
    EndpointBinding binding;
    OpcTcpServer endpointServer;
    AsyncSocket s;
    TimerTask timeoutTimer;
    EncoderContext encoderCtx;
    EndpointConfiguration endpointConfiguration;
    static final /* synthetic */ boolean $assertionsDisabled;
    Map<Integer, PendingRequest> pendingRequests = new ConcurrentHashMap();
    Timer timer = TimerUtil.getTimer();
    Runnable timeout = new Runnable() { // from class: org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.1
        @Override // java.lang.Runnable
        public void run() {
            OpcTcpServerConnection.this.setError(StatusCodes.Bad_Timeout);
        }
    };
    MonitorListener inputListener = new MonitorListener() { // from class: org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.2
        @Override // org.opcfoundation.ua.utils.StateListener
        public void onStateTransition(IStatefulObject<BufferMonitorState, ?> iStatefulObject, BufferMonitorState bufferMonitorState, BufferMonitorState bufferMonitorState2) {
            if (bufferMonitorState2.isUnreachable()) {
                if (OpcTcpServerConnection.this.secureMessageBuilder != null) {
                    OpcTcpServerConnection.this.secureMessageBuilder.close();
                    OpcTcpServerConnection.this.secureMessageBuilder = null;
                    return;
                }
                return;
            }
            if (bufferMonitorState2 != BufferMonitorState.Triggered) {
                OpcTcpServerConnection.logger.error("Unexpected trigger state {}", bufferMonitorState2);
                return;
            }
            AsyncInputStream inputStream = OpcTcpServerConnection.this.s.getInputStream();
            ByteBuffer peek = inputStream.peek(8);
            peek.order(ByteOrder.LITTLE_ENDIAN);
            peek.getInt();
            int i = peek.getInt();
            if (i < 12) {
                OpcTcpServerConnection.this.setError(StatusCodes.Bad_TcpInternalError);
                if (OpcTcpServerConnection.this.secureMessageBuilder != null) {
                    OpcTcpServerConnection.this.secureMessageBuilder.close();
                    return;
                }
                return;
            }
            if (i > OpcTcpServerConnection.this.ctx.maxRecvChunkSize) {
                OpcTcpServerConnection.this.setError(new ServiceResultException(StatusCodes.Bad_TcpMessageTooLarge, "Chunk size (" + i + ") exceeded maximum (" + OpcTcpServerConnection.this.ctx.maxRecvChunkSize + ")"));
                if (OpcTcpServerConnection.this.secureMessageBuilder != null) {
                    OpcTcpServerConnection.this.secureMessageBuilder.close();
                    return;
                }
                return;
            }
            if (inputStream.available() < i) {
                inputStream.createMonitor(inputStream.getPosition() + i, this);
                return;
            }
            ByteBuffer read = inputStream.read(i);
            read.rewind();
            try {
                try {
                    OpcTcpServerConnection.this.handleChunk(read);
                } catch (RuntimeException e) {
                    OpcTcpServerConnection.logger.warn("Error in handleChunk", (Throwable) e);
                    throw StackUtils.toServiceResultException(e);
                }
            } catch (ServiceResultException e2) {
                OpcTcpServerConnection.logger.info("Error in handleChunk", (Throwable) e2);
                OpcTcpServerConnection.this.setError(e2);
            }
            inputStream.createMonitor(inputStream.getPosition() + 8, this);
        }
    };
    SecureInputMessageBuilder.MessageListener messageListener = new SecureInputMessageBuilder.MessageListener() { // from class: org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.3
        @Override // org.opcfoundation.ua.transport.tcp.nio.SecureInputMessageBuilder.MessageListener
        public void onMessageComplete(InputMessage inputMessage) {
            IEncodeable message = inputMessage.getMessage();
            Iterator<Channel.ChannelListener> it = OpcTcpServerConnection.this.channelListeners.iterator();
            while (it.hasNext()) {
                if (it.next().handleMessage(inputMessage)) {
                    return;
                }
            }
            if (message == null) {
                synchronized (this) {
                    Exception error = inputMessage.getError();
                    if (error == null) {
                        return;
                    }
                    OpcTcpServerConnection.this.setError(StackUtils.toServiceResultException(error));
                    return;
                }
            }
            try {
                if (inputMessage.getMessageType() == 4674381) {
                    OpcTcpServerConnection.this.handleSecureMessage(inputMessage);
                } else if (inputMessage.getMessageType() == 5196867) {
                    OpcTcpServerConnection.this.handleCloseSecureChannelRequest(inputMessage);
                } else if (inputMessage.getMessageType() == 5132367) {
                    OpcTcpServerConnection.this.handleOpenSecureChannelRequest(inputMessage);
                }
            } catch (ServiceResultException e) {
                OpcTcpServerConnection.this.setError(e);
            }
        }
    };

    public static long getHandshakeTimeout() {
        return handshakeTimeout;
    }

