package org.opends.server.protocols.ldap;

import java.io.Closeable;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.nio.channels.ByteChannel;
import java.nio.channels.ClosedChannelException;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.SSLException;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.io.ASN1;
import org.forgerock.opendj.io.ASN1Writer;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.messages.CoreMessages;
import org.opends.messages.ProtocolMessages;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ConnectionHandler;
import org.opends.server.core.AbandonOperationBasis;
import org.opends.server.core.AddOperationBasis;
import org.opends.server.core.BindOperationBasis;
import org.opends.server.core.CompareOperationBasis;
import org.opends.server.core.DeleteOperationBasis;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ExtendedOperationBasis;
import org.opends.server.core.ModifyDNOperationBasis;
import org.opends.server.core.ModifyOperationBasis;
import org.opends.server.core.PersistentSearch;
import org.opends.server.core.SearchOperation;
import org.opends.server.core.SearchOperationBasis;
import org.opends.server.core.UnbindOperationBasis;
import org.opends.server.extensions.ConnectionSecurityProvider;
import org.opends.server.extensions.RedirectingByteChannel;
import org.opends.server.extensions.TLSCapableConnection;
import org.opends.server.loggers.AccessLogger;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.CancelRequest;
import org.opends.server.types.CancelResult;
import org.opends.server.types.Control;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.DisconnectReason;
import org.opends.server.types.IntermediateResponse;
import org.opends.server.types.Operation;
import org.opends.server.types.OperationType;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchResultReference;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.TimeThread;

/* loaded from: input_file:org/opends/server/protocols/ldap/LDAPClientConnection.class */
public final class LDAPClientConnection extends ClientConnection implements TLSCapableConnection {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private static final ThreadLocal<ASN1WriterHolder> ASN1_WRITER_CACHE = new ThreadLocal<ASN1WriterHolder>() { // from class: org.opends.server.protocols.ldap.LDAPClientConnection.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public ASN1WriterHolder initialValue() {
            return new ASN1WriterHolder();
        }
    };
    private final boolean keepStats;
    private final int clientPort;
    private final int serverPort;
    private final LDAPConnectionHandler connectionHandler;
    private final LDAPStatistics statTracker;
    private final boolean useNanoTime;
    private final long connectionID;
    private final SocketChannel clientChannel;
    private final String clientAddress;
    private final String protocol;
    private final String serverAddress;
    private final ASN1ByteChannelReader asn1Reader;
    private final int bufferSize;
    private final RedirectingByteChannel saslChannel;
    private final RedirectingByteChannel tlsChannel;
    private volatile ConnectionSecurityProvider saslActiveProvider;
    private volatile ConnectionSecurityProvider tlsActiveProvider;
    private volatile ConnectionSecurityProvider saslPendingProvider;
    private volatile ConnectionSecurityProvider tlsPendingProvider;
    private final ByteChannel timeoutClientChannel = new TimeoutWriteByteChannel();
    private final Object opsInProgressLock = new Object();
    private int ldapVersion = 3;
    private final AtomicLong lastCompletionTime = new AtomicLong(TimeThread.getTime());
    private final AtomicLong nextOperationID = new AtomicLong(0);
    private volatile boolean connectionValid = true;
    private boolean disconnectRequested = false;
    private final ConcurrentHashMap<Integer, Operation> operationsInProgress = new ConcurrentHashMap<>();
    private final AtomicLong operationsPerformed = new AtomicLong(0);
    private final AtomicReference<Selector> writeSelector = new AtomicReference<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/protocols/ldap/LDAPClientConnection$ASN1WriterHolder.class */
    public static final class ASN1WriterHolder implements Closeable {
        private final ASN1Writer writer;
        private final ByteStringBuilder buffer;
        private final int maxBufferSize;

        private ASN1WriterHolder() {
            this.buffer = new ByteStringBuilder();
            this.maxBufferSize = DirectoryServer.getCoreConfigManager().getMaxInternalBufferSize();
            this.writer = ASN1.getWriter(this.buffer, this.maxBufferSize);
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            StaticUtils.close(this.writer);
            this.buffer.clearAndTruncate(this.maxBufferSize, this.maxBufferSize);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/protocols/ldap/LDAPClientConnection$ConnectionFinalizerJob.class */
    public static final class ConnectionFinalizerJob implements Runnable {
        private final ASN1ByteChannelReader asn1Reader;
        private final SocketChannel socketChannel;

        private ConnectionFinalizerJob(ASN1ByteChannelReader aSN1ByteChannelReader, SocketChannel socketChannel) {
            this.asn1Reader = aSN1ByteChannelReader;
            this.socketChannel = socketChannel;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.asn1Reader.close();
            } catch (Exception e) {
                LDAPClientConnection.logger.traceException(e);
            }
            try {
                this.socketChannel.close();
            } catch (Exception e2) {
                LDAPClientConnection.logger.traceException(e2);
            }
        }
    }

    /* loaded from: input_file:org/opends/server/protocols/ldap/LDAPClientConnection$TimeoutWriteByteChannel.class */
    private class TimeoutWriteByteChannel implements ByteChannel {
        private final Lock writeLock;

        private TimeoutWriteByteChannel() {
            this.writeLock = new ReentrantLock();
        }

        @Override // java.nio.channels.ReadableByteChannel
        public int read(ByteBuffer byteBuffer) throws IOException {
            int read = LDAPClientConnection.this.clientChannel.read(byteBuffer);
            if (read > 0 && LDAPClientConnection.this.keepStats) {
                LDAPClientConnection.this.statTracker.updateBytesRead(read);
            }
            return read;
        }

