package org.zeromq;

import java.io.BufferedReader;
import java.io.Closeable;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import org.zeromq.ZActor;
import org.zeromq.ZAgent;
import org.zeromq.ZCertStore;
import org.zeromq.ZMQ;
import org.zeromq.ZStar;
import org.zeromq.util.ZMetadata;
import zmq.io.mechanism.Mechanisms;

/* loaded from: input_file:org/zeromq/ZAuth.class */
public class ZAuth implements Closeable {
    private static final String ZAP_VERSION = "1.0";
    public static final String CURVE_ALLOW_ANY = "*";
    private static final String VERBOSE = "VERBOSE";
    private static final String REPLIES = "REPLIES";
    private static final String ALLOW = "ALLOW";
    private static final String DENY = "DENY";
    private static final String TERMINATE = "TERMINATE";
    private final ZAgent agent;
    private final ZStar.Exit exit;
    private final ZAgent replies;
    private boolean repliesEnabled;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/zeromq/ZAuth$Auth.class */
    public interface Auth {
        boolean configure(ZMsg zMsg, boolean z);

        boolean authorize(ZapRequest zapRequest, boolean z);
    }

    /* loaded from: input_file:org/zeromq/ZAuth$AuthActor.class */
    private static class AuthActor extends ZActor.SimpleActor {
        private static final String OK = "OK";
        private final String actorName;
        private final Properties whitelist;
        private final Properties blacklist;
        private final Map<String, Auth> auths;
        private final String repliesAddress;
        private boolean repliesEnabled;
        private ZMQ.Socket replies;
        private boolean verbose;
        static final /* synthetic */ boolean $assertionsDisabled;

        private AuthActor(String str, Map<String, Auth> map) {
            this.whitelist = new Properties();
            this.blacklist = new Properties();
            this.auths = new HashMap();
            if (!$assertionsDisabled && map == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && str == null) {
                throw new AssertionError();
            }
            this.actorName = str;
            this.auths.putAll(map);
            this.repliesAddress = "inproc://zauth-replies-" + UUID.randomUUID().toString();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public ZAgent createAgent(ZContext zContext) {
            ZMQ.Socket createSocket = zContext.createSocket(0);
            boolean connect = createSocket.connect(this.repliesAddress);
            if ($assertionsDisabled || connect) {
                return new ZAgent.SimpleAgent(createSocket, this.repliesAddress);
            }
            throw new AssertionError();
        }

        @Override // org.zeromq.ZActor.SimpleActor, org.zeromq.ZActor.Actor
        public String premiere(ZMQ.Socket socket) {
            return this.actorName;
        }

        @Override // org.zeromq.ZActor.SimpleActor, org.zeromq.ZActor.Actor
        public List<ZMQ.Socket> createSockets(ZContext zContext, Object... objArr) {
            this.replies = zContext.createSocket(0);
            if (!$assertionsDisabled && this.replies == null) {
                throw new AssertionError();
            }
            ZMQ.Socket createSocket = zContext.createSocket(4);
            if ($assertionsDisabled || createSocket != null) {
                return Arrays.asList(createSocket, this.replies);
            }
            throw new AssertionError();
        }

        @Override // org.zeromq.ZActor.SimpleActor, org.zeromq.ZActor.Actor
        public void start(ZMQ.Socket socket, List<ZMQ.Socket> list, ZPoller zPoller) {
            try {
                boolean bind = this.replies.bind(this.repliesAddress);
                if (!$assertionsDisabled && !bind) {
                    throw new AssertionError();
                }
                ZMQ.Socket socket2 = list.get(0);
                boolean bind2 = socket2.bind("inproc://zeromq.zap.01");
                if (!$assertionsDisabled && !bind2) {
                    throw new AssertionError();
                }
                boolean register = zPoller.register(socket2, 1);
                if (!$assertionsDisabled && !register) {
                    throw new AssertionError();
                }
                boolean send = socket.send(OK);
                if (!$assertionsDisabled && !send) {
                    throw new AssertionError();
                }
            } catch (ZMQException e) {
                System.out.println("ZAuth: Error");
                e.printStackTrace();
                boolean send2 = socket.send("ERROR");
                if (!$assertionsDisabled && !send2) {
                    throw new AssertionError();
                }
            }
        }