    public static void setHandshakeTimeout(long j) {
        handshakeTimeout = j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpcTcpServerConnection(OpcTcpServer opcTcpServer, AsyncSocketImpl asyncSocketImpl) {
        this.endpointServer = opcTcpServer;
        this.s = asyncSocketImpl;
        this.encoderCtx = opcTcpServer.getEncoderContext();
        this.socketListener = new StateListener<SocketState>() { // from class: org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.4
            @Override // org.opcfoundation.ua.utils.StateListener
            public void onStateTransition(IStatefulObject<SocketState, ?> iStatefulObject, SocketState socketState, SocketState socketState2) {
                if (socketState2 == SocketState.Error) {
                    OpcTcpServerConnection.this.setError(StackUtils.toServiceResultException(OpcTcpServerConnection.this.s.getStateMonitor().getError()));
                }
                if (socketState2 == SocketState.Closed) {
                    OpcTcpServerConnection.this.close();
                }
            }
        };
        setState(CloseableObjectState.Opening);
        asyncSocketImpl.getStateMonitor().addStateListener(this.socketListener);
        asyncSocketImpl.getInputStream().createMonitor(8L, this.inputListener);
        this.timeoutTimer = TimerUtil.schedule(this.timer, this.timeout, StackUtils.getBlockingWorkExecutor(), System.currentTimeMillis() + handshakeTimeout);
    }

    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection, org.opcfoundation.ua.transport.ServerConnection
    public void addConnectionListener(IConnectionListener iConnectionListener) {
        logger.debug("addConnectionListener: listener={}", iConnectionListener);
        super.addConnectionListener(iConnectionListener);
    }

    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection, org.opcfoundation.ua.transport.CloseableObject
    public synchronized CloseableObject close() {
        try {
            setState(CloseableObjectState.Closing);
            return this;
        } finally {
            try {
                this.s.close();
            } catch (IOException e) {
            }
            setState(CloseableObjectState.Closed);
        }
    }

    @Override // org.opcfoundation.ua.transport.ServerConnection
    public SocketAddress getLocalAddress() {
        Socket socket = this.s.socket();
        if (socket == null) {
            return null;
        }
        return socket.getLocalSocketAddress();
    }

    @Override // org.opcfoundation.ua.transport.ServerConnection
    public SocketAddress getRemoteAddress() {
        Socket socket = this.s.socket();
        if (socket == null) {
            return null;
        }
        return socket.getRemoteSocketAddress();
    }

    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection, org.opcfoundation.ua.transport.ServerConnection
    public void removeConnectionListener(IConnectionListener iConnectionListener) {
        logger.debug("removeConnectionListener: listener={}", iConnectionListener);
        super.removeConnectionListener(iConnectionListener);
        cancelTimeoutTimer();
    }

    private String trimUrl(String str) {
        if (str == null) {
            return null;
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        return str;
    }

    protected void cancelTimeoutTimer() {
        if (this.timeoutTimer != null) {
            this.timeoutTimer.cancel();
            this.timeoutTimer = null;
            this.timeout = null;
        }
    }

    protected void endChunkSend(ByteBuffer byteBuffer) {
        this.chunkIncubator.hatch(byteBuffer);
        synchronized (this) {
            while (this.chunkIncubator.nextIsHatched()) {
                ByteBuffer removeNextHatchedIfAvailable = this.chunkIncubator.removeNextHatchedIfAvailable();
                removeNextHatchedIfAvailable.rewind();
                this.s.getOutputStream().offer(removeNextHatchedIfAvailable);
            }
        }
    }

    protected BufferMonitorState flush(long j) throws InterruptedException, IOException {
        return this.s.getOutputStream().createMonitor(j, null).waitForState(BufferMonitorState.FINAL_STATES);
    }

    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection
    protected CertificateValidator getRemoteCertificateValidator() {
        if (this.binding == null) {
            return null;
        }
        return this.binding.serviceServer.getApplication().getOpctcpSettings().getCertificateValidator();
    }

    protected void handleAcknowledgeMessage(Acknowledge acknowledge) throws ServiceResultException {
        throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
    }