        @Override // java.nio.channels.Channel
        public boolean isOpen() {
            return LDAPClientConnection.this.clientChannel.isOpen();
        }

        @Override // java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            LDAPClientConnection.this.clientChannel.close();
        }

        @Override // java.nio.channels.WritableByteChannel
        public int write(ByteBuffer byteBuffer) throws IOException {
            this.writeLock.lock();
            try {
                int remaining = byteBuffer.remaining();
                int write = LDAPClientConnection.this.clientChannel.write(byteBuffer);
                if (write > 0 && LDAPClientConnection.this.keepStats) {
                    LDAPClientConnection.this.statTracker.updateBytesWritten(write);
                }
                if (!byteBuffer.hasRemaining()) {
                    return remaining;
                }
                long currentTimeMillis = System.currentTimeMillis();
                long maxBlockedWriteTimeLimit = LDAPClientConnection.this.getMaxBlockedWriteTimeLimit();
                if (maxBlockedWriteTimeLimit <= 0) {
                    maxBlockedWriteTimeLimit = 300000;
                }
                long j = currentTimeMillis + maxBlockedWriteTimeLimit;
                Selector writeSelector = LDAPClientConnection.this.getWriteSelector();
                if (writeSelector == null) {
                    while (byteBuffer.hasRemaining() && System.currentTimeMillis() < j) {
                        int write2 = LDAPClientConnection.this.clientChannel.write(byteBuffer);
                        if (write2 < 0) {
                            throw new ClosedChannelException();
                        }
                        if (write2 > 0 && LDAPClientConnection.this.keepStats) {
                            LDAPClientConnection.this.statTracker.updateBytesWritten(write2);
                        }
                    }
                    if (byteBuffer.hasRemaining()) {
                        throw new ClosedChannelException();
                    }
                    this.writeLock.unlock();
                    return remaining;
                }
                SelectionKey register = LDAPClientConnection.this.clientChannel.register(writeSelector, 4);
                try {
                    writeSelector.select(maxBlockedWriteTimeLimit);
                    while (byteBuffer.hasRemaining()) {
                        long currentTimeMillis2 = System.currentTimeMillis();
                        if (currentTimeMillis2 >= j) {
                            throw new ClosedChannelException();
                        }
                        long j2 = j - currentTimeMillis2;
                        Iterator<SelectionKey> it = writeSelector.selectedKeys().iterator();
                        while (it.hasNext()) {
                            if (it.next().isWritable()) {
                                int write3 = LDAPClientConnection.this.clientChannel.write(byteBuffer);
                                if (write3 < 0) {
                                    throw new ClosedChannelException();
                                }
                                if (write3 > 0 && LDAPClientConnection.this.keepStats) {
                                    LDAPClientConnection.this.statTracker.updateBytesWritten(write3);
                                }
                                it.remove();
                            }
                        }
                        if (byteBuffer.hasRemaining()) {
                            writeSelector.select(j2);
                        }
                    }
                    this.writeLock.unlock();
                    return remaining;
                } finally {
                    if (register.isValid()) {
                        register.cancel();
                        writeSelector.selectNow();
                    }
                }
            } finally {
                this.writeLock.unlock();
            }
        }
    }

    private ASN1WriterHolder getASN1Writer() {
        ASN1WriterHolder aSN1WriterHolder = ASN1_WRITER_CACHE.get();
        if (aSN1WriterHolder.maxBufferSize != DirectoryServer.getCoreConfigManager().getMaxInternalBufferSize()) {
            aSN1WriterHolder = new ASN1WriterHolder();
            ASN1_WRITER_CACHE.set(aSN1WriterHolder);
        }
        return aSN1WriterHolder;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LDAPClientConnection(LDAPConnectionHandler lDAPConnectionHandler, SocketChannel socketChannel, String str) throws DirectoryException {
        this.connectionHandler = lDAPConnectionHandler;
        this.clientChannel = socketChannel;
        this.keepStats = lDAPConnectionHandler.keepStats();
        this.protocol = str;
        Socket socket = socketChannel.socket();
        this.clientAddress = socket.getInetAddress().getHostAddress();
        this.clientPort = socket.getPort();
        this.serverAddress = socket.getLocalAddress().getHostAddress();
        this.serverPort = socket.getLocalPort();
        this.statTracker = this.connectionHandler.getStatTracker();
        if (this.keepStats) {
            this.statTracker.updateConnect();
            this.useNanoTime = DirectoryServer.getCoreConfigManager().isUseNanoTime();
        } else {
            this.useNanoTime = false;
        }
        this.bufferSize = lDAPConnectionHandler.getBufferSize();
        this.tlsChannel = RedirectingByteChannel.getRedirectingByteChannel(this.timeoutClientChannel);
        this.saslChannel = RedirectingByteChannel.getRedirectingByteChannel(this.tlsChannel);
        this.asn1Reader = new ASN1ByteChannelReader(this.saslChannel, this.bufferSize, lDAPConnectionHandler.getMaxRequestSize());
        if (lDAPConnectionHandler.useSSL()) {
            enableSSL(lDAPConnectionHandler.getTLSByteChannel(this.timeoutClientChannel));
        }
        this.connectionID = DirectoryServer.newConnectionAccepted(this);
    }

    @Override // org.opends.server.api.ClientConnection
    public long getConnectionID() {
        return this.connectionID;
    }

    @Override // org.opends.server.api.ClientConnection
    public ConnectionHandler<?> getConnectionHandler() {
        return this.connectionHandler;
    }