        @Override // org.zeromq.ZActor.SimpleActor, org.zeromq.ZActor.Actor
        public boolean backstage(ZMQ.Socket socket, ZPoller zPoller, int i) {
            boolean z;
            ZMsg recvMsg = ZMsg.recvMsg(socket);
            String popString = recvMsg.popString();
            if (popString == null) {
                System.out.printf("ZAuth: Closing auth: No command%n", new Object[0]);
                return false;
            }
            if (ZAuth.ALLOW.equals(popString)) {
                String popString2 = recvMsg.popString();
                if (this.verbose) {
                    System.out.printf("ZAuth: Whitelisting IP address=%s\n", popString2);
                }
                this.whitelist.put(popString2, OK);
                z = socket.send(OK);
            } else if (ZAuth.DENY.equals(popString)) {
                String popString3 = recvMsg.popString();
                if (this.verbose) {
                    System.out.printf("ZAuth: Blacklisting IP address=%s\n", popString3);
                }
                this.blacklist.put(popString3, OK);
                z = socket.send(OK);
            } else if (ZAuth.VERBOSE.equals(popString)) {
                this.verbose = Boolean.parseBoolean(recvMsg.popString());
                z = socket.send(OK);
            } else if (ZAuth.REPLIES.equals(popString)) {
                this.repliesEnabled = Boolean.parseBoolean(recvMsg.popString());
                if (this.verbose) {
                    if (this.repliesEnabled) {
                        System.out.println("ZAuth: Enabled replies");
                    } else {
                        System.out.println("ZAuth: Disabled replies");
                    }
                }
                z = socket.send(OK);
            } else {
                if (ZAuth.TERMINATE.equals(popString)) {
                    if (this.repliesEnabled) {
                        this.replies.send(this.repliesAddress);
                    }
                    if (this.verbose) {
                        System.out.println("ZAuth: Terminated");
                    }
                    socket.send(OK);
                    return false;
                }
                Auth auth = this.auths.get(popString);
                if (auth != null) {
                    z = auth.configure(recvMsg, this.verbose) ? socket.send(OK) : socket.send("ERROR");
                } else {
                    System.out.printf("ZAuth: Invalid command %s%n", popString);
                    z = true;
                }
            }
            recvMsg.destroy();
            if (!z) {
                System.out.printf("ZAuth: Command in error %s%n", popString);
            }
            return z;
        }

        @Override // org.zeromq.ZActor.SimpleActor, org.zeromq.ZActor.Actor
        public boolean stage(ZMQ.Socket socket, ZMQ.Socket socket2, ZPoller zPoller, int i) {
            ZapRequest recvRequest = ZapRequest.recvRequest(socket, true);
            if (recvRequest == null) {
                return false;
            }
            boolean z = false;
            boolean z2 = false;
            if (this.whitelist.isEmpty()) {
                if (!this.blacklist.isEmpty()) {
                    if (this.blacklist.containsKey(recvRequest.address)) {
                        z2 = true;
                        if (this.verbose) {
                            System.out.printf("ZAuth: Denied (blacklist) address = %s\n", recvRequest.address);
                        }
                    } else {
                        z = true;
                        if (this.verbose) {
                            System.out.printf("ZAuth: Passed (not in blacklist) address = %s\n", recvRequest.address);
                        }
                    }
                }
            } else if (this.whitelist.containsKey(recvRequest.address)) {
                z = true;
                if (this.verbose) {
                    System.out.printf("ZAuth: Passed (whitelist) address = %s\n", recvRequest.address);
                }
            } else {
                z2 = true;
                if (this.verbose) {
                    System.out.printf("ZAuth: Denied (not in whitelist) address = %s\n", recvRequest.address);
                }
            }
            if (!z2) {
                Auth auth = this.auths.get(recvRequest.mechanism);
                if (auth == null) {
                    System.out.printf("ZAuth E: Skipping unhandled mechanism %s%n", recvRequest.mechanism);
                    return false;
                }
                z = auth.authorize(recvRequest, this.verbose);
            }
            ZMQ.Socket socket3 = this.repliesEnabled ? this.replies : null;
            if (z) {
                recvRequest.reply(200, OK, socket3);
                return true;
            }
            recvRequest.metadata = null;
            recvRequest.reply(400, "NO ACCESS", socket3);
            return true;
        }

        static {
            $assertionsDisabled = !ZAuth.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/zeromq/ZAuth$SimpleCurveAuth.class */
    public static class SimpleCurveAuth implements Auth {
        private final ZCertStore.Fingerprinter fingerprinter;
        private ZCertStore certStore;
        private boolean allowAny;

        public SimpleCurveAuth() {
            this(new ZCertStore.Hasher());
        }

        public SimpleCurveAuth(ZCertStore.Fingerprinter fingerprinter) {
            this.certStore = null;
            this.fingerprinter = fingerprinter;
        }