    protected void handleAsymmChunk(ByteBuffer byteBuffer) throws ServiceResultException {
        Cert cert;
        StatusCode validateCertificate;
        byteBuffer.rewind();
        if (this.secureMessageBuilder != null && !this.secureMessageBuilder.moreChunksRequired()) {
            this.secureMessageBuilder = null;
        }
        if (this.secureMessageBuilder == null) {
            int secureChannelId = ChunkUtils.getSecureChannelId(byteBuffer);
            OpcTcpServerSecureChannel opcTcpServerSecureChannel = (OpcTcpServerSecureChannel) this.secureChannels.get(Integer.valueOf(secureChannelId));
            String string = ChunkUtils.getString(byteBuffer);
            SecurityPolicy securityPolicy = SecurityPolicy.getSecurityPolicy(string);
            if (securityPolicy == null) {
                logger.warn("Security policy \"{}\" is not supported by the stack", string);
                throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, "Security policy \"" + string + "\" is not supported by the stack");
            }
            byte[] byteString = ChunkUtils.getByteString(byteBuffer);
            byte[] byteString2 = ChunkUtils.getByteString(byteBuffer);
            logger.debug("secureChannelId={}", Integer.valueOf(secureChannelId));
            logger.debug("secureChannel={}", opcTcpServerSecureChannel);
            logger.debug("securityPolicyUri={}", string);
            logger.debug("securityPolicy={}", securityPolicy);
            logger.debug("encodedRemoteCertificate={}", byteString);
            logger.debug("encodedLocalCertificateThumbprint={}", byteString2);
            KeyPair applicationInstanceCertificate = this.binding.serviceServer.getApplication().getApplicationInstanceCertificate(byteString2);
            if (applicationInstanceCertificate == null && securityPolicy != SecurityPolicy.NONE) {
                logger.warn("Requested Application Instance Certificate is not found in the server");
                throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Requested Application Instance Certificate is not found in the server");
            }
            if (byteString == null) {
                cert = null;
            } else {
                try {
                    cert = new Cert(CertificateUtils.decodeX509Certificate(byteString));
                } catch (CertificateException e) {
                    throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed);
                }
            }
            Cert cert2 = cert;
            CertificateValidator remoteCertificateValidator = getRemoteCertificateValidator();
            if (remoteCertificateValidator != null && (validateCertificate = remoteCertificateValidator.validateCertificate(cert2)) != null && !validateCertificate.isGood()) {
                logger.warn("Remote certificate not accepted: {}", validateCertificate.toString());
                throw new ServiceResultException(validateCertificate);
            }
            this.securityConfiguration = new SecurityConfiguration(new SecurityMode(securityPolicy, securityPolicy == SecurityPolicy.NONE ? MessageSecurityMode.None : MessageSecurityMode.SignAndEncrypt), applicationInstanceCertificate, cert2);
            this.secureMessageBuilder = new SecureInputMessageBuilder(this.securityConfiguration, this.messageListener, this.ctx, this.encoderCtx, opcTcpServerSecureChannel == null ? null : opcTcpServerSecureChannel.recvSequenceNumber);
        }
        logger.debug("onAsymmSecureChunk: {}", byteBuffer);
        this.secureMessageBuilder.addChunk(byteBuffer);
    }

    protected void handleChunk(ByteBuffer byteBuffer) throws ServiceResultException {
        int messageType = ChunkUtils.getMessageType(byteBuffer) & TcpMessageType.MESSAGE_TYPE_MASK;
        if (messageType == 4674381) {
            handleSymmChunk(byteBuffer);
            return;
        }
        if (messageType == 5196867) {
            handleCloseChunk(byteBuffer);
            return;
        }
        if (messageType == 5132367) {
            handleAsymmChunk(byteBuffer);
        } else if (messageType == 4998472 || messageType == 4932417 || messageType == 5395013) {
            handleRawChunk(byteBuffer);
        } else {
            close();
        }
    }

    protected void handleCloseChunk(ByteBuffer byteBuffer) throws ServiceResultException {
        close();
    }

    protected void handleCloseSecureChannelRequest(InputMessage inputMessage) throws ServiceResultException {
        logger.debug("onCloseChannel");
        IEncodeable message = inputMessage.getMessage();
        if (!(message instanceof CloseSecureChannelRequest)) {
            throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
        }
        CloseSecureChannelRequest closeSecureChannelRequest = (CloseSecureChannelRequest) message;
        OpcTcpServerSecureChannel opcTcpServerSecureChannel = (OpcTcpServerSecureChannel) this.secureChannels.get(Integer.valueOf(inputMessage.getSecureChannelId()));
        if (opcTcpServerSecureChannel == null) {
            throw new ServiceResultException(StatusCodes.Bad_SecureChannelIdInvalid);
        }
        opcTcpServerSecureChannel.handleCloseSecureChannelRequest(inputMessage, closeSecureChannelRequest);
    }

    protected void handleErrorMessage(ErrorMessage errorMessage) {
        logger.debug("onError: {}", errorMessage);
        setError(errorMessage.getError());
    }

