package org.apache.cassandra.transport;

import com.codahale.metrics.Counter;
import io.netty.channel.Channel;
import io.netty.handler.ssl.SslHandler;
import java.security.cert.Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.cassandra.auth.IAuthenticator;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.service.QueryState;
import org.apache.cassandra.transport.Connection;
import org.apache.cassandra.transport.Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/transport/ServerConnection.class */
public class ServerConnection extends Connection {
    private static final Logger logger;
    private volatile IAuthenticator.SaslNegotiator saslNegotiator;
    private final ClientState clientState;
    private volatile ConnectionStage stage;
    public final Counter requests;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerConnection(Channel channel, ProtocolVersion protocolVersion, Connection.Tracker tracker) {
        super(channel, protocolVersion, tracker);
        this.requests = new Counter();
        this.clientState = ClientState.forExternalCalls(channel.remoteAddress());
        this.stage = ConnectionStage.ESTABLISHED;
    }

    public ClientState getClientState() {
        return this.clientState;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectionStage stage() {
        return this.stage;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QueryState validateNewMessage(Message.Type type, ProtocolVersion protocolVersion) {
        switch (this.stage) {
            case ESTABLISHED:
                if (type != Message.Type.STARTUP && type != Message.Type.OPTIONS) {
                    throw new ProtocolException(String.format("Unexpected message %s, expecting STARTUP or OPTIONS", type));
                }
                break;
            case AUTHENTICATING:
                if (type != Message.Type.AUTH_RESPONSE && type != Message.Type.CREDENTIALS) {
                    Object[] objArr = new Object[2];
                    objArr[0] = type;
                    objArr[1] = protocolVersion == ProtocolVersion.V1 ? "CREDENTIALS" : "SASL_RESPONSE";
                    throw new ProtocolException(String.format("Unexpected message %s, expecting %s", objArr));
                }
                break;
            case READY:
                if (type == Message.Type.STARTUP) {
                    throw new ProtocolException("Unexpected message STARTUP, the connection is already initialized");
                }
                break;
            default:
                throw new AssertionError();
        }
        return new QueryState(this.clientState);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void applyStateTransition(Message.Type type, Message.Type type2) {
        switch (this.stage) {
            case ESTABLISHED:
                if (type == Message.Type.STARTUP) {
                    if (type2 == Message.Type.AUTHENTICATE) {
                        this.stage = ConnectionStage.AUTHENTICATING;
                        return;
                    } else {
                        if (type2 == Message.Type.READY) {
                            this.stage = ConnectionStage.READY;
                            return;
                        }
                        return;
                    }
                }
                return;
            case AUTHENTICATING:
                if (!$assertionsDisabled && type != Message.Type.AUTH_RESPONSE && type != Message.Type.CREDENTIALS) {
                    throw new AssertionError();
                }
                if (type2 == Message.Type.READY || type2 == Message.Type.AUTH_SUCCESS) {
                    this.stage = ConnectionStage.READY;
                    this.saslNegotiator = null;
                    return;
                }
                return;
            case READY:
                return;
            default:
                throw new AssertionError();
        }
    }

    public IAuthenticator.SaslNegotiator getSaslNegotiator(QueryState queryState) {
        if (this.saslNegotiator == null) {
            this.saslNegotiator = DatabaseDescriptor.getAuthenticator().newSaslNegotiator(queryState.getClientAddress(), certificates());
        }
        return this.saslNegotiator;
    }

    private Certificate[] certificates() {
        SslHandler sslHandler = channel().pipeline().get(ConnectedClient.SSL);
        Certificate[] certificateArr = null;
        if (sslHandler != null) {
            try {
                certificateArr = sslHandler.engine().getSession().getPeerCertificates();
            } catch (SSLPeerUnverifiedException e) {
                logger.debug("Failed to get peer certificates for peer {}", channel().remoteAddress(), e);
            }
        }
        return certificateArr;
    }

    public boolean isSSL() {
        return channel().pipeline().get(ConnectedClient.SSL) != null;
    }

    static {
        $assertionsDisabled = !ServerConnection.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(ServerConnection.class);
    }
}