        @Override // org.zeromq.ZAuth.Auth
        public boolean configure(ZMsg zMsg, boolean z) {
            String popString = zMsg.popString();
            this.allowAny = popString.equals(ZAuth.CURVE_ALLOW_ANY);
            if (this.allowAny) {
                if (!z) {
                    return true;
                }
                System.out.println("ZAuth: Allowing all clients");
                return true;
            }
            if (z) {
                System.out.printf("ZAuth: Using %s as certificates directory%n", popString);
            }
            this.certStore = new ZCertStore(popString, this.fingerprinter);
            return true;
        }

        @Override // org.zeromq.ZAuth.Auth
        public boolean authorize(ZapRequest zapRequest, boolean z) {
            if (this.allowAny) {
                if (!z) {
                    return true;
                }
                System.out.println("ZAuth: allowed (CURVE allow any client)");
                return true;
            }
            if (this.certStore == null) {
                return false;
            }
            if (!this.certStore.containsPublicKey(zapRequest.clientKey)) {
                if (!z) {
                    return false;
                }
                System.out.printf("ZAuth: Denied (CURVE) client_key=%s\n", zapRequest.clientKey);
                return false;
            }
            if (z) {
                System.out.printf("ZAuth: Allowed (CURVE) client_key=%s\n", zapRequest.clientKey);
            }
            zapRequest.userId = zapRequest.clientKey;
            zapRequest.metadata = this.certStore.getMetadata(zapRequest.clientKey);
            return true;
        }
    }

    /* loaded from: input_file:org/zeromq/ZAuth$SimpleNullAuth.class */
    public static class SimpleNullAuth implements Auth {
        @Override // org.zeromq.ZAuth.Auth
        public boolean configure(ZMsg zMsg, boolean z) {
            return true;
        }

        @Override // org.zeromq.ZAuth.Auth
        public boolean authorize(ZapRequest zapRequest, boolean z) {
            return true;
        }
    }

    /* loaded from: input_file:org/zeromq/ZAuth$SimplePlainAuth.class */
    public static class SimplePlainAuth implements Auth {
        private final Properties passwords = new Properties();
        private File passwordsFile;
        private long passwordsModified;
        static final /* synthetic */ boolean $assertionsDisabled;

        @Override // org.zeromq.ZAuth.Auth
        public boolean configure(ZMsg zMsg, boolean z) {
            if (!$assertionsDisabled && zMsg.size() != 2) {
                throw new AssertionError();
            }
            zMsg.popString();
            this.passwordsFile = new File(zMsg.popString());
            if (z) {
                System.out.printf("ZAuth: activated plain-mechanism with password-file: %s%n", this.passwordsFile.getAbsolutePath());
            }
            try {
                loadPasswords(true);
                return true;
            } catch (IOException e) {
                return true;
            }
        }

        @Override // org.zeromq.ZAuth.Auth
        public boolean authorize(ZapRequest zapRequest, boolean z) {
            try {
                loadPasswords(false);
            } catch (IOException e) {
            }
            String property = this.passwords.getProperty(zapRequest.username);
            if (property == null || !property.equals(zapRequest.password)) {
                if (!z) {
                    return false;
                }
                System.out.printf("ZAuth: Denied (PLAIN) username=%s\n", zapRequest.username);
                return false;
            }
            if (z) {
                System.out.printf("ZAuth: Allowed (PLAIN) username=%s\n", zapRequest.username);
            }
            zapRequest.userId = zapRequest.username;
            return true;
        }

        private void loadPasswords(boolean z) throws IOException {
            if (!z) {
                long lastModified = this.passwordsFile.lastModified();
                long currentTimeMillis = System.currentTimeMillis() - lastModified;
                if (lastModified <= this.passwordsModified || currentTimeMillis <= 1000) {
                    return;
                } else {
                    this.passwords.clear();
                }
            }
            this.passwordsModified = this.passwordsFile.lastModified();
            BufferedReader bufferedReader = new BufferedReader(new FileReader(this.passwordsFile));
            try {
                this.passwords.load(bufferedReader);
                bufferedReader.close();
            } catch (IOException | IllegalArgumentException e) {
                bufferedReader.close();
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        }

        static {
            $assertionsDisabled = !ZAuth.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/zeromq/ZAuth$ZapReply.class */
    public static class ZapReply {
        public final String version;
        public final String sequence;
        public final int statusCode;
        public final String statusText;
        public final String userId;
        public final ZMetadata metadata;
        public final String address;
        public final String identity;
        static final /* synthetic */ boolean $assertionsDisabled;

