package org.opends.server.protocols.ldap;

import java.net.InetAddress;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
import org.opends.messages.CoreMessages;
import org.opends.messages.Message;
import org.opends.messages.MessageBuilder;
import org.opends.messages.ProtocolMessages;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ConnectionHandler;
import org.opends.server.authorization.dseecompat.Aci;
import org.opends.server.core.AbandonOperationBasis;
import org.opends.server.core.AddOperationBasis;
import org.opends.server.core.BindOperationBasis;
import org.opends.server.core.CompareOperationBasis;
import org.opends.server.core.DeleteOperationBasis;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.ExtendedOperationBasis;
import org.opends.server.core.ModifyDNOperationBasis;
import org.opends.server.core.ModifyOperationBasis;
import org.opends.server.core.PersistentSearch;
import org.opends.server.core.SearchOperation;
import org.opends.server.core.SearchOperationBasis;
import org.opends.server.core.UnbindOperationBasis;
import org.opends.server.core.networkgroups.NetworkGroup;
import org.opends.server.extensions.ConnectionSecurityProvider;
import org.opends.server.extensions.RedirectingByteChannel;
import org.opends.server.extensions.TLSCapableConnection;
import org.opends.server.loggers.AccessLogger;
import org.opends.server.loggers.ErrorLogger;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.asn1.ASN1;
import org.opends.server.protocols.asn1.ASN1ByteChannelReader;
import org.opends.server.protocols.asn1.ASN1Reader;
import org.opends.server.protocols.asn1.ASN1Writer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.tools.ToolConstants;
import org.opends.server.types.AbstractOperation;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.ByteString;
import org.opends.server.types.CancelRequest;
import org.opends.server.types.CancelResult;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.DisconnectReason;
import org.opends.server.types.IntermediateResponse;
import org.opends.server.types.Operation;
import org.opends.server.types.OperationType;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchResultReference;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.TimeThread;

/* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/protocols/ldap/LDAPClientConnection.class */
public class LDAPClientConnection extends ClientConnection implements TLSCapableConnection {
    private final AtomicLong lastCompletionTime;
    private final AtomicLong nextOperationID;
    private final AtomicReference<Selector> writeSelector;
    private volatile boolean connectionValid;
    private boolean disconnectRequested;
    private final boolean keepStats;
    private final ConcurrentHashMap<Integer, Operation> operationsInProgress;
    private long operationsPerformed;
    private final Object operationsPerformedLock;
    private final int clientPort;
    private int ldapVersion;
    private final int serverPort;
    private final LDAPConnectionHandler connectionHandler;
    private final LDAPRequestHandler requestHandler;
    private final LDAPStatistics statTracker;
    private boolean useNanoTime;
    private final long connectionID;
    private final Object opsInProgressLock;
    private final Object transmitLock;
    private final SocketChannel clientChannel;
    private final String clientAddress;
    private final String protocol;
    private final String serverAddress;
    private ASN1ByteChannelReader asn1Reader;
    private ASN1Writer asn1Writer;
    private final RedirectingByteChannel saslChannel;
    private final RedirectingByteChannel tlsChannel;
    private volatile ConnectionSecurityProvider activeProvider = null;
    private volatile ConnectionSecurityProvider tlsPendingProvider = null;
    private volatile ConnectionSecurityProvider saslPendingProvider = null;
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private static int APPLICATION_BUFFER_SIZE = Aci.TARGATTRFILTERS_ADD;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/OpenDS.jar:org/opends/server/protocols/ldap/LDAPClientConnection$ConnectionFinalizerJob.class */
    public static final class ConnectionFinalizerJob implements Runnable {
        private final ASN1Reader asn1Reader;
        private final SocketChannel socketChannel;

        private ConnectionFinalizerJob(long j, ASN1Reader aSN1Reader, SocketChannel socketChannel) {
            this.asn1Reader = aSN1Reader;
            this.socketChannel = socketChannel;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.asn1Reader.close();
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    LDAPClientConnection.TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
            }
            try {
                this.socketChannel.close();
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    LDAPClientConnection.TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
            }
        }
    }