    protected void handleHelloMessage(Hello hello) throws ServiceResultException {
        cancelTimeoutTimer();
        EndpointBindingCollection endpointBindings = this.endpointServer.getEndpointBindings();
        if (endpointBindings == null) {
            throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
        }
        String trimUrl = trimUrl(hello.getEndpointUrl());
        logger.debug("onHello: url={}", trimUrl);
        if (trimUrl == null || trimUrl.equals("")) {
            this.binding = this.endpointServer.discoveryEndpointBinding;
        } else {
            List<EndpointBinding> list = endpointBindings.get(trimUrl);
            if (list.isEmpty()) {
                this.binding = endpointBindings.getDefault(trimUrl);
                if (this.binding == null) {
                    throw new ServiceResultException(StatusCodes.Bad_TcpEndpointUrlInvalid);
                }
            } else {
                this.binding = list.get(0);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug(" endpoints={}", Arrays.toString(endpointBindings.getEndpointAddresses().toArray(new Endpoint[0])));
            logger.debug(" endpoint=" + (this.binding == null ? "binding is null" : this.binding.endpointAddress));
        }
        if (getState() != CloseableObjectState.Opening) {
            throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
        }
        Acknowledge acknowledge = new Acknowledge();
        if (hello.getSendBufferSize().longValue() < FileAppender.DEFAULT_BUFFER_SIZE) {
            setError(new ServiceResultException(StatusCodes.Bad_TcpInternalError, "Peer send buffer size <  8192"));
        }
        if (hello.getReceiveBufferSize().longValue() < FileAppender.DEFAULT_BUFFER_SIZE) {
            setError(new ServiceResultException(StatusCodes.Bad_TcpInternalError, "Peer recv buffer size <  8192"));
        }
        if (getError() != null) {
            logger.warn("onHello: " + getError());
        }
        this.agreedProtocolVersion = Math.min(0, hello.getProtocolVersion().intValue());
        acknowledge.setProtocolVersion(UnsignedInteger.getFromBits(this.agreedProtocolVersion));
        if (hello.getMaxMessageSize() != null && hello.getMaxMessageSize().intValue() != 0) {
            if (this.ctx.maxSendMessageSize == 0) {
                this.ctx.maxSendMessageSize = hello.getMaxMessageSize().intValue();
            } else {
                this.ctx.maxSendMessageSize = Math.min(this.ctx.maxSendMessageSize, hello.getMaxMessageSize().intValue());
            }
        }
        if (this.binding != null) {
            int intValue = this.binding.endpointAddress.getEndpointConfiguration().getMaxMessageSize().intValue();
            this.ctx.maxSendMessageSize = this.ctx.maxSendMessageSize == 0 ? intValue : Math.min(this.ctx.maxSendMessageSize, intValue);
            this.ctx.maxRecvMessageSize = this.ctx.maxRecvMessageSize == 0 ? intValue : Math.min(this.ctx.maxRecvMessageSize, intValue);
            this.encoderCtx.maxMessageSize = intValue;
        } else {
            this.encoderCtx.maxMessageSize = this.ctx.maxSendMessageSize;
        }
        if (hello.getMaxChunkCount().intValue() != 0) {
            this.ctx.maxSendChunkCount = Math.min(this.ctx.maxSendChunkCount, hello.getMaxChunkCount().intValue());
        }
        acknowledge.setMaxChunkCount(UnsignedInteger.getFromBits(this.ctx.maxRecvChunkCount));
        this.ctx.maxSendChunkSize = Math.min(hello.getReceiveBufferSize().intValue(), this.ctx.maxSendChunkSize);
        this.ctx.maxRecvChunkSize = Math.min(hello.getSendBufferSize().intValue(), this.ctx.maxRecvChunkSize);
        acknowledge.setSendBufferSize(UnsignedInteger.getFromBits(this.ctx.maxSendChunkSize));
        acknowledge.setReceiveBufferSize(UnsignedInteger.getFromBits(this.ctx.maxRecvChunkSize));
        this.ctx.maxRecvChunkSize = Math.min(this.ctx.maxRecvChunkSize, hello.getReceiveBufferSize().intValue());
        this.ctx.maxSendChunkSize = Math.min(this.ctx.maxSendChunkSize, hello.getSendBufferSize().intValue());
        setState(CloseableObjectState.Opening);
        this.ctx.endpointUrl = hello.getEndpointUrl();
        sendAcknowledge(acknowledge);
        setState(CloseableObjectState.Open);
    }

    protected void handleOpenSecureChannelRequest(InputMessage inputMessage) throws ServiceResultException {
        IEncodeable message = inputMessage.getMessage();
        if (message == null) {
            synchronized (this) {
                Exception error = inputMessage.getError();
                logger.warn("InputMessage has error", (Throwable) error);
                throw new ServiceResultException(StatusCodes.Bad_UnexpectedError, error);
            }
        }
        if (!(message instanceof OpenSecureChannelRequest)) {
            throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
        }
        OpenSecureChannelRequest openSecureChannelRequest = (OpenSecureChannelRequest) message;
        if (openSecureChannelRequest.getRequestType() == SecurityTokenRequestType.Issue) {
            OpcTcpServerSecureChannel opcTcpServerSecureChannel = new OpcTcpServerSecureChannel(this, this.endpointServer.secureChannelCounter.incrementAndGet());
            logger.debug("handleOpenSecureChannelRequest: endpointServer={} SecureChannelId={}", this.endpointServer, Integer.valueOf(opcTcpServerSecureChannel.getSecureChannelId()));
            opcTcpServerSecureChannel.handleOpenChannel(inputMessage, openSecureChannelRequest);
        } else if (openSecureChannelRequest.getRequestType() == SecurityTokenRequestType.Renew) {
            OpcTcpServerSecureChannel opcTcpServerSecureChannel2 = (OpcTcpServerSecureChannel) this.secureChannels.get(Integer.valueOf(inputMessage.getSecureChannelId()));
            if (opcTcpServerSecureChannel2 == null) {
                throw new ServiceResultException(StatusCodes.Bad_SecureChannelIdInvalid);
            }
            if (!ObjectUtils.objectEquals(openSecureChannelRequest.getRequestType(), SecurityTokenRequestType.Renew)) {
                throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
            }
            opcTcpServerSecureChannel2.handleRenewSecureChannelRequest(inputMessage, openSecureChannelRequest);
        }
        for (Object obj : this.secureChannels.values().toArray()) {
            if (((AbstractServerSecureChannel) obj).getState().equals(CloseableObjectState.Closed)) {
                this.secureChannels.remove(Integer.valueOf(((AbstractServerSecureChannel) obj).getSecureChannelId()));
            }
        }
    }