        private ZapReply(String str, String str2, int i, String str3, String str4, ZMetadata zMetadata) {
            this(str, str2, i, str3, str4, zMetadata, null, null);
        }

        private ZapReply(String str, String str2, int i, String str3, String str4, ZMetadata zMetadata, String str5, String str6) {
            if (!$assertionsDisabled && !ZAuth.ZAP_VERSION.equals(str)) {
                throw new AssertionError();
            }
            this.version = str;
            this.sequence = str2;
            this.statusCode = i;
            this.statusText = str3;
            this.userId = str4;
            this.metadata = zMetadata;
            this.address = str5;
            this.identity = str6;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public ZMsg msg() {
            ZMsg zMsg = new ZMsg();
            zMsg.add(this.version);
            zMsg.add(this.sequence);
            zMsg.add(Integer.toString(this.statusCode));
            zMsg.add(this.statusText);
            zMsg.add(this.userId == null ? "" : this.userId);
            zMsg.add(this.metadata == null ? new byte[0] : this.metadata.bytes());
            return zMsg;
        }

        public String toString() {
            return "ZapReply [" + (this.version != null ? "version=" + this.version + ", " : "") + (this.sequence != null ? "sequence=" + this.sequence + ", " : "") + "statusCode=" + this.statusCode + ", " + (this.statusText != null ? "statusText=" + this.statusText + ", " : "") + (this.userId != null ? "userId=" + this.userId + ", " : "") + (this.metadata != null ? "metadata=" + this.metadata : "") + "]";
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static ZapReply recv(ZAgent zAgent, boolean z) {
            return received(zAgent.recv(z));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static ZapReply recv(ZAgent zAgent, int i) {
            return received(zAgent.recv(i));
        }

        private static ZapReply received(ZMsg zMsg) {
            if (zMsg == null) {
                return null;
            }
            if ($assertionsDisabled || zMsg.size() == 8) {
                return new ZapReply(zMsg.popString(), zMsg.popString(), Integer.parseInt(zMsg.popString()), zMsg.popString(), zMsg.popString(), ZMetadata.read(zMsg.popString()), zMsg.popString(), zMsg.popString());
            }
            throw new AssertionError();
        }

        static {
            $assertionsDisabled = !ZAuth.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/zeromq/ZAuth$ZapRequest.class */
    public static class ZapRequest {
        private final ZMQ.Socket handler;
        public final String version;
        public final String sequence;
        public final String domain;
        public final String address;
        public final String identity;
        public final String mechanism;
        public final String username;
        public final String password;
        public final String clientKey;
        public final String principal;
        public String userId;
        public ZMetadata metadata;
        static final /* synthetic */ boolean $assertionsDisabled;

        private ZapRequest(ZMQ.Socket socket, ZMsg zMsg) {
            this.handler = socket;
            this.version = zMsg.popString();
            this.sequence = zMsg.popString();
            this.domain = zMsg.popString();
            this.address = zMsg.popString();
            this.identity = zMsg.popString();
            this.mechanism = zMsg.popString();
            if (!$assertionsDisabled && !ZAuth.ZAP_VERSION.equals(this.version)) {
                throw new AssertionError();
            }
            if (ZMQ.Socket.Mechanism.PLAIN.name().equals(this.mechanism)) {
                this.username = zMsg.popString();
                this.password = zMsg.popString();
                this.clientKey = null;
                this.principal = null;
                return;
            }
            if (ZMQ.Socket.Mechanism.CURVE.name().equals(this.mechanism)) {
                byte[] data = zMsg.pop().getData();
                this.username = null;
                this.password = null;
                this.clientKey = ZMQ.Curve.z85Encode(data);
                this.principal = null;
                return;
            }
            if (Mechanisms.GSSAPI.name().equals(this.mechanism)) {
                this.username = null;
                this.password = null;
                this.clientKey = null;
                this.principal = zMsg.popString();
                return;
            }
            this.username = null;
            this.password = null;
            this.clientKey = null;
            this.principal = null;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static ZapRequest recvRequest(ZMQ.Socket socket, boolean z) {
            ZMsg recvMsg = ZMsg.recvMsg(socket, z);
            if (recvMsg == null) {
                return null;
            }
            ZapRequest zapRequest = new ZapRequest(socket, recvMsg);
            if (!$assertionsDisabled && !ZAuth.ZAP_VERSION.equals(zapRequest.version)) {
                throw new AssertionError();
            }
            recvMsg.destroy();
            return zapRequest;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void reply(int i, String str, ZMQ.Socket socket) {
            ZMsg msg = new ZapReply(ZAuth.ZAP_VERSION, this.sequence, i, str, this.userId, this.metadata).msg();
            msg.send(this.handler, socket == null);
            if (socket != null) {
                msg.add(this.address);
                msg.add(this.identity);
                msg.send(socket);
            }
        }