    public LDAPClientConnection(LDAPConnectionHandler lDAPConnectionHandler, SocketChannel socketChannel, String str) {
        this.useNanoTime = false;
        this.connectionHandler = lDAPConnectionHandler;
        if (lDAPConnectionHandler.isAdminConnectionHandler()) {
            setNetworkGroup(NetworkGroup.getAdminNetworkGroup());
        }
        this.clientChannel = socketChannel;
        this.opsInProgressLock = new Object();
        this.transmitLock = new Object();
        this.ldapVersion = 3;
        this.requestHandler = null;
        this.lastCompletionTime = new AtomicLong(TimeThread.getTime());
        this.nextOperationID = new AtomicLong(0L);
        this.connectionValid = true;
        this.disconnectRequested = false;
        this.operationsInProgress = new ConcurrentHashMap<>();
        this.operationsPerformed = 0L;
        this.operationsPerformedLock = new Object();
        this.keepStats = lDAPConnectionHandler.keepStats();
        this.protocol = str;
        this.writeSelector = new AtomicReference<>();
        this.clientAddress = socketChannel.socket().getInetAddress().getHostAddress();
        this.clientPort = socketChannel.socket().getPort();
        this.serverAddress = socketChannel.socket().getLocalAddress().getHostAddress();
        this.serverPort = socketChannel.socket().getLocalPort();
        this.statTracker = this.connectionHandler.getStatTracker();
        if (this.keepStats) {
            this.statTracker.updateConnect();
            this.useNanoTime = DirectoryServer.getUseNanoTime();
        }
        this.tlsChannel = RedirectingByteChannel.getRedirectingByteChannel(socketChannel);
        this.saslChannel = RedirectingByteChannel.getRedirectingByteChannel(this.tlsChannel);
        this.asn1Reader = ASN1.getReader(this.saslChannel, APPLICATION_BUFFER_SIZE, lDAPConnectionHandler.getMaxRequestSize());
        this.connectionID = DirectoryServer.newConnectionAccepted(this);
        if (this.connectionID < 0) {
            disconnect(DisconnectReason.ADMIN_LIMIT_EXCEEDED, true, ProtocolMessages.ERR_LDAP_CONNHANDLER_REJECTED_BY_SERVER.get());
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public long getConnectionID() {
        return this.connectionID;
    }

    @Override // org.opends.server.api.ClientConnection
    public ConnectionHandler<?> getConnectionHandler() {
        return this.connectionHandler;
    }

    public LDAPRequestHandler getRequestHandler() {
        return this.requestHandler;
    }

    @Override // org.opends.server.api.ClientConnection
    public SocketChannel getSocketChannel() {
        return this.clientChannel;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getProtocol() {
        return this.protocol;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getClientAddress() {
        return this.clientAddress;
    }

    @Override // org.opends.server.api.ClientConnection
    public int getClientPort() {
        return this.clientPort;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getServerAddress() {
        return this.serverAddress;
    }

    @Override // org.opends.server.api.ClientConnection
    public int getServerPort() {
        return this.serverPort;
    }

    @Override // org.opends.server.api.ClientConnection
    public InetAddress getRemoteAddress() {
        return this.clientChannel.socket().getInetAddress();
    }

    @Override // org.opends.server.api.ClientConnection
    public InetAddress getLocalAddress() {
        return this.clientChannel.socket().getLocalAddress();
    }

    @Override // org.opends.server.api.ClientConnection
    public boolean isSecure() {
        if (this.activeProvider != null) {
            return this.activeProvider.isSecure();
        }
        return false;
    }

    public long nextOperationID() {
        return this.nextOperationID.getAndIncrement();
    }

    @Override // org.opends.server.api.ClientConnection
    public void sendResponse(Operation operation) {
        if (this.keepStats) {
            this.statTracker.updateOperationMonitoringData(operation.getOperationType(), this.useNanoTime ? operation.getProcessingNanoTime() : operation.getProcessingTime());
        }
        removeOperationInProgress(operation.getMessageID());
        LDAPMessage operationToResponseLDAPMessage = operationToResponseLDAPMessage(operation);
        if (operationToResponseLDAPMessage != null) {
            sendLDAPMessage(operationToResponseLDAPMessage);
        }
    }