    protected void handleRawChunk(ByteBuffer byteBuffer) {
        int messageType = ChunkUtils.getMessageType(byteBuffer);
        int i = messageType & TcpMessageType.MESSAGE_TYPE_MASK;
        if ((messageType & TcpMessageType.CHUNK_TYPE_MASK) != 1174405120) {
            close();
        }
        byteBuffer.position(8);
        try {
            if (i == 4998472) {
                handleHelloMessage((Hello) new ChunksToMessage(this.ctx, this.encoderCtx, Hello.class, byteBuffer).call());
            } else {
                if (i != 4932417) {
                    if (i == 5395013) {
                        handleErrorMessage((ErrorMessage) new ChunksToMessage(this.ctx, this.encoderCtx, ErrorMessage.class, byteBuffer).call());
                    }
                }
                handleAcknowledgeMessage((Acknowledge) new ChunksToMessage(this.ctx, this.encoderCtx, Acknowledge.class, byteBuffer).call());
            }
        } catch (Exception e) {
            setError(StackUtils.toServiceResultException(e));
        }
    }

    protected void handleSecureMessage(InputMessage inputMessage) throws ServiceResultException {
        IEncodeable message = inputMessage.getMessage();
        int secureChannelId = inputMessage.getSecureChannelId();
        if (logger.isDebugEnabled()) {
            logger.debug("handleSecureMessage: secureChannelId=" + secureChannelId + "msg=" + (message == null ? "null" : message.getClass().getSimpleName()));
        }
        OpcTcpServerSecureChannel opcTcpServerSecureChannel = (OpcTcpServerSecureChannel) this.secureChannels.get(Integer.valueOf(secureChannelId));
        if (opcTcpServerSecureChannel == null) {
            throw new ServiceResultException(StatusCodes.Bad_SecureChannelIdInvalid);
        }
        if (message instanceof OpenSecureChannelRequest) {
            OpenSecureChannelRequest openSecureChannelRequest = (OpenSecureChannelRequest) message;
            if (!ObjectUtils.objectEquals(openSecureChannelRequest.getRequestType(), SecurityTokenRequestType.Renew)) {
                throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
            }
            opcTcpServerSecureChannel.handleRenewSecureChannelRequest(inputMessage, openSecureChannelRequest);
            return;
        }
        if (message instanceof CloseSecureChannelRequest) {
            opcTcpServerSecureChannel.handleCloseSecureChannelRequest(inputMessage, (CloseSecureChannelRequest) message);
        } else {
            opcTcpServerSecureChannel.handleSecureMessage(inputMessage, message);
        }
    }

    protected void handleSymmChunk(ByteBuffer byteBuffer) throws ServiceResultException {
        int secureChannelId = ChunkUtils.getSecureChannelId(byteBuffer);
        int tokenId = ChunkUtils.getTokenId(byteBuffer);
        byteBuffer.rewind();
        OpcTcpServerSecureChannel opcTcpServerSecureChannel = (OpcTcpServerSecureChannel) this.secureChannels.get(Integer.valueOf(secureChannelId));
        if (opcTcpServerSecureChannel == null) {
            throw new ServiceResultException(StatusCodes.Bad_TcpSecureChannelUnknown);
        }
        if (opcTcpServerSecureChannel.getState().equals(CloseableObjectState.Closed)) {
            throw new ServiceResultException(StatusCodes.Bad_SecureChannelIdInvalid);
        }
        SecurityToken securityToken = opcTcpServerSecureChannel.getSecurityToken(tokenId);
        if (securityToken == null) {
            throw new ServiceResultException(StatusCodes.Bad_SecureChannelTokenUnknown);
        }
        if (!securityToken.isValid()) {
            securityToken = opcTcpServerSecureChannel.getLatestNonExpiredToken();
        }
        if (securityToken == null || !securityToken.isValid()) {
            System.err.println("Token expired");
            throw new ServiceResultException(StatusCodes.Bad_SecureChannelClosed);
        }
        SecurityToken activeSecurityToken = opcTcpServerSecureChannel.getActiveSecurityToken();
        if (securityToken != activeSecurityToken) {
            logger.debug("handleSymmChunk: activeToken={}, token={}", activeSecurityToken, securityToken);
            if (activeSecurityToken.getCreationTime() < securityToken.getCreationTime()) {
                opcTcpServerSecureChannel.setActiveSecurityToken(securityToken);
            }
        }
        logger.debug("handleSymmChunk: {}", this.secureMessageBuilder);
        if (this.secureMessageBuilder != null && !this.secureMessageBuilder.moreChunksRequired()) {
            this.secureMessageBuilder = null;
        }
        if (this.secureMessageBuilder == null) {
            this.secureMessageBuilder = new SecureInputMessageBuilder(securityToken, this.messageListener, this.ctx, this.encoderCtx, opcTcpServerSecureChannel.recvSequenceNumber);
            logger.debug("handleSymmChunk: secureMessageBuilder={}", this.secureMessageBuilder);
        }
        this.secureMessageBuilder.addChunk(byteBuffer);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection, org.opcfoundation.ua.utils.AbstractState
    public synchronized void onStateTransition(CloseableObjectState closeableObjectState, CloseableObjectState closeableObjectState2) {
        super.onStateTransition(closeableObjectState, closeableObjectState2);
        logger.debug("onStateTransition: {}->{}", closeableObjectState, closeableObjectState2);
        if (closeableObjectState2 == CloseableObjectState.Closing) {
            ServiceResultException serviceResultException = (ServiceResultException) getError();
            ArrayList<ServerSecureChannel> arrayList = new ArrayList();
            getSecureChannels(arrayList);
            for (ServerSecureChannel serverSecureChannel : arrayList) {
                OpcTcpServerSecureChannel opcTcpServerSecureChannel = (OpcTcpServerSecureChannel) serverSecureChannel;
                if (opcTcpServerSecureChannel != null && serviceResultException != null) {
                    opcTcpServerSecureChannel.setError(serviceResultException);
                }
                serverSecureChannel.close();
            }
        }
    }

