package org.dcache.ftp.client.extended;

import com.google.common.io.BaseEncoding;
import java.io.BufferedReader;
import java.io.EOFException;
import java.io.IOException;
import java.io.StringReader;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.dcache.dss.DssContext;
import org.dcache.dss.DssContextFactory;
import org.dcache.dss.SslEngineDssContext;
import org.dcache.ftp.client.exception.FTPReplyParseException;
import org.dcache.ftp.client.exception.ServerException;
import org.dcache.ftp.client.exception.UnexpectedReplyCodeException;
import org.dcache.ftp.client.vanilla.Command;
import org.dcache.ftp.client.vanilla.FTPControlChannel;
import org.dcache.ftp.client.vanilla.Flag;
import org.dcache.ftp.client.vanilla.Reply;

/* loaded from: input_file:org/dcache/ftp/client/extended/GridFTPControlChannel.class */
public class GridFTPControlChannel extends FTPControlChannel {
    protected final FTPControlChannel inner;
    protected final DssContext context;
    protected final HostnameVerifier hostnameVerifier;
    protected Reply lastReply;

    public GridFTPControlChannel(FTPControlChannel fTPControlChannel, DssContextFactory dssContextFactory, String str) throws IOException, ServerException {
        super(fTPControlChannel.getHost(), fTPControlChannel.getPort());
        this.hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
        this.inner = fTPControlChannel;
        this.context = authenticate(dssContextFactory, str);
    }

    private DssContext authenticate(DssContextFactory dssContextFactory, String str) throws IOException, ServerException {
        Reply exchange;
        try {
            try {
                Reply exchange2 = this.inner.exchange(new Command("AUTH", "GSSAPI"));
                if (!Reply.isPositiveIntermediate(exchange2)) {
                    throw ServerException.embedUnexpectedReplyCodeException(new UnexpectedReplyCodeException(exchange2), "Server refused GSSAPI authentication.");
                }
                SslEngineDssContext create = dssContextFactory.create(this.inner.getRemoteAddress(), this.inner.getLocalAddress());
                byte[] bArr = new byte[0];
                do {
                    byte[] init = create.init(bArr);
                    exchange = this.inner.exchange(new Command("ADAT", BaseEncoding.base64().encode(init != null ? init : new byte[0])));
                    bArr = exchange.getMessage().startsWith("ADAT=") ? BaseEncoding.base64().decode(exchange.getMessage().substring(5)) : new byte[0];
                    if (!Reply.isPositiveIntermediate(exchange)) {
                        break;
                    }
                } while (!create.isEstablished());
                if (!Reply.isPositiveCompletion(exchange)) {
                    throw ServerException.embedUnexpectedReplyCodeException(new UnexpectedReplyCodeException(exchange), "Server failed GSI handshake.");
                }
                if ((bArr.length > 0 || !create.isEstablished()) && !(create.init(bArr) == null && create.isEstablished())) {
                    throw new ServerException(2, "Unexpected GSI handshake completion.");
                }
                SSLSession sSLSession = create.getSSLSession();
                if (this.hostnameVerifier.verify(str, sSLSession)) {
                    return create;
                }
                throw new SSLPeerUnverifiedException("Host name '" + str + "' does not match the certificate subject provided by the peer (" + ((X509Certificate) sSLSession.getPeerCertificates()[0]).getSubjectX500Principal().toString() + ")");
            } catch (FTPReplyParseException e) {
                throw ServerException.embedFTPReplyParseException(e, "Received faulty reply to AUTH GSSAPI.");
            }
        } catch (FTPReplyParseException e2) {
            throw ServerException.embedFTPReplyParseException(e2, "Received faulty reply to ADAT.");
        }
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public String getHost() {
        return this.inner.getHost();
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public int getPort() {
        return this.inner.getPort();
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public InetSocketAddress getLocalAddress() {
        return this.inner.getLocalAddress();
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public InetSocketAddress getRemoteAddress() {
        return this.inner.getRemoteAddress();
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public boolean isIPv6() {
        return this.inner.isIPv6();
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public void open() throws IOException, ServerException {
        throw new UnsupportedOperationException("GridFTPControlChannel wraps existing control channel and cannot be opened.");
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public Reply getLastReply() {
        return this.lastReply;
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public void close() throws IOException {
        this.inner.close();
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel, org.dcache.ftp.client.vanilla.BasicClientControlChannel
    public void waitFor(Flag flag, int i, int i2) throws ServerException, IOException, InterruptedException {
        this.inner.waitFor(flag, i, i2);
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel, org.dcache.ftp.client.vanilla.BasicClientControlChannel
    public Reply read() throws ServerException, IOException, FTPReplyParseException, EOFException {
        Reply read = this.inner.read();
        if (read.getCode() != 632 && read.getCode() != 633) {
            throw ServerException.embedUnexpectedReplyCodeException(new UnexpectedReplyCodeException(read), "Expected 632 or 633 reply.");
        }
        this.lastReply = new Reply(new BufferedReader(new StringReader(new String(this.context.unwrap(BaseEncoding.base64().decode(read.getMessage()))))));
        return this.lastReply;
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel, org.dcache.ftp.client.vanilla.BasicClientControlChannel
    public void abortTransfer() {
        this.inner.abortTransfer();
    }

    @Override // org.dcache.ftp.client.vanilla.FTPControlChannel
    public void write(Command command) throws IOException, IllegalArgumentException {
        byte[] bytes = command.toString().getBytes(StandardCharsets.US_ASCII);
        this.inner.write(new Command("ENC", BaseEncoding.base64().encode(this.context.wrap(bytes, 0, bytes.length))));
    }
}