    private LDAPMessage operationToResponseLDAPMessage(Operation operation) {
        List<String> referralURLs;
        ProtocolOp searchResultDoneProtocolOp;
        ResultCode resultCode = operation.getResultCode();
        if (resultCode == null) {
            ErrorLogger.logError(ProtocolMessages.ERR_LDAP_CLIENT_SEND_RESPONSE_NO_RESULT_CODE.get(operation.getOperationType().toString(), Long.valueOf(operation.getConnectionID()), Long.valueOf(operation.getOperationID())));
            resultCode = DirectoryServer.getServerErrorResultCode();
        }
        MessageBuilder errorMessage = operation.getErrorMessage();
        DN matchedDN = operation.getMatchedDN();
        if (this.ldapVersion == 2) {
            referralURLs = null;
            if (resultCode == ResultCode.REFERRAL) {
                resultCode = ResultCode.CONSTRAINT_VIOLATION;
                errorMessage.append(ProtocolMessages.ERR_LDAPV2_REFERRAL_RESULT_CHANGED.get());
            }
            List<String> referralURLs2 = operation.getReferralURLs();
            if (referralURLs2 != null && !referralURLs2.isEmpty()) {
                StringBuilder sb = new StringBuilder();
                Iterator<String> it = referralURLs2.iterator();
                sb.append(it.next());
                while (it.hasNext()) {
                    sb.append(", ");
                    sb.append(it.next());
                }
                errorMessage.append(ProtocolMessages.ERR_LDAPV2_REFERRALS_OMITTED.get(String.valueOf(sb)));
            }
        } else {
            referralURLs = operation.getReferralURLs();
        }
        switch (operation.getOperationType()) {
            case ADD:
                searchResultDoneProtocolOp = new AddResponseProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case BIND:
                searchResultDoneProtocolOp = new BindResponseProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs, ((BindOperationBasis) operation).getServerSASLCredentials());
                break;
            case COMPARE:
                searchResultDoneProtocolOp = new CompareResponseProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case DELETE:
                searchResultDoneProtocolOp = new DeleteResponseProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case EXTENDED:
                if (this.ldapVersion != 2) {
                    ExtendedOperationBasis extendedOperationBasis = (ExtendedOperationBasis) operation;
                    searchResultDoneProtocolOp = new ExtendedResponseProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs, extendedOperationBasis.getResponseOID(), extendedOperationBasis.getResponseValue());
                    break;
                } else {
                    ErrorLogger.logError(ProtocolMessages.ERR_LDAPV2_SKIPPING_EXTENDED_RESPONSE.get(Long.valueOf(getConnectionID()), Long.valueOf(operation.getOperationID()), String.valueOf(operation)));
                    return null;
                }
            case MODIFY:
                searchResultDoneProtocolOp = new ModifyResponseProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case MODIFY_DN:
                searchResultDoneProtocolOp = new ModifyDNResponseProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            case SEARCH:
                searchResultDoneProtocolOp = new SearchResultDoneProtocolOp(resultCode.getIntValue(), errorMessage.toMessage(), matchedDN, referralURLs);
                break;
            default:
                ErrorLogger.logError(ProtocolMessages.ERR_LDAP_CLIENT_SEND_RESPONSE_INVALID_OP.get(String.valueOf(operation.getOperationType()), Long.valueOf(getConnectionID()), Long.valueOf(operation.getOperationID()), String.valueOf(operation)));
                return null;
        }
        return new LDAPMessage(operation.getMessageID(), searchResultDoneProtocolOp, this.ldapVersion == 2 ? null : operation.getResponseControls());
    }

    @Override // org.opends.server.api.ClientConnection
    public void sendSearchEntry(SearchOperation searchOperation, SearchResultEntry searchResultEntry) {
        sendLDAPMessage(new LDAPMessage(searchOperation.getMessageID(), new SearchResultEntryProtocolOp(searchResultEntry, this.ldapVersion), searchResultEntry.getControls()));
    }

    @Override // org.opends.server.api.ClientConnection
    public boolean sendSearchReference(SearchOperation searchOperation, SearchResultReference searchResultReference) {
        if (this.ldapVersion == 2) {
            ErrorLogger.logError(ProtocolMessages.ERR_LDAPV2_SKIPPING_SEARCH_REFERENCE.get(Long.valueOf(getConnectionID()), Long.valueOf(searchOperation.getOperationID()), String.valueOf(searchResultReference)));
            return false;
        }
        sendLDAPMessage(new LDAPMessage(searchOperation.getMessageID(), new SearchResultReferenceProtocolOp(searchResultReference), searchResultReference.getControls()));
        return true;
    }

    @Override // org.opends.server.api.ClientConnection
    protected boolean sendIntermediateResponseMessage(IntermediateResponse intermediateResponse) {
        sendLDAPMessage(new LDAPMessage(intermediateResponse.getOperation().getMessageID(), new IntermediateResponseProtocolOp(intermediateResponse.getOID(), intermediateResponse.getValue()), intermediateResponse.getControls()));
        return this.connectionValid;
    }