    @Override // org.opends.server.api.ClientConnection
    public SocketChannel getSocketChannel() {
        return this.clientChannel;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getProtocol() {
        return this.protocol;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getClientAddress() {
        return this.clientAddress;
    }

    @Override // org.opends.server.api.ClientConnection
    public int getClientPort() {
        return this.clientPort;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getServerAddress() {
        return this.serverAddress;
    }

    @Override // org.opends.server.api.ClientConnection
    public int getServerPort() {
        return this.serverPort;
    }

    @Override // org.opends.server.api.ClientConnection
    public InetAddress getRemoteAddress() {
        return this.clientChannel.socket().getInetAddress();
    }

    @Override // org.opends.server.api.ClientConnection
    public InetAddress getLocalAddress() {
        return this.clientChannel.socket().getLocalAddress();
    }

    @Override // org.opends.server.api.ClientConnection
    public boolean isConnectionValid() {
        return this.connectionValid;
    }

    @Override // org.opends.server.api.ClientConnection
    public boolean isSecure() {
        boolean z = false;
        if (this.tlsActiveProvider != null) {
            z = this.tlsActiveProvider.isSecure();
        }
        if (!z && this.saslActiveProvider != null) {
            z = this.saslActiveProvider.isSecure();
        }
        return z;
    }

    @Override // org.opends.server.api.ClientConnection
    public void sendResponse(Operation operation) {
        LDAPMessage operationToResponseLDAPMessage;
        if (this.keepStats) {
            this.statTracker.updateOperationMonitoringData(operation.getOperationType(), this.useNanoTime ? operation.getProcessingNanoTime() : operation.getProcessingTime());
        }
        if (!removeOperationInProgress(operation.getMessageID()) || (operationToResponseLDAPMessage = operationToResponseLDAPMessage(operation)) == null) {
            return;
        }
        sendLDAPMessage(operationToResponseLDAPMessage);
    }

    private LDAPMessage operationToResponseLDAPMessage(Operation operation) {
        List<String> referralURLs;
        ProtocolOp searchResultDoneProtocolOp;
        ResultCode resultCode = operation.getResultCode();
        if (resultCode == null) {
            logger.error((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Object, Number, Number>, OperationType, Long>) ProtocolMessages.ERR_LDAP_CLIENT_SEND_RESPONSE_NO_RESULT_CODE, (LocalizableMessageDescriptor.Arg3<Object, Number, Number>) operation.getOperationType(), (OperationType) Long.valueOf(operation.getConnectionID()), Long.valueOf(operation.getOperationID()));
            resultCode = DirectoryServer.getCoreConfigManager().getServerErrorResultCode();
        }
        LocalizableMessageBuilder errorMessage = operation.getErrorMessage();
        DN matchedDN = operation.getMatchedDN();
        if (this.ldapVersion == 2) {
            referralURLs = null;
            if (resultCode == ResultCode.REFERRAL) {
                resultCode = ResultCode.CONSTRAINT_VIOLATION;
                errorMessage.append(ProtocolMessages.ERR_LDAPV2_REFERRAL_RESULT_CHANGED.get());
            }
            List<String> referralURLs2 = operation.getReferralURLs();
            if (referralURLs2 != null && !referralURLs2.isEmpty()) {
                StringBuilder sb = new StringBuilder();
                Iterator<String> it = referralURLs2.iterator();
                sb.append(it.next());
                while (it.hasNext()) {
                    sb.append(", ");
                    sb.append(it.next());
                }
                errorMessage.append(ProtocolMessages.ERR_LDAPV2_REFERRALS_OMITTED.get(sb));
            }
        } else {
            referralURLs = operation.getReferralURLs();
        }
        switch (operation.getOperationType()) {
            case ADD:
                searchResultDoneProtocolOp = new AddResponseProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case BIND:
                searchResultDoneProtocolOp = new BindResponseProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs, ((BindOperationBasis) operation).getServerSASLCredentials());
                break;
            case COMPARE:
                searchResultDoneProtocolOp = new CompareResponseProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case DELETE:
                searchResultDoneProtocolOp = new DeleteResponseProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case EXTENDED:
                if (this.ldapVersion != 2) {
                    ExtendedOperationBasis extendedOperationBasis = (ExtendedOperationBasis) operation;
                    searchResultDoneProtocolOp = new ExtendedResponseProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs, extendedOperationBasis.getResponseOID(), extendedOperationBasis.getResponseValue());
                    break;
                } else {
                    logger.error((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Number, Number, Object>, Long, Long>) ProtocolMessages.ERR_LDAPV2_SKIPPING_EXTENDED_RESPONSE, (LocalizableMessageDescriptor.Arg3<Number, Number, Object>) Long.valueOf(getConnectionID()), Long.valueOf(operation.getOperationID()), (Long) operation);
                    return null;
                }
            case MODIFY:
                searchResultDoneProtocolOp = new ModifyResponseProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case MODIFY_DN:
                searchResultDoneProtocolOp = new ModifyDNResponseProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case SEARCH:
                searchResultDoneProtocolOp = new SearchResultDoneProtocolOp(resultCode.intValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            default:
                logger.error((LocalizableMessageDescriptor.Arg4<LocalizableMessageDescriptor.Arg4<Object, Number, Number, Object>, OperationType, Long, Long>) ProtocolMessages.ERR_LDAP_CLIENT_SEND_RESPONSE_INVALID_OP, (LocalizableMessageDescriptor.Arg4<Object, Number, Number, Object>) operation.getOperationType(), (OperationType) Long.valueOf(getConnectionID()), Long.valueOf(operation.getOperationID()), (Long) operation);
                return null;
        }
        return new LDAPMessage(operation.getMessageID(), searchResultDoneProtocolOp, this.ldapVersion == 2 ? null : operation.getResponseControls());
    }