    protected void sendAcknowledge(Acknowledge acknowledge) throws ServiceResultException {
        ChunkFactory.AcknowledgeChunkFactory acknowledgeChunkFactory = new ChunkFactory.AcknowledgeChunkFactory();
        ByteBuffer[] expandToCompleteChunk = acknowledgeChunkFactory.expandToCompleteChunk(new MessageToChunks(acknowledge, this.ctx, this.encoderCtx, acknowledgeChunkFactory, MessageType.Encodeable).call());
        if (!$assertionsDisabled && expandToCompleteChunk.length != 1) {
            throw new AssertionError();
        }
        expandToCompleteChunk[0].putInt(TcpMessageType.ACKF);
        expandToCompleteChunk[0].rewind();
        sendChunks(expandToCompleteChunk);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection
    public int sendAsymmSecureMessage(AsyncWrite asyncWrite, SecurityConfiguration securityConfiguration, int i, int i2, AtomicInteger atomicInteger) throws ServiceResultException {
        synchronized (asyncWrite) {
            if (asyncWrite.isCanceled()) {
                return -1;
            }
            asyncWrite.setQueued();
            ChunkFactory.AsymmMsgChunkFactory asymmMsgChunkFactory = new ChunkFactory.AsymmMsgChunkFactory(this.ctx.maxSendChunkSize, securityConfiguration);
            ByteBuffer[] call = new MessageToChunks(asyncWrite.getMessage(), this.ctx, this.encoderCtx, asymmMsgChunkFactory, MessageType.Message).call();
            ByteBuffer[] expandToCompleteChunk = asymmMsgChunkFactory.expandToCompleteChunk(call);
            synchronized (asyncWrite) {
                if (asyncWrite.isCanceled()) {
                    return -1;
                }
                asyncWrite.setWriting();
                SecurityPolicy securityPolicy = securityConfiguration.getSecurityPolicy();
                startChunkSend(expandToCompleteChunk);
                for (int i3 = 0; i3 < expandToCompleteChunk.length; i3++) {
                    ByteBuffer byteBuffer = expandToCompleteChunk[i3];
                    ByteBuffer byteBuffer2 = call[i3];
                    boolean z = byteBuffer == expandToCompleteChunk[expandToCompleteChunk.length - 1];
                    byteBuffer.rewind();
                    byteBuffer.putInt(5132367 | (z ? TcpMessageType.FINAL : TcpMessageType.CONTINUE));
                    byteBuffer.position(8);
                    byteBuffer.putInt(i);
                    byte[] encodedPolicyUri = securityPolicy.getEncodedPolicyUri();
                    byteBuffer.putInt(encodedPolicyUri.length);
                    byteBuffer.put(encodedPolicyUri);
                    byte[] encodedLocalCertificate = securityConfiguration.getEncodedLocalCertificate();
                    byteBuffer.putInt(encodedLocalCertificate == null ? -1 : encodedLocalCertificate.length);
                    if (encodedLocalCertificate != null) {
                        byteBuffer.put(encodedLocalCertificate);
                    }
                    byte[] encodedRemoteCertificateThumbprint = securityConfiguration.getEncodedRemoteCertificateThumbprint();
                    byteBuffer.putInt(encodedRemoteCertificateThumbprint == null ? -1 : encodedRemoteCertificateThumbprint.length);
                    if (encodedRemoteCertificateThumbprint != null) {
                        byteBuffer.put(encodedRemoteCertificateThumbprint);
                    }
                    byteBuffer.putInt(atomicInteger.getAndIncrement());
                    byteBuffer.putInt(i2);
                    new ChunkAsymmEncryptSigner(byteBuffer, byteBuffer2, securityConfiguration).run();
                    byteBuffer.rewind();
                    endChunkSend(byteBuffer);
                }
                asyncWrite.setWritten();
                return expandToCompleteChunk.length;
            }
        }
    }