    public void sendLDAPMessage(LDAPMessage lDAPMessage) {
        try {
            synchronized (this.transmitLock) {
                if (this.asn1Writer == null) {
                    if (isSecure()) {
                        this.asn1Writer = ASN1.getWriter(this.saslChannel, this.activeProvider.getAppBufSize());
                    } else {
                        this.asn1Writer = ASN1.getWriter(this.saslChannel, APPLICATION_BUFFER_SIZE);
                    }
                }
                lDAPMessage.write(this.asn1Writer);
                this.asn1Writer.flush();
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugProtocolElement(DebugLogLevel.VERBOSE, lDAPMessage.toString());
                }
                if (this.keepStats) {
                    this.statTracker.updateMessageWritten(lDAPMessage, Aci.TARGATTRFILTERS_ADD);
                }
            }
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            disconnect(DisconnectReason.SERVER_ERROR, false, null);
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public void disconnect(DisconnectReason disconnectReason, boolean z, Message message) {
        int i;
        synchronized (this.opsInProgressLock) {
            if (this.disconnectRequested) {
                return;
            }
            this.disconnectRequested = true;
            if (this.keepStats) {
                this.statTracker.updateDisconnect();
            }
            if (this.connectionID >= 0) {
                DirectoryServer.connectionClosed(this);
            }
            this.connectionValid = false;
            if (message != null) {
                MessageBuilder messageBuilder = new MessageBuilder();
                messageBuilder.append(disconnectReason.getClosureMessage());
                messageBuilder.append((CharSequence) ": ");
                messageBuilder.append(message);
                cancelAllOperations(new CancelRequest(true, messageBuilder.toMessage()));
            } else {
                cancelAllOperations(new CancelRequest(true, disconnectReason.getClosureMessage()));
            }
            finalizeConnectionInternal();
            Selector selector = this.writeSelector.get();
            if (selector != null) {
                try {
                    selector.close();
                } catch (Exception e) {
                }
            }
            if (z && this.ldapVersion != 2) {
                try {
                    switch (disconnectReason) {
                        case PROTOCOL_ERROR:
                            i = 2;
                            break;
                        case SERVER_SHUTDOWN:
                            i = 52;
                            break;
                        case SERVER_ERROR:
                            i = DirectoryServer.getServerErrorResultCode().getIntValue();
                            break;
                        case ADMIN_LIMIT_EXCEEDED:
                        case IDLE_TIME_LIMIT_EXCEEDED:
                        case MAX_REQUEST_SIZE_EXCEEDED:
                        case IO_TIMEOUT:
                            i = 11;
                            break;
                        case CONNECTION_REJECTED:
                            i = 19;
                            break;
                        default:
                            i = 80;
                            break;
                    }
                    sendLDAPMessage(new LDAPMessage(0, new ExtendedResponseProtocolOp(i, message == null ? ProtocolMessages.INFO_LDAP_CLIENT_GENERIC_NOTICE_OF_DISCONNECTION.get() : message, null, null, LDAPConstants.OID_NOTICE_OF_DISCONNECTION, null), null));
                } catch (Exception e2) {
                }
            }
            this.connectionHandler.registerConnectionFinalizer(new ConnectionFinalizerJob(this.connectionID, this.asn1Reader, this.clientChannel));
            AccessLogger.logDisconnect(this, disconnectReason, message);
            try {
                DirectoryServer.getPluginConfigManager().invokePostDisconnectPlugins(this, disconnectReason, message);
            } catch (Exception e3) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e3);
                }
            }
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public Collection<Operation> getOperationsInProgress() {
        return this.operationsInProgress.values();
    }

    @Override // org.opends.server.api.ClientConnection
    public Operation getOperationInProgress(int i) {
        return this.operationsInProgress.get(Integer.valueOf(i));
    }

    public void addOperationInProgress(AbstractOperation abstractOperation) throws DirectoryException {
        int messageID = abstractOperation.getMessageID();
        synchronized (this.opsInProgressLock) {
            try {
                if (this.disconnectRequested) {
                    throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, ProtocolMessages.WARN_LDAP_CLIENT_DISCONNECT_IN_PROGRESS.get());
                }
                if (this.operationsInProgress.get(Integer.valueOf(messageID)) != null) {
                    throw new DirectoryException(ResultCode.PROTOCOL_ERROR, ProtocolMessages.WARN_LDAP_CLIENT_DUPLICATE_MESSAGE_ID.get(Integer.valueOf(messageID)));
                }
                this.operationsInProgress.put(Integer.valueOf(messageID), abstractOperation);
                this.connectionHandler.getQueueingStrategy().enqueueRequest(abstractOperation);
            } catch (DirectoryException e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                this.operationsInProgress.remove(Integer.valueOf(messageID));
                this.lastCompletionTime.set(TimeThread.getTime());
                throw e;
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
                throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), ProtocolMessages.WARN_LDAP_CLIENT_CANNOT_ENQUEUE.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public boolean removeOperationInProgress(int i) {
        Operation remove = this.operationsInProgress.remove(Integer.valueOf(i));
        if (remove == null) {
            return false;
        }
        if (remove.getOperationType() == OperationType.ABANDON && this.keepStats && remove.getResultCode() == ResultCode.CANCELED) {
            this.statTracker.updateAbandonedOperation();
        }
        this.lastCompletionTime.set(TimeThread.getTime());
        return true;
    }

    @Override // org.opends.server.api.ClientConnection
    public CancelResult cancelOperation(int i, CancelRequest cancelRequest) {
        Operation operation = this.operationsInProgress.get(Integer.valueOf(i));
        if (operation != null) {
            return operation.cancel(cancelRequest);
        }
        for (PersistentSearch persistentSearch : getPersistentSearches()) {
            if (persistentSearch.getMessageID() == i) {
                return persistentSearch.cancel();
            }
        }
        return new CancelResult(ResultCode.NO_SUCH_OPERATION, null);
    }

