package org.dcache.xrootd.core;

import io.netty.channel.ChannelHandlerContext;
import java.util.Map;
import org.dcache.xrootd.protocol.messages.ProtocolRequest;
import org.dcache.xrootd.protocol.messages.ProtocolResponse;
import org.dcache.xrootd.protocol.messages.XrootdResponse;
import org.dcache.xrootd.security.SigningPolicy;
import org.dcache.xrootd.security.TLSSessionInfo;
import org.dcache.xrootd.tpc.XrootdTpcInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/xrootd/core/XrootdProtocolRequestHandler.class */
public class XrootdProtocolRequestHandler extends XrootdRequestHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(XrootdProtocolRequestHandler.class);
    protected SigningPolicy signingPolicy;
    protected TLSSessionInfo tlsSessionInfo;

    public void setSigningPolicy(SigningPolicy signingPolicy) {
        this.signingPolicy = signingPolicy;
    }

    public void setTlsSessionInfo(TLSSessionInfo tLSSessionInfo) {
        this.tlsSessionInfo = tLSSessionInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public XrootdResponse<ProtocolRequest> doOnProtocolRequest(ChannelHandlerContext channelHandlerContext, ProtocolRequest protocolRequest) throws XrootdException {
        if (this.tlsSessionInfo == null) {
            throw new XrootdException(3012, "incomplete server information on protocol request");
        }
        LOGGER.debug("doOnProtocolRequest, version {}, expect {}, option {}.", new Object[]{Integer.valueOf(protocolRequest.getVersion()), Integer.valueOf(protocolRequest.getExpect()), Integer.valueOf(protocolRequest.getOption())});
        this.tlsSessionInfo.setLocalTlsActivation(protocolRequest.getVersion(), protocolRequest.getOption(), protocolRequest.getExpect());
        if (this.tlsSessionInfo.serverUsesTls()) {
            this.signingPolicy = SigningPolicy.OFF;
            LOGGER.debug("kXR_protocol, server has now transitioned to tls? {}.", Boolean.valueOf(this.tlsSessionInfo.serverTransitionedToTLS(3006, channelHandlerContext)));
        }
        LOGGER.debug("Sending protocol message with server flags {}, signing policy {}.", this.tlsSessionInfo.getLocalServerProtocolFlags(), this.signingPolicy);
        return new ProtocolResponse(protocolRequest, this.tlsSessionInfo.getLocalServerProtocolFlags().getFlags(), this.signingPolicy);
    }

    protected void enforceClientTlsIfDestinationRequiresItForTpc(Map<String, String> map) throws XrootdException {
        if (!map.containsKey(XrootdTpcInfo.CLIENT) && !map.containsKey(XrootdTpcInfo.SRC)) {
            LOGGER.debug("server is not TPC destination; no TLS TPC check.");
            return;
        }
        String str = map.get(XrootdTpcInfo.SPR);
        String str2 = map.get(XrootdTpcInfo.TPR);
        LOGGER.debug("server requires tls for tpc {}; incoming client is TLS capable {}; tpc.spr {}, tpc.tpr {}.", new Object[]{Boolean.valueOf(this.tlsSessionInfo.getLocalServerProtocolFlags().requiresTLSForTPC()), Boolean.valueOf(this.tlsSessionInfo.isIncomingClientTLSCapable()), str, str2});
        if (this.tlsSessionInfo.getLocalServerProtocolFlags().requiresTLSForTPC()) {
            if (!this.tlsSessionInfo.isIncomingClientTLSCapable()) {
                throw new XrootdException(3028, "Server accepts only secure connections for TPC.");
            }
            if (!"xroots".equals(str2)) {
                throw new XrootdException(3028, "Wrong protocol expressed for TPC destination.");
            }
        }
    }
}