    protected synchronized void sendChunks(ByteBuffer... byteBufferArr) {
        startChunkSend(byteBufferArr);
        for (ByteBuffer byteBuffer : byteBufferArr) {
            endChunkSend(byteBuffer);
        }
    }

    protected void sendError(ErrorMessage errorMessage) throws ServiceResultException {
        ChunkFactory.ErrorMessageChunkFactory errorMessageChunkFactory = new ChunkFactory.ErrorMessageChunkFactory();
        ByteBuffer[] expandToCompleteChunk = errorMessageChunkFactory.expandToCompleteChunk(new MessageToChunks(errorMessage, this.ctx, this.encoderCtx, errorMessageChunkFactory, MessageType.Encodeable).call());
        if (!$assertionsDisabled && expandToCompleteChunk.length != 1) {
            throw new AssertionError();
        }
        expandToCompleteChunk[0].putInt(TcpMessageType.ERRF);
        expandToCompleteChunk[0].rewind();
        sendChunks(expandToCompleteChunk);
    }

    protected void sendHello(Hello hello) {
        this.ctx.endpointUrl = hello.getEndpointUrl();
        ChunkFactory chunkFactory = new ChunkFactory(this.ctx.maxSendChunkSize, 8, 0, 0, 0, 1, MessageSecurityMode.None, 0);
        ByteBuffer[] expandToCompleteChunk = chunkFactory.expandToCompleteChunk(new MessageToChunks(hello, this.ctx, this.encoderCtx, chunkFactory, MessageType.Encodeable).call());
        if (!$assertionsDisabled && expandToCompleteChunk.length != 1) {
            throw new AssertionError();
        }
        expandToCompleteChunk[0].putInt(TcpMessageType.HELF);
        expandToCompleteChunk[0].rewind();
        sendChunks(expandToCompleteChunk);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection
    public void sendSecureMessage(final AsyncWrite asyncWrite, final SecurityToken securityToken, int i, int i2, AtomicInteger atomicInteger) {
        int andAdd;
        if (!$assertionsDisabled && securityToken == null) {
            throw new AssertionError();
        }
        try {
            synchronized (asyncWrite) {
                if (asyncWrite.isCanceled()) {
                    return;
                }
                asyncWrite.setQueued();
                if (logger.isTraceEnabled()) {
                    logger.trace("sendSecureMessage: " + ObjectUtils.printFieldsDeep(asyncWrite.getMessage()));
                }
                EncoderCalc encoderCalc = new EncoderCalc();
                encoderCalc.setEncoderContext(this.encoderCtx);
                encoderCalc.putMessage(asyncWrite.getMessage());
                int length = encoderCalc.getLength();
                if (length > this.ctx.maxSendMessageSize && this.ctx.maxSendMessageSize != 0) {
                    throw new ServiceResultException(StatusCodes.Bad_TcpMessageTooLarge);
                }
                SecurityPolicy securityPolicy = securityToken.getSecurityPolicy();
                MessageSecurityMode messageSecurityMode = securityToken.getMessageSecurityMode();
                SecurityAlgorithm symmetricEncryptionAlgorithm = securityPolicy.getSymmetricEncryptionAlgorithm();
                SecurityAlgorithm symmetricSignatureAlgorithm = securityPolicy.getSymmetricSignatureAlgorithm();
                int cipherBlockSize = CryptoUtil.getCipherBlockSize(symmetricEncryptionAlgorithm, null);
                int signatureSize = CryptoUtil.getSignatureSize(symmetricSignatureAlgorithm, null);
                int length2 = messageSecurityMode == MessageSecurityMode.SignAndEncrypt ? securityToken.getRemoteEncryptingKey().length : 0;
                int i3 = messageSecurityMode == MessageSecurityMode.SignAndEncrypt ? length2 > 2048 ? 2 : 1 : 0;
                int i4 = ((this.ctx.maxSendChunkSize - 24) - i3) - signatureSize;
                int i5 = i4 - ((((i4 + i3) + signatureSize) + 8) % cipherBlockSize);
                int cores = StackUtils.cores();
                int i6 = ((length + cores) - 1) / cores;
                if (i6 > i5) {
                    i6 = i5;
                }
                if (i6 < 4096) {
                    i6 = 4096;
                }
                ChunkFactory chunkFactory = new ChunkFactory(i6 + 24 + i3 + signatureSize, 8, 8, 8, signatureSize, cipherBlockSize, messageSecurityMode, length2);
                int i7 = ((length + chunkFactory.maxPlaintextSize) - 1) / chunkFactory.maxPlaintextSize;
                if (i7 > this.ctx.maxSendChunkCount && this.ctx.maxSendChunkCount != 0) {
                    throw new ServiceResultException(StatusCodes.Bad_TcpMessageTooLarge);
                }
                final boolean z = i7 > 1 && cores > 0 && messageSecurityMode != MessageSecurityMode.None;
                int i8 = length;
                final ByteBuffer[] byteBufferArr = new ByteBuffer[i7];
                final ByteBuffer[] byteBufferArr2 = new ByteBuffer[i7];
                for (int i9 = 0; i9 < i7; i9++) {
                    byteBufferArr[i9] = chunkFactory.allocate(i8);
                    byteBufferArr2[i9] = chunkFactory.expandToCompleteChunk(byteBufferArr[i9]);
                    i8 -= byteBufferArr[i9].remaining();
                }
                if (!$assertionsDisabled && i8 != 0) {