    @Override // org.opends.server.api.ClientConnection
    public void cancelAllOperations(CancelRequest cancelRequest) {
        synchronized (this.opsInProgressLock) {
            try {
                Iterator<Operation> it = this.operationsInProgress.values().iterator();
                while (it.hasNext()) {
                    try {
                        it.next().abort(cancelRequest);
                        if (this.keepStats) {
                            this.statTracker.updateAbandonedOperation();
                        }
                    } catch (Exception e) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e);
                        }
                    }
                }
                if (!this.operationsInProgress.isEmpty() || !getPersistentSearches().isEmpty()) {
                    this.lastCompletionTime.set(TimeThread.getTime());
                }
                this.operationsInProgress.clear();
                Iterator<PersistentSearch> it2 = getPersistentSearches().iterator();
                while (it2.hasNext()) {
                    it2.next().cancel();
                }
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
            }
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public void cancelAllOperationsExcept(CancelRequest cancelRequest, int i) {
        synchronized (this.opsInProgressLock) {
            try {
                Iterator<Integer> it = this.operationsInProgress.keySet().iterator();
                while (it.hasNext()) {
                    int intValue = it.next().intValue();
                    if (intValue != i) {
                        Operation operation = this.operationsInProgress.get(Integer.valueOf(intValue));
                        if (operation != null) {
                            try {
                                operation.abort(cancelRequest);
                                if (this.keepStats) {
                                    this.statTracker.updateAbandonedOperation();
                                }
                            } catch (Exception e) {
                                if (DebugLogger.debugEnabled()) {
                                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                                }
                            }
                        }
                        this.operationsInProgress.remove(Integer.valueOf(intValue));
                        this.lastCompletionTime.set(TimeThread.getTime());
                    }
                }
                for (PersistentSearch persistentSearch : getPersistentSearches()) {
                    if (persistentSearch.getMessageID() != i) {
                        persistentSearch.cancel();
                        this.lastCompletionTime.set(TimeThread.getTime());
                    }
                }
            } catch (Exception e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
            }
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public Selector getWriteSelector() {
        Selector selector = this.writeSelector.get();
        if (selector == null) {
            try {
                selector = Selector.open();
                if (!this.writeSelector.compareAndSet(null, selector)) {
                    selector.close();
                    selector = this.writeSelector.get();
                }
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
            }
        }
        return selector;
    }

    @Override // org.opends.server.api.ClientConnection
    public long getMaxBlockedWriteTimeLimit() {
        return this.connectionHandler.getMaxBlockedWriteTimeLimit();
    }

    @Override // org.opends.server.api.ClientConnection
    public long getNumberOfOperations() {
        long j;
        synchronized (this.operationsPerformedLock) {
            j = this.operationsPerformed;
        }
        return j;
    }

    public boolean processDataRead() {
        while (!this.bindOrStartTLSInProgress.get()) {
            try {
                int processChannelData = this.asn1Reader.processChannelData();
                if (processChannelData < 0) {
                    disconnect(DisconnectReason.CLIENT_DISCONNECT, false, null);
                    return false;
                }
                if (processChannelData == 0) {
                    return true;
                }
                while (this.asn1Reader.elementAvailable()) {
                    if (!processLDAPMessage(LDAPReader.readMessage(this.asn1Reader))) {
                        return false;
                    }
                }
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAP_CLIENT_DECODE_LDAP_MESSAGE_FAILED.get(String.valueOf(e)));
                return false;
            }
        }
        return true;
    }

    private boolean processLDAPMessage(LDAPMessage lDAPMessage) {
        if (this.keepStats) {
            this.statTracker.updateMessageRead(lDAPMessage);
            getNetworkGroup().updateMessageRead(lDAPMessage);
        }
        synchronized (this.operationsPerformedLock) {
            this.operationsPerformed++;
        }
        List<Control> controls = lDAPMessage.getControls();
        try {
            if (this.bindOrStartTLSInProgress.get() || (this.saslBindInProgress.get() && lDAPMessage.getProtocolOpType() != 96)) {
                throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, CoreMessages.ERR_ENQUEUE_BIND_IN_PROGRESS.get());
            }
            switch (lDAPMessage.getProtocolOpType()) {
                case 66:
                    return processUnbindRequest(lDAPMessage, controls);
                case LDAPConstants.OP_TYPE_DELETE_REQUEST /* 74 */:
                    return processDeleteRequest(lDAPMessage, controls);
                case 80:
                    return processAbandonRequest(lDAPMessage, controls);
                case 96:
                    this.bindOrStartTLSInProgress.set(true);
                    if (lDAPMessage.getBindRequestProtocolOp().getAuthenticationType() == AuthenticationType.SASL) {
                        this.saslBindInProgress.set(true);
                    }
                    boolean processBindRequest = processBindRequest(lDAPMessage, controls);
                    if (!processBindRequest) {
                        this.bindOrStartTLSInProgress.set(false);
                        if (lDAPMessage.getBindRequestProtocolOp().getAuthenticationType() == AuthenticationType.SASL) {
                            this.saslBindInProgress.set(false);
                        }
                    }
                    return processBindRequest;
                case 99:
                    return processSearchRequest(lDAPMessage, controls);
                case 102:
                    return processModifyRequest(lDAPMessage, controls);
                case 104:
                    return processAddRequest(lDAPMessage, controls);
                case 108:
                    return processModifyDNRequest(lDAPMessage, controls);
                case 110:
                    return processCompareRequest(lDAPMessage, controls);
                case 119:
                    if (lDAPMessage.getExtendedRequestProtocolOp().getOID().equals(ServerConstants.OID_START_TLS_REQUEST)) {
                        this.bindOrStartTLSInProgress.set(true);
                    }
                    boolean processExtendedRequest = processExtendedRequest(lDAPMessage, controls);
                    if (!processExtendedRequest && lDAPMessage.getExtendedRequestProtocolOp().getOID().equals(ServerConstants.OID_START_TLS_REQUEST)) {
                        this.bindOrStartTLSInProgress.set(false);
                    }
                    return processExtendedRequest;
                default:
                    disconnect(DisconnectReason.PROTOCOL_ERROR, true, ProtocolMessages.ERR_LDAP_DISCONNECT_DUE_TO_INVALID_REQUEST_TYPE.get(lDAPMessage.getProtocolOpName(), Integer.valueOf(lDAPMessage.getMessageID())));
                    return false;
            }
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            disconnect(DisconnectReason.SERVER_ERROR, true, ProtocolMessages.ERR_LDAP_DISCONNECT_DUE_TO_PROCESSING_FAILURE.get(lDAPMessage.getProtocolOpName(), Integer.valueOf(lDAPMessage.getMessageID()), String.valueOf(e)));
            return false;
        }
    }

