package org.mule.extension.sftp.internal.proxy.socks5;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.future.CancelOption;
import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.common.util.Readable;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.ietf.jgss.GSSContext;
import org.mule.extension.sftp.api.matcher.FileMatcher;
import org.mule.extension.sftp.internal.auth.AuthenticationHandler;
import org.mule.extension.sftp.internal.proxy.AbstractClientProxyConnector;
import org.mule.extension.sftp.internal.proxy.GssApiMechanisms;
import org.mule.extension.sftp.internal.proxy.ProtocolState;

/* loaded from: input_file:org/mule/extension/sftp/internal/proxy/socks5/Socks5ClientConnector.class */
public class Socks5ClientConnector extends AbstractClientProxyConnector {
    private static final byte SOCKS_VERSION_5 = 5;
    private static final byte SOCKS_CMD_CONNECT = 1;
    private static final byte SOCKS_ADDRESS_IP_V4 = 1;
    private static final byte SOCKS_ADDRESS_FQDN = 3;
    private static final byte SOCKS_ADDRESS_IP_V6 = 4;
    private static final byte SOCKS_REPLY_SUCCESS = 0;
    private static final byte SOCKS_REPLY_FAILURE = 1;
    private static final byte SOCKS_REPLY_FORBIDDEN = 2;
    private static final byte SOCKS_REPLY_NETWORK_UNREACHABLE = 3;
    private static final byte SOCKS_REPLY_HOST_UNREACHABLE = 4;
    private static final byte SOCKS_REPLY_CONNECTION_REFUSED = 5;
    private static final byte SOCKS_REPLY_TTL_EXPIRED = 6;
    private static final byte SOCKS_REPLY_COMMAND_UNSUPPORTED = 7;
    private static final byte SOCKS_REPLY_ADDRESS_UNSUPPORTED = 8;
    private static final int SSH_DEFAULT_PORT = 22;
    private ProtocolState state;
    private AuthenticationHandler<Buffer, Buffer> authenticator;
    private GSSContext context;
    private byte[] authenticationProposals;

    public ProtocolState getState() {
        return this.state;
    }

    public AuthenticationHandler<Buffer, Buffer> getAuthenticator() {
        return this.authenticator;
    }

    public GSSContext getContext() {
        return this.context;
    }

    public Socks5ClientConnector(InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2) {
        this(inetSocketAddress, inetSocketAddress2, null, null);
    }

    public Socks5ClientConnector(InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, String str, char[] cArr) {
        super(inetSocketAddress, inetSocketAddress2, str, cArr);
        this.state = ProtocolState.NONE;
    }

    public void sendClientProxyMetadata(ClientSession clientSession) throws Exception {
        init(clientSession);
        IoSession ioSession = clientSession.getIoSession();
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(5, false);
        byteArrayBuffer.putByte((byte) 5);
        this.context = getGSSContext(this.remoteAddress);
        this.authenticationProposals = getAuthenticationProposals();
        byteArrayBuffer.putByte((byte) this.authenticationProposals.length);
        byteArrayBuffer.putRawBytes(this.authenticationProposals);
        this.state = ProtocolState.INIT;
        ioSession.writeBuffer(byteArrayBuffer).verify(getTimeout(), new CancelOption[SOCKS_REPLY_SUCCESS]);
    }

    private byte[] getAuthenticationProposals() {
        byte[] bArr = new byte[3];
        int i = SOCKS_REPLY_SUCCESS + 1;
        bArr[SOCKS_REPLY_SUCCESS] = SocksAuthenticationMethod.ANONYMOUS.getValue();
        int i2 = i + 1;
        bArr[i] = SocksAuthenticationMethod.PASSWORD.getValue();
        if (this.context != null) {
            i2++;
            bArr[i2] = SocksAuthenticationMethod.GSSAPI.getValue();
        }
        if (i2 == bArr.length) {
            return bArr;
        }
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, SOCKS_REPLY_SUCCESS, bArr2, SOCKS_REPLY_SUCCESS, i2);
        return bArr2;
    }