    @Override // org.opends.server.api.ClientConnection
    public void sendSearchEntry(SearchOperation searchOperation, SearchResultEntry searchResultEntry) {
        sendLDAPMessage(new LDAPMessage(searchOperation.getMessageID(), new SearchResultEntryProtocolOp(searchResultEntry, this.ldapVersion), searchResultEntry.getControls()));
    }

    @Override // org.opends.server.api.ClientConnection
    public boolean sendSearchReference(SearchOperation searchOperation, SearchResultReference searchResultReference) {
        if (this.ldapVersion == 2) {
            logger.error((LocalizableMessageDescriptor.Arg3<LocalizableMessageDescriptor.Arg3<Number, Number, Object>, Long, Long>) ProtocolMessages.ERR_LDAPV2_SKIPPING_SEARCH_REFERENCE, (LocalizableMessageDescriptor.Arg3<Number, Number, Object>) Long.valueOf(getConnectionID()), Long.valueOf(searchOperation.getOperationID()), (Long) searchResultReference);
            return false;
        }
        sendLDAPMessage(new LDAPMessage(searchOperation.getMessageID(), new SearchResultReferenceProtocolOp(searchResultReference), searchResultReference.getControls()));
        return true;
    }

    @Override // org.opends.server.api.ClientConnection
    protected boolean sendIntermediateResponseMessage(IntermediateResponse intermediateResponse) {
        sendLDAPMessage(new LDAPMessage(intermediateResponse.getOperation().getMessageID(), new IntermediateResponseProtocolOp(intermediateResponse.getOID(), intermediateResponse.getValue()), intermediateResponse.getControls()));
        return this.connectionValid;
    }

    private void sendLDAPMessage(LDAPMessage lDAPMessage) {
        ASN1WriterHolder aSN1Writer = getASN1Writer();
        try {
            try {
                lDAPMessage.write(aSN1Writer.writer);
                aSN1Writer.buffer.copyTo(this.saslChannel);
                if (logger.isTraceEnabled()) {
                    logger.trace("LDAPMessage=%s", lDAPMessage);
                }
                if (this.keepStats) {
                    this.statTracker.updateMessageWritten(lDAPMessage);
                }
                StaticUtils.close(aSN1Writer);
            } catch (ClosedChannelException e) {
                logger.traceException(e);
                disconnect(DisconnectReason.IO_ERROR, false, ProtocolMessages.ERR_IO_ERROR_ON_CLIENT_CONNECTION.get(StaticUtils.getExceptionMessage(e)));
                StaticUtils.close(aSN1Writer);
            } catch (Exception e2) {
                logger.traceException(e2);
                disconnect(DisconnectReason.SERVER_ERROR, false, ProtocolMessages.ERR_UNEXPECTED_EXCEPTION_ON_CLIENT_CONNECTION.get(StaticUtils.getExceptionMessage(e2)));
                StaticUtils.close(aSN1Writer);
            }
        } catch (Throwable th) {
            StaticUtils.close(aSN1Writer);
            throw th;
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public void disconnect(DisconnectReason disconnectReason, boolean z, LocalizableMessage localizableMessage) {
        synchronized (this.opsInProgressLock) {
            if (this.disconnectRequested) {
                return;
            }
            this.disconnectRequested = true;
            if (this.keepStats) {
                this.statTracker.updateDisconnect();
            }
            if (this.connectionID >= 0) {
                DirectoryServer.connectionClosed(this);
            }
            this.connectionValid = false;
            cancelAllOperations(new CancelRequest(true, localizableMessage != null ? new LocalizableMessageBuilder().append(disconnectReason.getClosureMessage()).append((CharSequence) ": ").append(localizableMessage).toMessage() : disconnectReason.getClosureMessage()));
            finalizeConnectionInternal();
            StaticUtils.close(this.writeSelector.get());
            if (z && this.ldapVersion != 2) {
                try {
                    sendLDAPMessage(new LDAPMessage(0, new ExtendedResponseProtocolOp(toResultCode(disconnectReason), localizableMessage != null ? localizableMessage : ProtocolMessages.INFO_LDAP_CLIENT_GENERIC_NOTICE_OF_DISCONNECTION.get(), null, null, "1.3.6.1.4.1.1466.20036", null), null));
                } catch (Exception e) {
                    logger.traceException(e);
                }
            }
            this.connectionHandler.registerConnectionFinalizer(new ConnectionFinalizerJob(this.asn1Reader, this.clientChannel));
            AccessLogger.logDisconnect(this, disconnectReason, localizableMessage);
            try {
                DirectoryServer.getPluginConfigManager().invokePostDisconnectPlugins(this, disconnectReason, localizableMessage);
            } catch (Exception e2) {
                logger.traceException(e2);
            }
        }
    }

    private int toResultCode(DisconnectReason disconnectReason) {
        switch (disconnectReason) {
            case PROTOCOL_ERROR:
                return 2;
            case SERVER_SHUTDOWN:
                return 52;
            case SERVER_ERROR:
                return DirectoryServer.getCoreConfigManager().getServerErrorResultCode().intValue();
            case ADMIN_LIMIT_EXCEEDED:
            case IDLE_TIME_LIMIT_EXCEEDED:
            case MAX_REQUEST_SIZE_EXCEEDED:
            case IO_TIMEOUT:
                return 11;
            case CONNECTION_REJECTED:
                return 19;
            case INVALID_CREDENTIALS:
                return 49;
            default:
                return 80;
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public Collection<Operation> getOperationsInProgress() {
        return this.operationsInProgress.values();
    }