    private boolean processAbandonRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && list != null && !list.isEmpty()) {
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
            return false;
        }
        try {
            addOperationInProgress(new AbandonOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, lDAPMessage.getAbandonRequestProtocolOp().getIDToAbandon()));
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
        }
        return this.connectionValid;
    }

    private boolean processAddRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && list != null && !list.isEmpty()) {
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new AddResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get())));
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
            return false;
        }
        AddRequestProtocolOp addRequestProtocolOp = lDAPMessage.getAddRequestProtocolOp();
        AddOperationBasis addOperationBasis = new AddOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, addRequestProtocolOp.getDN(), addRequestProtocolOp.getAttributes());
        try {
            addOperationInProgress(addOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new AddResponseProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), addOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processBindRequest(LDAPMessage lDAPMessage, List<Control> list) {
        String str;
        BindOperationBasis bindOperationBasis;
        BindRequestProtocolOp bindRequestProtocolOp = lDAPMessage.getBindRequestProtocolOp();
        int protocolVersion = bindRequestProtocolOp.getProtocolVersion();
        this.ldapVersion = protocolVersion;
        switch (protocolVersion) {
            case 2:
                str = "2";
                if (!this.connectionHandler.allowLDAPv2()) {
                    sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new BindResponseProtocolOp(48, ProtocolMessages.ERR_LDAPV2_CLIENTS_NOT_ALLOWED.get())));
                    disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CLIENTS_NOT_ALLOWED.get());
                    return false;
                }
                if (list != null && !list.isEmpty()) {
                    sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new BindResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get())));
                    disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
                    return false;
                }
                break;
            case 3:
                str = InternalClientConnection.PROTOCOL_VERSION;
                break;
            default:
                sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new BindResponseProtocolOp(2, ProtocolMessages.ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(Integer.valueOf(this.ldapVersion)))));
                disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION.get(Integer.valueOf(this.ldapVersion)));
                return false;
        }
        ByteString dn = bindRequestProtocolOp.getDN();
        switch (bindRequestProtocolOp.getAuthenticationType()) {
            case SIMPLE:
                bindOperationBasis = new BindOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, str, dn, bindRequestProtocolOp.getSimplePassword());
                break;
            case SASL:
                bindOperationBasis = new BindOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, str, dn, bindRequestProtocolOp.getSASLMechanism(), bindRequestProtocolOp.getSASLCredentials());
                break;
            default:
                disconnect(DisconnectReason.PROTOCOL_ERROR, true, ProtocolMessages.ERR_LDAP_INVALID_BIND_AUTH_TYPE.get(Integer.valueOf(lDAPMessage.getMessageID()), String.valueOf(bindRequestProtocolOp.getAuthenticationType())));
                return false;
        }
        try {
            addOperationInProgress(bindOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new BindResponseProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), bindOperationBasis.getResponseControls()));
            if (e.getResultCode() == ResultCode.PROTOCOL_ERROR) {
                disconnect(DisconnectReason.PROTOCOL_ERROR, true, ProtocolMessages.ERR_LDAP_DISCONNECT_DUE_TO_BIND_PROTOCOL_ERROR.get(Integer.valueOf(lDAPMessage.getMessageID()), e.getMessageObject()));
            }
        }
        return this.connectionValid;
    }