    public void sendConnectInfo(IoSession ioSession) throws Exception {
        int length;
        byte b;
        GssApiMechanisms.closeContextSilently(this.context);
        byte[] rawAddress = getRawAddress(this.remoteAddress);
        byte[] bArr = SOCKS_REPLY_SUCCESS;
        if (rawAddress == null) {
            bArr = this.remoteAddress.getHostString().getBytes(StandardCharsets.US_ASCII);
            if (bArr == null || bArr.length == 0) {
                throw new IOException(String.format("Could not send remote address %s", this.remoteAddress));
            }
            if (bArr.length > 255) {
                throw new IOException(String.format("Proxy host name too long for SOCKS (at most 255 characters): %s", this.remoteAddress.getHostString()));
            }
            b = 3;
            length = bArr.length + 1;
        } else {
            length = rawAddress.length;
            b = length == 4 ? (byte) 1 : (byte) 4;
        }
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(4 + length + SOCKS_REPLY_FORBIDDEN, false);
        byteArrayBuffer.putByte((byte) 5);
        byteArrayBuffer.putByte((byte) 1);
        byteArrayBuffer.putByte((byte) 0);
        byteArrayBuffer.putByte(b);
        if (bArr != null) {
            byteArrayBuffer.putByte((byte) bArr.length);
            byteArrayBuffer.putRawBytes(bArr);
        } else {
            byteArrayBuffer.putRawBytes(rawAddress);
        }
        int port = this.remoteAddress.getPort();
        if (port <= 0) {
            port = SSH_DEFAULT_PORT;
        }
        byteArrayBuffer.putByte((byte) ((port >> SOCKS_REPLY_ADDRESS_UNSUPPORTED) & 255));
        byteArrayBuffer.putByte((byte) (port & 255));
        this.state = ProtocolState.CONNECTING;
        ioSession.writeBuffer(byteArrayBuffer).verify(getTimeout(), new CancelOption[SOCKS_REPLY_SUCCESS]);
    }

    public void doPasswordAuth(IoSession ioSession) throws Exception {
        GssApiMechanisms.closeContextSilently(this.context);
        this.authenticator = new SocksBasicAuthentication(this);
        ioSession.addCloseFutureListener(closeFuture -> {
            close();
        });
        startAuth(ioSession);
    }

    public void doGssApiAuth(IoSession ioSession) throws Exception {
        this.authenticator = new SocksGssApiAuthentication(this);
        ioSession.addCloseFutureListener(closeFuture -> {
            close();
        });
        startAuth(ioSession);
    }

    private void close() {
        AuthenticationHandler<Buffer, Buffer> authenticationHandler = this.authenticator;
        this.authenticator = null;
        if (authenticationHandler != null) {
            authenticationHandler.close();
        }
    }

    private void startAuth(IoSession ioSession) throws Exception {
        Buffer buffer = null;
        try {
            this.authenticator.setParams(null);
            this.authenticator.start();
            Buffer token = this.authenticator.getToken();
            this.state = ProtocolState.AUTHENTICATING;
            if (token == null) {
                throw new IOException("No data for proxy authentication with " + this.proxyAddress);
            }
            ioSession.writeBuffer(token).verify(getTimeout(), new CancelOption[SOCKS_REPLY_SUCCESS]);
            if (token != null) {
                token.clear(true);
            }
        } catch (Throwable th) {
            if (SOCKS_REPLY_SUCCESS != 0) {
                buffer.clear(true);
            }
            throw th;
        }
    }

    public void authStep(IoSession ioSession, Buffer buffer) throws Exception {
        Buffer buffer2 = SOCKS_REPLY_SUCCESS;
        try {
            this.authenticator.setParams(buffer);
            this.authenticator.process();
            buffer2 = this.authenticator.getToken();
            if (buffer2 != null) {
                ioSession.writeBuffer(buffer2).verify(getTimeout(), new CancelOption[SOCKS_REPLY_SUCCESS]);
            }
            if (buffer2 != null) {
                buffer2.clear(true);
            }
            if (this.authenticator.isDone()) {
                sendConnectInfo(ioSession);
            }
        } catch (Throwable th) {
            if (buffer2 != null) {
                buffer2.clear(true);
            }
            throw th;
        }
    }