    @Override // org.opends.server.api.ClientConnection
    public Operation getOperationInProgress(int i) {
        return this.operationsInProgress.get(Integer.valueOf(i));
    }

    private void addOperationInProgress(Operation operation) throws DirectoryException {
        int messageID = operation.getMessageID();
        try {
            synchronized (this.opsInProgressLock) {
                if (this.disconnectRequested) {
                    throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, ProtocolMessages.WARN_CLIENT_DISCONNECT_IN_PROGRESS.get());
                }
                if (this.operationsInProgress.putIfAbsent(Integer.valueOf(messageID), operation) != null) {
                    throw new DirectoryException(ResultCode.PROTOCOL_ERROR, ProtocolMessages.WARN_LDAP_CLIENT_DUPLICATE_MESSAGE_ID.get(Integer.valueOf(messageID)));
                }
            }
            this.connectionHandler.getQueueingStrategy().enqueueRequest(operation);
        } catch (DirectoryException e) {
            logger.traceException(e);
            this.operationsInProgress.remove(Integer.valueOf(messageID));
            this.lastCompletionTime.set(TimeThread.getTime());
            throw e;
        } catch (Exception e2) {
            logger.traceException(e2);
            throw new DirectoryException(DirectoryServer.getCoreConfigManager().getServerErrorResultCode(), ProtocolMessages.WARN_LDAP_CLIENT_CANNOT_ENQUEUE.get(StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public boolean removeOperationInProgress(int i) {
        Operation remove = this.operationsInProgress.remove(Integer.valueOf(i));
        if (remove == null) {
            return false;
        }
        if (remove.getOperationType() == OperationType.ABANDON && this.keepStats && remove.getResultCode() == ResultCode.CANCELLED) {
            this.statTracker.updateAbandonedOperation();
        }
        this.lastCompletionTime.set(TimeThread.getTime());
        return true;
    }

    @Override // org.opends.server.api.ClientConnection
    public CancelResult cancelOperation(int i, CancelRequest cancelRequest) {
        Operation operation = this.operationsInProgress.get(Integer.valueOf(i));
        if (operation != null) {
            return operation.cancel(cancelRequest);
        }
        for (PersistentSearch persistentSearch : getPersistentSearches()) {
            if (persistentSearch.getMessageID() == i) {
                return persistentSearch.cancel();
            }
        }
        return new CancelResult(ResultCode.NO_SUCH_OPERATION, null);
    }

    @Override // org.opends.server.api.ClientConnection
    public void cancelAllOperations(CancelRequest cancelRequest) {
        synchronized (this.opsInProgressLock) {
            try {
                Iterator<Operation> it = this.operationsInProgress.values().iterator();
                while (it.hasNext()) {
                    try {
                        it.next().abort(cancelRequest);
                        if (this.keepStats) {
                            this.statTracker.updateAbandonedOperation();
                        }
                    } catch (Exception e) {
                        logger.traceException(e);
                    }
                }
                if (!this.operationsInProgress.isEmpty() || !getPersistentSearches().isEmpty()) {
                    this.lastCompletionTime.set(TimeThread.getTime());
                }
                this.operationsInProgress.clear();
                Iterator<PersistentSearch> it2 = getPersistentSearches().iterator();
                while (it2.hasNext()) {
                    it2.next().cancel();
                }
            } catch (Exception e2) {
                logger.traceException(e2);
            }
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public void cancelAllOperationsExcept(CancelRequest cancelRequest, int i) {
        synchronized (this.opsInProgressLock) {
            try {
                for (Map.Entry<Integer, Operation> entry : this.operationsInProgress.entrySet()) {
                    int intValue = entry.getKey().intValue();
                    if (intValue != i) {
                        Operation value = entry.getValue();
                        if (value != null) {
                            try {
                                value.abort(cancelRequest);
                                if (this.keepStats) {
                                    this.statTracker.updateAbandonedOperation();
                                }
                            } catch (Exception e) {
                                logger.traceException(e);
                            }
                        }
                        this.operationsInProgress.remove(Integer.valueOf(intValue));
                        this.lastCompletionTime.set(TimeThread.getTime());
                    }
                }
                for (PersistentSearch persistentSearch : getPersistentSearches()) {
                    if (persistentSearch.getMessageID() != i) {
                        persistentSearch.cancel();
                        this.lastCompletionTime.set(TimeThread.getTime());
                    }
                }
            } catch (Exception e2) {
                logger.traceException(e2);
            }
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public Selector getWriteSelector() {
        Selector selector = this.writeSelector.get();
        if (selector == null) {
            try {
                selector = Selector.open();
                if (!this.writeSelector.compareAndSet(null, selector)) {
                    selector.close();
                    selector = this.writeSelector.get();
                }
            } catch (Exception e) {
                logger.traceException(e);
            }
        }
        return selector;
    }

    @Override // org.opends.server.api.ClientConnection
    public long getMaxBlockedWriteTimeLimit() {
        return this.connectionHandler.getMaxBlockedWriteTimeLimit();
    }