        static {
            $assertionsDisabled = !ZAuth.class.desiredAssertionStatus();
        }
    }

    public ZAuth(ZContext zContext) {
        this(zContext, "ZAuth");
    }

    public ZAuth(ZContext zContext, ZCertStore.Fingerprinter fingerprinter) {
        this(zContext, "ZAuth", curveVariant(fingerprinter));
    }

    public ZAuth(ZContext zContext, String str) {
        this(zContext, str, makeSimpleAuths());
    }

    private static Map<String, Auth> makeSimpleAuths() {
        HashMap hashMap = new HashMap();
        hashMap.put(ZMQ.Socket.Mechanism.PLAIN.name(), new SimplePlainAuth());
        hashMap.put(ZMQ.Socket.Mechanism.CURVE.name(), new SimpleCurveAuth());
        hashMap.put(ZMQ.Socket.Mechanism.NULL.name(), new SimpleNullAuth());
        return hashMap;
    }

    private static Map<String, Auth> curveVariant(ZCertStore.Fingerprinter fingerprinter) {
        Map<String, Auth> makeSimpleAuths = makeSimpleAuths();
        makeSimpleAuths.put(ZMQ.Socket.Mechanism.CURVE.name(), new SimpleCurveAuth(fingerprinter));
        return makeSimpleAuths;
    }

    public ZAuth(ZContext zContext, String str, Map<String, Auth> map) {
        if (!$assertionsDisabled && zContext == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && map == null) {
            throw new AssertionError();
        }
        AuthActor authActor = new AuthActor(str, map);
        ZActor zActor = new ZActor(zContext, null, authActor, UUID.randomUUID().toString(), new Object[0]);
        this.agent = zActor.agent();
        this.exit = zActor.exit();
        this.agent.recv().destroy();
        this.replies = authActor.createAgent(zContext);
    }

    public ZAuth setVerbose(boolean z) {
        return verbose(z);
    }

    public ZAuth verbose(boolean z) {
        return send(VERBOSE, String.format("%b", Boolean.valueOf(z)));
    }

    public ZAuth allow(String str) {
        if ($assertionsDisabled || str != null) {
            return send(ALLOW, str);
        }
        throw new AssertionError();
    }

    public ZAuth deny(String str) {
        if ($assertionsDisabled || str != null) {
            return send(DENY, str);
        }
        throw new AssertionError();
    }

    public ZAuth configurePlain(String str, String str2) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if ($assertionsDisabled || str2 != null) {
            return send(ZMQ.Socket.Mechanism.PLAIN.name(), str, str2);
        }
        throw new AssertionError();
    }

    public ZAuth configureCurve(String str) {
        if ($assertionsDisabled || str != null) {
            return send(ZMQ.Socket.Mechanism.CURVE.name(), str);
        }
        throw new AssertionError();
    }

    public ZAuth replies(boolean z) {
        this.repliesEnabled = z;
        return send(REPLIES, String.format("%b", Boolean.valueOf(z)));
    }

    public ZapReply nextReply() {
        return nextReply(true);
    }

    public ZapReply nextReply(boolean z) {
        if (this.repliesEnabled) {
            return ZapReply.recv(this.replies, z);
        }
        System.out.println("ZAuth: replies are disabled. Please use replies(true);");
        return null;
    }

    public ZapReply nextReply(int i) {
        if (this.repliesEnabled) {
            return ZapReply.recv(this.replies, i);
        }
        System.out.println("ZAuth: replies are disabled. Please use replies(true);");
        return null;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        destroy();
    }

    public void destroy() {
        send(TERMINATE, new String[0]);
        this.exit.awaitSilent();
        this.agent.close();
        this.replies.close();
    }

    protected ZAuth send(String str, String... strArr) {
        ZMsg zMsg = new ZMsg();
        zMsg.add(str);
        for (String str2 : strArr) {
            zMsg.add(str2);
        }
        this.agent.send(zMsg);
        zMsg.destroy();
        this.agent.recv();
        return this;
    }

    static {
        $assertionsDisabled = !ZAuth.class.desiredAssertionStatus();
    }
}