    public void establishConnection(Buffer buffer) throws Exception {
        switch (buffer.getByte()) {
            case SOCKS_REPLY_SUCCESS /* 0 */:
                this.state = ProtocolState.CONNECTED;
                setDone(true);
                return;
            case FileMatcher.DEFAULT_CASE_SENSITIVE /* 1 */:
                throw new IOException(String.format("SOCKS5 proxy %s: general failure", this.proxyAddress));
            case SOCKS_REPLY_FORBIDDEN /* 2 */:
                throw new IOException(String.format("SOCKS5 proxy %s: connection to %s not allowed by ruleset", this.proxyAddress, this.remoteAddress));
            case 3:
                throw new IOException(String.format("SOCKS5 proxy %s: network unreachable %s", this.proxyAddress, this.remoteAddress));
            case 4:
                throw new IOException(String.format("SOCKS5 proxy %s: host unreachable %s", this.proxyAddress, this.remoteAddress));
            case 5:
                throw new IOException(String.format("SOCKS5 proxy %s: connection refused %s", this.proxyAddress, this.remoteAddress));
            case SOCKS_REPLY_TTL_EXPIRED /* 6 */:
                throw new IOException(String.format("TTL expired in SOCKS5 proxy connection %s", this.proxyAddress));
            case SOCKS_REPLY_COMMAND_UNSUPPORTED /* 7 */:
                throw new IOException(String.format("SOCKS5 proxy %s does not support CONNECT command", this.proxyAddress));
            case SOCKS_REPLY_ADDRESS_UNSUPPORTED /* 8 */:
                throw new IOException(String.format("SOCKS5 proxy %s does not support address type", this.proxyAddress));
            default:
                throw new IOException(String.format("Unspecified failure in SOCKS5 proxy connection %s", this.proxyAddress));
        }
    }

    @Override // org.mule.extension.sftp.internal.proxy.StatefulProxyConnector
    public void messageReceived(IoSession ioSession, Readable readable) throws Exception {
        try {
            Buffer byteArrayBuffer = new ByteArrayBuffer(readable.available(), false);
            byteArrayBuffer.putBuffer(readable);
            byteArrayBuffer.compact();
            this.state.handleMessage(this, ioSession, byteArrayBuffer);
        } catch (Exception e) {
            this.state = ProtocolState.FAILED;
            if (this.authenticator != null) {
                this.authenticator.close();
                this.authenticator = null;
            }
            try {
                setDone(false);
            } catch (Exception e2) {
                e.addSuppressed(e2);
            }
            throw e;
        }
    }

    public void versionCheck(byte b) throws Exception {
        if (b != 5) {
            throw new IOException(String.format("Expected SOCKS version 5, got %s", Integer.toString(b & 255)));
        }
    }

    public SocksAuthenticationMethod getAuthMethod(byte b) {
        if (b != SocksAuthenticationMethod.NONE_ACCEPTABLE.getValue()) {
            byte[] bArr = this.authenticationProposals;
            int length = bArr.length;
            int i = SOCKS_REPLY_SUCCESS;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (bArr[i] == b) {
                    SocksAuthenticationMethod[] values = SocksAuthenticationMethod.values();
                    int length2 = values.length;
                    for (int i2 = SOCKS_REPLY_SUCCESS; i2 < length2; i2++) {
                        SocksAuthenticationMethod socksAuthenticationMethod = values[i2];
                        if (socksAuthenticationMethod.getValue() == b) {
                            return socksAuthenticationMethod;
                        }
                    }
                } else {
                    i++;
                }
            }
        }
        return SocksAuthenticationMethod.NONE_ACCEPTABLE;
    }

    private static byte[] getRawAddress(InetSocketAddress inetSocketAddress) {
        InetAddress resolve = GssApiMechanisms.resolve(inetSocketAddress);
        if (resolve == null) {
            return null;
        }
        return resolve.getAddress();
    }

    private static GSSContext getGSSContext(InetSocketAddress inetSocketAddress) {
        if (GssApiMechanisms.getSupportedMechanisms().contains(GssApiMechanisms.KERBEROS_5)) {
            return GssApiMechanisms.createContext(GssApiMechanisms.KERBEROS_5, GssApiMechanisms.getCanonicalName(inetSocketAddress));
        }
        return null;
    }
}