    @Override // org.opends.server.api.ClientConnection
    public long getNumberOfOperations() {
        return this.operationsPerformed.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ASN1ByteChannelReader getASN1Reader() {
        return this.asn1Reader;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int processDataRead() {
        if (this.bindInProgress.get() || this.startTLSInProgress.get()) {
            return 0;
        }
        try {
            int processChannelData = this.asn1Reader.processChannelData();
            if (processChannelData >= 0) {
                return processChannelData;
            }
            disconnect(DisconnectReason.CLIENT_DISCONNECT, false, null);
            return -1;
        } catch (Exception e) {
            logger.traceException(e);
            if (this.asn1Reader.hasRemainingData() || (e instanceof SSLException)) {
                disconnect(DisconnectReason.IO_ERROR, true, ProtocolMessages.ERR_LDAP_CLIENT_IO_ERROR_DURING_READ.get(e));
                return -1;
            }
            disconnect(DisconnectReason.CLIENT_DISCONNECT, true, ProtocolMessages.ERR_LDAP_CLIENT_IO_ERROR_BEFORE_READ.get());
            return -1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean processLDAPMessage(LDAPMessage lDAPMessage) {
        if (this.keepStats) {
            this.statTracker.updateMessageRead(lDAPMessage);
        }
        this.operationsPerformed.getAndIncrement();
        List<Control> controls = lDAPMessage.getControls();
        try {
            if (this.bindInProgress.get()) {
                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_ENQUEUE_BIND_IN_PROGRESS.get());
            }
            if (this.startTLSInProgress.get()) {
                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_ENQUEUE_STARTTLS_IN_PROGRESS.get());
            }
            if (this.saslBindInProgress.get() && lDAPMessage.getProtocolOpType() != 96) {
                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_ENQUEUE_SASLBIND_IN_PROGRESS.get());
            }
            switch (lDAPMessage.getProtocolOpType()) {
                case 66:
                    return processUnbindRequest(lDAPMessage, controls);
                case 74:
                    return processDeleteRequest(lDAPMessage, controls);
                case 80:
                    return processAbandonRequest(lDAPMessage, controls);
                case 96:
                    boolean z = lDAPMessage.getBindRequestProtocolOp().getAuthenticationType() == AuthenticationType.SASL;
                    this.bindInProgress.set(true);
                    if (z) {
                        this.saslBindInProgress.set(true);
                    }
                    boolean processBindRequest = processBindRequest(lDAPMessage, controls);
                    if (!processBindRequest) {
                        this.bindInProgress.set(false);
                        if (z) {
                            this.saslBindInProgress.set(false);
                        }
                    }
                    return processBindRequest;
                case 99:
                    return processSearchRequest(lDAPMessage, controls);
                case 102:
                    return processModifyRequest(lDAPMessage, controls);
                case 104:
                    return processAddRequest(lDAPMessage, controls);
                case 108:
                    return processModifyDNRequest(lDAPMessage, controls);
                case 110:
                    return processCompareRequest(lDAPMessage, controls);
                case 119:
                    boolean equals = "1.3.6.1.4.1.1466.20037".equals(lDAPMessage.getExtendedRequestProtocolOp().getOID());
                    if (equals) {
                        this.startTLSInProgress.set(true);
                    }
                    boolean processExtendedRequest = processExtendedRequest(lDAPMessage, controls);
                    if (!processExtendedRequest && equals) {
                        this.startTLSInProgress.set(false);
                    }
                    return processExtendedRequest;
                default:
                    disconnect(DisconnectReason.PROTOCOL_ERROR, true, ProtocolMessages.ERR_LDAP_DISCONNECT_DUE_TO_INVALID_REQUEST_TYPE.get(lDAPMessage.getProtocolOpName(), Integer.valueOf(lDAPMessage.getMessageID())));
                    return false;
            }
        } catch (Exception e) {
            logger.traceException(e);
            disconnect(DisconnectReason.SERVER_ERROR, true, ProtocolMessages.ERR_LDAP_DISCONNECT_DUE_TO_PROCESSING_FAILURE.get(lDAPMessage.getProtocolOpName(), Integer.valueOf(lDAPMessage.getMessageID()), e));
            return false;
        }
    }

    private boolean processAbandonRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && !list.isEmpty()) {
            disconnectControlsNotAllowed();
            return false;
        }
        try {
            addOperationInProgress(new AbandonOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, lDAPMessage.getAbandonRequestProtocolOp().getIDToAbandon()));
        } catch (DirectoryException e) {
            logger.traceException(e);
        }
        return this.connectionValid;
    }

    private boolean processAddRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && !list.isEmpty()) {
            sendLDAPMessage(lDAPMessage, new AddResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get()));
            disconnectControlsNotAllowed();
            return false;
        }
        AddRequestProtocolOp addRequestProtocolOp = lDAPMessage.getAddRequestProtocolOp();
        AddOperationBasis addOperationBasis = new AddOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, addRequestProtocolOp.getDN(), addRequestProtocolOp.getAttributes());
        try {
            addOperationInProgress(addOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new AddResponseProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), addOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private void sendLDAPMessage(LDAPMessage lDAPMessage, ProtocolOp protocolOp) {
        sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), protocolOp));
    }

    private void disconnectControlsNotAllowed() {
        disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
    }