    private boolean processCompareRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && list != null && !list.isEmpty()) {
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new CompareResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get())));
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
            return false;
        }
        CompareRequestProtocolOp compareRequestProtocolOp = lDAPMessage.getCompareRequestProtocolOp();
        CompareOperationBasis compareOperationBasis = new CompareOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, compareRequestProtocolOp.getDN(), compareRequestProtocolOp.getAttributeType(), compareRequestProtocolOp.getAssertionValue());
        try {
            addOperationInProgress(compareOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new CompareResponseProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), compareOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processDeleteRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && list != null && !list.isEmpty()) {
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new DeleteResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get())));
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
            return false;
        }
        DeleteOperationBasis deleteOperationBasis = new DeleteOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, lDAPMessage.getDeleteRequestProtocolOp().getDN());
        try {
            addOperationInProgress(deleteOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new DeleteResponseProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), deleteOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processExtendedRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2) {
            Message message = ProtocolMessages.ERR_LDAPV2_EXTENDED_REQUEST_NOT_ALLOWED.get(Long.valueOf(getConnectionID()), Integer.valueOf(lDAPMessage.getMessageID()));
            ErrorLogger.logError(message);
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, message);
            return false;
        }
        ExtendedRequestProtocolOp extendedRequestProtocolOp = lDAPMessage.getExtendedRequestProtocolOp();
        ExtendedOperationBasis extendedOperationBasis = new ExtendedOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, extendedRequestProtocolOp.getOID(), extendedRequestProtocolOp.getValue());
        try {
            addOperationInProgress(extendedOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ExtendedResponseProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), extendedOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processModifyRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && list != null && !list.isEmpty()) {
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ModifyResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get())));
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
            return false;
        }
        ModifyRequestProtocolOp modifyRequestProtocolOp = lDAPMessage.getModifyRequestProtocolOp();
        ModifyOperationBasis modifyOperationBasis = new ModifyOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, modifyRequestProtocolOp.getDN(), modifyRequestProtocolOp.getModifications());
        try {
            addOperationInProgress(modifyOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ModifyResponseProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), modifyOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processModifyDNRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && list != null && !list.isEmpty()) {
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ModifyDNResponseProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get())));
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
            return false;
        }
        ModifyDNRequestProtocolOp modifyDNRequestProtocolOp = lDAPMessage.getModifyDNRequestProtocolOp();
        ModifyDNOperationBasis modifyDNOperationBasis = new ModifyDNOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, modifyDNRequestProtocolOp.getEntryDN(), modifyDNRequestProtocolOp.getNewRDN(), modifyDNRequestProtocolOp.deleteOldRDN(), modifyDNRequestProtocolOp.getNewSuperior());
        try {
            addOperationInProgress(modifyDNOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new ModifyDNResponseProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), modifyDNOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processSearchRequest(LDAPMessage lDAPMessage, List<Control> list) {
        if (this.ldapVersion == 2 && list != null && !list.isEmpty()) {
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new SearchResultDoneProtocolOp(2, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get())));
            disconnect(DisconnectReason.PROTOCOL_ERROR, false, ProtocolMessages.ERR_LDAPV2_CONTROLS_NOT_ALLOWED.get());
            return false;
        }
        SearchRequestProtocolOp searchRequestProtocolOp = lDAPMessage.getSearchRequestProtocolOp();
        SearchOperationBasis searchOperationBasis = new SearchOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list, searchRequestProtocolOp.getBaseDN(), searchRequestProtocolOp.getScope(), searchRequestProtocolOp.getDereferencePolicy(), searchRequestProtocolOp.getSizeLimit(), searchRequestProtocolOp.getTimeLimit(), searchRequestProtocolOp.getTypesOnly(), searchRequestProtocolOp.getFilter(), searchRequestProtocolOp.getAttributes());
        try {
            addOperationInProgress(searchOperationBasis);
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            sendLDAPMessage(new LDAPMessage(lDAPMessage.getMessageID(), new SearchResultDoneProtocolOp(e.getResultCode().getIntValue(), e.getMessageObject(), e.getMatchedDN(), e.getReferralURLs()), searchOperationBasis.getResponseControls()));
        }
        return this.connectionValid;
    }

    private boolean processUnbindRequest(LDAPMessage lDAPMessage, List<Control> list) {
        new UnbindOperationBasis(this, this.nextOperationID.getAndIncrement(), lDAPMessage.getMessageID(), list).run();
        return false;
    }