                    throw new AssertionError();
                }
                synchronized (asyncWrite) {
                    if (asyncWrite.isCanceled()) {
                        return;
                    }
                    asyncWrite.setWriting();
                    final int length3 = byteBufferArr2.length;
                    synchronized (this) {
                        andAdd = atomicInteger.getAndAdd(byteBufferArr2.length);
                        startChunkSend(byteBufferArr2);
                    }
                    int length4 = byteBufferArr2.length;
                    for (int i10 = 0; i10 < length4; i10++) {
                        ByteBuffer byteBuffer = byteBufferArr2[i10];
                        boolean z2 = byteBuffer == byteBufferArr2[byteBufferArr2.length - 1];
                        byteBuffer.rewind();
                        byteBuffer.putInt(i2 | (z2 ? TcpMessageType.FINAL : TcpMessageType.CONTINUE));
                        byteBuffer.position(8);
                        byteBuffer.putInt(securityToken.getSecureChannelId());
                        byteBuffer.putInt(securityToken.getTokenId());
                        int i11 = andAdd;
                        andAdd++;
                        byteBuffer.putInt(i11);
                        byteBuffer.putInt(i);
                    }
                    final AtomicInteger atomicInteger2 = new AtomicInteger();
                    ByteBufferArrayWriteable2 byteBufferArrayWriteable2 = new ByteBufferArrayWriteable2(byteBufferArr, new ByteBufferArrayWriteable2.ChunkListener() { // from class: org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.5
                        @Override // org.opcfoundation.ua.utils.bytebuffer.ByteBufferArrayWriteable2.ChunkListener
                        public void onChunkComplete(ByteBuffer[] byteBufferArr3, final int i12) {
                            Runnable runnable = new Runnable() { // from class: org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.5.1
                                @Override // java.lang.Runnable
                                public void run() {
                                    new ChunkSymmEncryptSigner(byteBufferArr2[i12], byteBufferArr[i12], securityToken).run();
                                    byteBufferArr2[i12].rewind();
                                    OpcTcpServerConnection.this.endChunkSend(byteBufferArr2[i12]);
                                    if (atomicInteger2.incrementAndGet() == length3) {
                                        asyncWrite.setWritten();
                                    }
                                }
                            };
                            if (!z || length3 <= 1) {
                                runnable.run();
                            } else {
                                StackUtils.getNonBlockingWorkExecutor().execute(runnable);
                            }
                        }
                    });
                    byteBufferArrayWriteable2.order(ByteOrder.LITTLE_ENDIAN);
                    final BinaryEncoder binaryEncoder = new BinaryEncoder(byteBufferArrayWriteable2);
                    binaryEncoder.setEncoderContext(this.encoderCtx);
                    binaryEncoder.setEncoderMode(EncoderMode.NonStrict);
                    StackUtils.getBlockingWorkExecutor().execute(new Runnable() { // from class: org.opcfoundation.ua.transport.tcp.nio.OpcTcpServerConnection.6
                        @Override // java.lang.Runnable
                        public void run() {
                            try {
                                binaryEncoder.putMessage(asyncWrite.getMessage());
                            } catch (ServiceResultException e) {
                                asyncWrite.setError(StackUtils.toServiceResultException(e));
                            }
                        }
                    });
                }
            }
        } catch (ServiceResultException e) {
            asyncWrite.setError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.opcfoundation.ua.transport.tcp.nio.AbstractServerConnection, org.opcfoundation.ua.utils.AbstractState
    public synchronized void setError(ServiceResultException serviceResultException) {
        if (hasError()) {
            return;
        }
        try {
            sendError(new ErrorMessage(serviceResultException.getStatusCode(), serviceResultException.getMessage()));
        } catch (ServiceResultException e) {
            logger.warn("Could not send error message", (Throwable) e);
        }
        super.setError(serviceResultException);
    }

    protected void startChunkSend(ByteBuffer... byteBufferArr) {
        synchronized (this.chunkIncubator) {
            for (ByteBuffer byteBuffer : byteBufferArr) {
                this.chunkIncubator.incubate(byteBuffer);
            }
        }
    }

    static {
        $assertionsDisabled = !OpcTcpServerConnection.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(OpcTcpServerConnection.class);
        handshakeTimeout = 600000L;
    }
}