    private boolean processBindRequest(LDAPMessage lDAPMessage, List<Control> list) {
        String str;
        BindOperationBasis bindOperationBasis;
        BindRequestProtocolOp bindRequestProtocolOp = lDAPMessage.getBindRequestProtocolOp();
        int protocolVersion = bindRequestProtocolOp.getProtocolVersion();
        this.ldapVersion = protocolVersion;
        switch (protocolVersion) {
            case 2:
                str = "2";
                if (!this.connectionHandler.allowLDAPv2()) {
                    sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new BindResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CLIENTS_NOT_ALLOWED.get())));
                    disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CLIENTS_NOT_ALLOWED.get());
                    return false;
                }
                if (!list.isEmpty()) {
                    sendLDAPMessage(lDAPMessage, new BindResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get()));
                    disconnectControlsNotAllowed();
                    return false;
                }
                break;
            case 3:
                str = "3";
                break;
            default:
                sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new BindResponseProtocolOp(2, ProtocolMessages.ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(Integer.valueOf(this.ldapVersion)))));
                disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(Integer.valueOf(this.ldapVersion)));
                return false;
        }
        ByteString dn = bindRequestProtocolOp.getDN();
        switch (bindRequestProtocolOp.getAuthenticationType()) {
            case SIMPLE:
                bindOperationBasis = new BindOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, str, dn, bindRequestProtocolOp.getSimplePassword());
                break;
            case SASL:
                bindOperationBasis = new BindOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, str, dn, bindRequestProtocolOp.getSASLMechanism(), bindRequestProtocolOp.getSASLCredentials());
                break;
            default:
                disconnect(DisconnectReason.PROTOCOL_ERROR, true, ProtocolMessages.ERR_LDAP_INVALID_BIND_AUTH_TYPE.get(Integer.valueOf(lDAPMessage.getMessageID()), bindRequestProtocolOp.getAuthenticationType()));
                return false;
        }
        try {
            addOperationInProgress(bindOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new BindResponseProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), bindOperationBasis.getResponseControls()));
            if (e.getResultCode() == ResultCode.PROTOCOL_ERROR) {
                disconnect(DisconnectReason.PROTOCOL_ERROR, true, ProtocolMessages.ERR_LDAP_DISCONNECT_DUE_TO_BIND_PROTOCOL_ERROR.get(Integer.valueOf(lDAPMessage.getMessageID()), e.getMessageObject()));
            }
        }
        return this.connectionValid;
    }

    private boolean processCompareRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && !list.isEmpty()) {
            sendLDAPMessage(lDAPMessage, new CompareResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get()));
            disconnectControlsNotAllowed();
            return false;
        }
        CompareRequestProtocolOp compareRequestProtocolOp = lDAPMessage.getCompareRequestProtocolOp();
        CompareOperationBasis compareOperationBasis = new CompareOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, compareRequestProtocolOp.getDN(), compareRequestProtocolOp.getAttributeType(), compareRequestProtocolOp.getAssertionValue());
        try {
            addOperationInProgress(compareOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new CompareResponseProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), compareOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processDeleteRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && !list.isEmpty()) {
            sendLDAPMessage(lDAPMessage, new DeleteResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get()));
            disconnectControlsNotAllowed();
            return false;
        }
        DeleteOperationBasis deleteOperationBasis = new DeleteOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, lDAPMessage.getDeleteRequestProtocolOp().getDN());
        try {
            addOperationInProgress(deleteOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new DeleteResponseProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), deleteOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processExtendedRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2) {
            LocalizableMessage localizableMessage = ProtocolMessages.ERR_LDAPV2_EXTENDED_REQUEST_NOT_ALLOWED.get(Long.valueOf(getConnectionID()), Integer.valueOf(lDAPMessage.getMessageID()));
            logger.error(localizableMessage);
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, localizableMessage);
            return false;
        }
        ExtendedRequestProtocolOp extendedRequestProtocolOp = lDAPMessage.getExtendedRequestProtocolOp();
        ExtendedOperationBasis extendedOperationBasis = new ExtendedOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, extendedRequestProtocolOp.getOID(), extendedRequestProtocolOp.getValue());
        try {
            addOperationInProgress(extendedOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ExtendedResponseProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), extendedOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processModifyRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && !list.isEmpty()) {
            sendLDAPMessage(lDAPMessage, new ModifyResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get()));
            disconnectControlsNotAllowed();
            return false;
        }
        ModifyRequestProtocolOp modifyRequestProtocolOp = lDAPMessage.getModifyRequestProtocolOp();
        ModifyOperationBasis modifyOperationBasis = new ModifyOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, modifyRequestProtocolOp.getDN(), modifyRequestProtocolOp.getModifications());
        try {
            addOperationInProgress(modifyOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ModifyResponseProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), modifyOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processModifyDNRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && !list.isEmpty()) {
            sendLDAPMessage(lDAPMessage, new ModifyDNResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get()));
            disconnectControlsNotAllowed();
            return false;
        }
        ModifyDNRequestProtocolOp modifyDNRequestProtocolOp = lDAPMessage.getModifyDNRequestProtocolOp();
        ModifyDNOperationBasis modifyDNOperationBasis = new ModifyDNOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, modifyDNRequestProtocolOp.getEntryDN(), modifyDNRequestProtocolOp.getNewRDN(), modifyDNRequestProtocolOp.deleteOldRDN(), modifyDNRequestProtocolOp.getNewSuperior());
        try {
            addOperationInProgress(modifyDNOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ModifyDNResponseProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), modifyDNOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processSearchRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && !list.isEmpty()) {
            sendLDAPMessage(lDAPMessage, new SearchResultDoneProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get()));
            disconnectControlsNotAllowed();
            return false;
        }
        SearchRequestProtocolOp searchRequestProtocolOp = lDAPMessage.getSearchRequestProtocolOp();
        SearchOperationBasis searchOperationBasis = new SearchOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, searchRequestProtocolOp.getBaseDN(), searchRequestProtocolOp.getScope(), searchRequestProtocolOp.getDereferencePolicy(), searchRequestProtocolOp.getSizeLimit(), searchRequestProtocolOp.getTimeLimit(), searchRequestProtocolOp.getTypesOnly(), searchRequestProtocolOp.getFilter(), searchRequestProtocolOp.getAttributes());
        try {
            addOperationInProgress(searchOperationBasis);
        } catch (DirectoryException e) {
            logger.traceException(e);
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new SearchResultDoneProtocolOp(e.getResultCode().intValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), searchOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processUnbindRequest(LDAPMessage lDAPMessage, List<Control> list) {
        new UnbindOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list).run();
        return false;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getMonitorSummary() {
        StringBuilder sb = new StringBuilder();
        sb.append("connID=\"");
        sb.append(this.connectionID);
        sb.append("\" connectTime=\"");
        sb.append(getConnectTimeString());
        sb.append("\" source=\"");
        sb.append(this.clientAddress);
        sb.append(":");
        sb.append(this.clientPort);
        sb.append("\" destination=\"");
        sb.append(this.serverAddress);
        sb.append(":");
        sb.append(this.connectionHandler.getListenPort());
        sb.append("\" ldapVersion=\"");
        sb.append(this.ldapVersion);
        sb.append("\" authDN=\"");
        DN authenticationDN = getAuthenticationInfo().getAuthenticationDN();
        if (authenticationDN != null) {
            sb.append(authenticationDN);
        }
        sb.append("\" security=\"");
        if (isSecure()) {
            if (this.tlsActiveProvider != null) {
                sb.append(this.tlsActiveProvider.getName());
            }
            if (this.saslActiveProvider != null) {
                if (this.tlsActiveProvider != null) {
                    sb.append(",");
                }
                sb.append(this.saslActiveProvider.getName());
            }
        } else {
            sb.append("none");
        }
        sb.append("\" opsInProgress=\"");
        sb.append(this.operationsInProgress.size());
        sb.append("\"");
        int size = getPersistentSearches().size();
        if (size > 0) {
            sb.append(" persistentSearches=\"");
            sb.append(size);
            sb.append("\"");
        }
        return sb.toString();
    }