    @Override // org.opends.server.api.ClientConnection
    public String getMonitorSummary() {
        StringBuilder sb = new StringBuilder();
        sb.append("connID=\"");
        sb.append(this.connectionID);
        sb.append("\" connectTime=\"");
        sb.append(getConnectTimeString());
        sb.append("\" source=\"");
        sb.append(this.clientAddress);
        sb.append(ToolConstants.LIST_TABLE_SEPARATOR);
        sb.append(this.clientPort);
        sb.append("\" destination=\"");
        sb.append(this.serverAddress);
        sb.append(ToolConstants.LIST_TABLE_SEPARATOR);
        sb.append(this.connectionHandler.getListenPort());
        sb.append("\" ldapVersion=\"");
        sb.append(this.ldapVersion);
        sb.append("\" authDN=\"");
        DN authenticationDN = getAuthenticationInfo().getAuthenticationDN();
        if (authenticationDN != null) {
            authenticationDN.toString(sb);
        }
        sb.append("\" security=\"");
        if (isSecure()) {
            sb.append(this.activeProvider.getName());
        } else {
            sb.append("none");
        }
        sb.append("\" opsInProgress=\"");
        sb.append(this.operationsInProgress.size());
        sb.append("\"");
        return sb.toString();
    }

    @Override // org.opends.server.api.ClientConnection
    public void toString(StringBuilder sb) {
        sb.append("LDAP client connection from ");
        sb.append(this.clientAddress);
        sb.append(ToolConstants.LIST_TABLE_SEPARATOR);
        sb.append(this.clientPort);
        sb.append(" to ");
        sb.append(this.serverAddress);
        sb.append(ToolConstants.LIST_TABLE_SEPARATOR);
        sb.append(this.serverPort);
    }

    @Override // org.opends.server.extensions.TLSCapableConnection
    public boolean isTLSAvailable(MessageBuilder messageBuilder) {
        if (isSecure() && this.activeProvider.getName().equals("TLS")) {
            messageBuilder.append(ProtocolMessages.ERR_LDAP_TLS_EXISTING_SECURITY_PROVIDER.get(this.activeProvider.getName()));
            return false;
        }
        if (!this.connectionHandler.allowStartTLS()) {
            messageBuilder.append(ProtocolMessages.ERR_LDAP_TLS_STARTTLS_NOT_ALLOWED.get());
            return false;
        }
        try {
            setTLSPendingProvider(this.connectionHandler.getTLSByteChannel(this, this.clientChannel));
            return true;
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            messageBuilder.append(ProtocolMessages.ERR_LDAP_TLS_CANNOT_CREATE_TLS_PROVIDER.get(StaticUtils.stackTraceToSingleLineString(e)));
            return false;
        }
    }

    @Override // org.opends.server.api.ClientConnection
    public long getIdleTime() {
        if (this.operationsInProgress.isEmpty() && getPersistentSearches().isEmpty()) {
            return TimeThread.getTime() - this.lastCompletionTime.get();
        }
        return 0L;
    }

    public void setTLSPendingProvider(ConnectionSecurityProvider connectionSecurityProvider) {
        this.tlsPendingProvider = connectionSecurityProvider;
    }

    public void setSASLPendingProvider(ConnectionSecurityProvider connectionSecurityProvider) {
        this.saslPendingProvider = connectionSecurityProvider;
    }

    public void enableTLS() {
        this.asn1Reader = ASN1.getReader(this.saslChannel, this.tlsPendingProvider.getAppBufSize(), this.connectionHandler.getMaxRequestSize());
        this.activeProvider = this.tlsPendingProvider;
        this.tlsChannel.redirect(this.tlsPendingProvider);
        this.tlsPendingProvider = null;
    }

    public void enableSSL(ConnectionSecurityProvider connectionSecurityProvider) {
        this.asn1Reader = ASN1.getReader(this.saslChannel, connectionSecurityProvider.getAppBufSize(), this.connectionHandler.getMaxRequestSize());
        this.activeProvider = connectionSecurityProvider;
        this.tlsChannel.redirect(connectionSecurityProvider);
    }

    public void enableSASL() {
        this.activeProvider = this.saslPendingProvider;
        this.saslChannel.redirect(this.saslPendingProvider);
        this.asn1Reader = ASN1.getReader(this.saslChannel, this.saslPendingProvider.getAppBufSize(), this.connectionHandler.getMaxRequestSize());
        this.saslPendingProvider = null;
    }

    public Certificate[] getClientCertificateChain() {
        return this.activeProvider != null ? this.activeProvider.getClientCertificateChain() : new Certificate[0];
    }

    @Override // org.opends.server.api.ClientConnection
    public RedirectingByteChannel getChannel() {
        return this.tlsChannel;
    }

    @Override // org.opends.server.api.ClientConnection
    public int getSSF() {
        if (this.activeProvider != null) {
            return this.activeProvider.getSSF();
        }
        return 0;
    }

    @Override // org.opends.server.api.ClientConnection
    public int getAppBufferSize() {
        return this.activeProvider != null ? this.activeProvider.getAppBufSize() : APPLICATION_BUFFER_SIZE;
    }

    @Override // org.opends.server.api.ClientConnection
    public void finishBindOrStartTLS() {
        if (this.tlsPendingProvider != null) {
            enableTLS();
        }
        if (this.saslPendingProvider != null) {
            enableSASL();
        }
        super.finishBindOrStartTLS();
    }
}