    @Override // org.opends.server.api.ClientConnection
    public void toString(StringBuilder sb) {
        sb.append("LDAP client connection from ");
        sb.append(this.clientAddress);
        sb.append(":");
        sb.append(this.clientPort);
        sb.append(" to ");
        sb.append(this.serverAddress);
        sb.append(":");
        sb.append(this.serverPort);
    }

    @Override // org.opends.server.extensions.TLSCapableConnection
    public boolean prepareTLS(LocalizableMessageBuilder localizableMessageBuilder) {
        if (this.tlsActiveProvider != null) {
            localizableMessageBuilder.append(ProtocolMessages.ERR_LDAP_TLS_EXISTING_SECURITY_PROVIDER.get(this.tlsActiveProvider.getName()));
            return false;
        }
        if (!this.connectionHandler.allowStartTLS()) {
            localizableMessageBuilder.append(ProtocolMessages.ERR_LDAP_TLS_STARTTLS_NOT_ALLOWED.get());
            return false;
        }
        try {
            setTLSPendingProvider(this.connectionHandler.getTLSByteChannel(this.timeoutClientChannel));
            return true;
        } catch (DirectoryException e) {
            logger.traceException(e);
            localizableMessageBuilder.append(ProtocolMessages.ERR_LDAP_TLS_CANNOT_CREATE_TLS_PROVIDER.get(StaticUtils.stackTraceToSingleLineString(e)));
            return false;
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public long getIdleTime() {
        if (this.operationsInProgress.isEmpty() && getPersistentSearches().isEmpty()) {
            return TimeThread.getTime() - this.lastCompletionTime.get();
        }
        return 0L;
    }

    public void setTLSPendingProvider(ConnectionSecurityProvider connectionSecurityProvider) {
        this.tlsPendingProvider = connectionSecurityProvider;
    }

    public void setSASLPendingProvider(ConnectionSecurityProvider connectionSecurityProvider) {
        this.saslPendingProvider = connectionSecurityProvider;
    }

    private void enableTLS() {
        this.tlsActiveProvider = this.tlsPendingProvider;
        this.tlsChannel.redirect(this.tlsPendingProvider);
        this.tlsPendingProvider = null;
    }

    private void enableSSL(ConnectionSecurityProvider connectionSecurityProvider) {
        this.tlsActiveProvider = connectionSecurityProvider;
        this.tlsChannel.redirect(connectionSecurityProvider);
    }

    private void enableSASL() {
        this.saslActiveProvider = this.saslPendingProvider;
        this.saslChannel.redirect(this.saslPendingProvider);
        this.saslPendingProvider = null;
    }

    public Certificate[] getClientCertificateChain() {
        return this.tlsActiveProvider != null ? this.tlsActiveProvider.getClientCertificateChain() : this.saslActiveProvider != null ? this.saslActiveProvider.getClientCertificateChain() : new Certificate[0];
    }

    @Override // org.opends.server.api.ClientConnection
    public ByteChannel getChannel() {
        return this.tlsChannel;
    }

    @Override // org.opends.server.api.ClientConnection
    public int getSSF() {
        return Math.max(this.tlsActiveProvider != null ? this.tlsActiveProvider.getSSF() : 0, this.saslActiveProvider != null ? this.saslActiveProvider.getSSF() : 0);
    }

    @Override // org.opends.server.api.ClientConnection
    public void finishBind() {
        if (this.saslPendingProvider != null) {
            enableSASL();
        }
        super.finishBind();
    }

    @Override // org.opends.server.api.ClientConnection
    public void finishStartTLS() {
        if (this.tlsPendingProvider != null) {
            enableTLS();
        }
        super.finishStartTLS();
    }
}
