package com.gemstone.gemfire.internal.cache.tier.sockets;

import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.InternalGemFireException;
import com.gemstone.gemfire.cache.GatewayConfigurationException;
import com.gemstone.gemfire.cache.client.ServerRefusedConnectionException;
import com.gemstone.gemfire.cache.client.internal.Connection;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.DistributedSystem;
import com.gemstone.gemfire.distributed.internal.DM;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.distributed.internal.LonerDistributionManager;
import com.gemstone.gemfire.distributed.internal.ServerLocation;
import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
import com.gemstone.gemfire.internal.ClassLoadUtil;
import com.gemstone.gemfire.internal.HeapDataOutputStream;
import com.gemstone.gemfire.internal.InternalDataSerializer;
import com.gemstone.gemfire.internal.InternalInstantiator;
import com.gemstone.gemfire.internal.SocketUtils;
import com.gemstone.gemfire.internal.Version;
import com.gemstone.gemfire.internal.VersionedDataInputStream;
import com.gemstone.gemfire.internal.VersionedDataOutputStream;
import com.gemstone.gemfire.internal.cache.tier.ClientHandShake;
import com.gemstone.gemfire.internal.cache.tier.ConnectionProxy;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.pdx.internal.PeerTypeRegistration;
import com.gemstone.gemfire.security.AuthInitialize;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
import com.gemstone.gemfire.security.Authenticator;
import com.gemstone.gemfire.security.GemFireSecurityException;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.DataOutput;
import java.io.DataOutputStream;
import java.io.EOFException;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLSocket;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.class */
public class HandShake implements ClientHandShake {
    protected static final byte REPLY_OK = 59;
    protected static final byte REPLY_REFUSED = 60;
    protected static final byte REPLY_INVALID = 61;
    protected static final byte REPLY_EXCEPTION_AUTHENTICATION_REQUIRED = 62;
    protected static final byte REPLY_EXCEPTION_AUTHENTICATION_FAILED = 63;
    protected static final byte REPLY_EXCEPTION_DUPLICATE_DURABLE_CLIENT = 64;
    protected static final byte REPLY_WAN_CREDENTIALS = 65;
    protected static final byte REPLY_AUTH_NOT_REQUIRED = 66;
    private byte code;
    private int clientReadTimeout;
    private boolean isRead;
    protected final DistributedSystem system;
    private static HandShake handshake;
    protected final ClientProxyMembershipID id;
    private Properties credentials;
    private Version clientVersion;
    public static final byte CREDENTIALS_NONE = 0;
    public static final byte CREDENTIALS_NORMAL = 1;
    public static final byte CREDENTIALS_DHENCRYPT = 2;
    public static final byte SECURITY_MULTIUSER_NOTIFICATIONCHANNEL = 3;
    private byte appSecureMode;
    private PublicKey clientPublicKey;
    private String clientSKAlgo;
    private boolean multiuserSecureMode;
    private static final int dhL = 1023;
    public static final String PUBLIC_KEY_FILE_PROP = "security-client-kspath";
    public static final String PUBLIC_KEY_PASSWD_PROP = "security-client-kspasswd";
    public static final String PRIVATE_KEY_FILE_PROP = "security-server-kspath";
    public static final String PRIVATE_KEY_ALIAS_PROP = "security-server-ksalias";
    public static final String PRIVATE_KEY_PASSWD_PROP = "security-server-kspasswd";
    public static final byte CONFLATION_DEFAULT = 0;
    public static final byte CONFLATION_ON = 1;
    public static final byte CONFLATION_OFF = 2;
    private byte clientConflation;
    private byte[] overrides;
    private Cipher _encrypt;
    private Cipher _decrypt;
    private static final Logger logger = LogService.getLogger();
    private static boolean deltaEnabledOnServer = true;
    private static final BigInteger dhP = new BigInteger("135287020639910739997189928970717021771311421882765429190887700940242697307989907008041927806610978529253822307916592536509818186767394634756714063947534092593553024224277712367371302394452615862654308111809029797196494501056604787763641987260783383085570220968104473500348898008043285865193451061481841186553");
    private static final BigInteger dhG = new BigInteger("130583456807197150961665134075139695376245536366239321690167044250081505657615277976871655435431431908701485776974110415733273525810283593126577393912282416840649805564834470583437473176415335737232689814802018696718110109967325936556664646275595822588612548788965341273697569202082715873518528062345259949959");
    private static PrivateKey dhPrivateKey = null;
    private static PublicKey dhPublicKey = null;
    private static String dhSKAlgo = null;
    private static String certificateFilePath = null;
    private static HashMap certificateMap = null;
    private static String privateKeyAlias = null;
    private static String privateKeySubject = null;
    private static PrivateKey privateKeyEncrypt = null;
    private static String privateKeySignAlgo = null;
    private static SecureRandom random = null;
    public static byte clientConflationForTesting = 0;
    public static boolean setClientConflationForTesting = false;
    private static Version currentClientVersion = ConnectionProxy.VERSION;
    private static short overrideClientVersion = -1;

    public HandShake(Socket socket, int i, DistributedSystem distributedSystem, Version version, byte b) throws IOException, AuthenticationRequiredException {
        this.clientReadTimeout = 10000;
        this.isRead = false;
        this.appSecureMode = (byte) 0;
        this.clientPublicKey = null;
        this.clientSKAlgo = null;
        this.multiuserSecureMode = false;
        this.clientConflation = (byte) 0;
        this.overrides = null;
        this._decrypt = null;
        this.clientVersion = version;
        this.system = distributedSystem;
        int i2 = -1;
        try {
            i2 = socket.getSoTimeout();
            socket.setSoTimeout(i);
            InputStream inputStream = SocketUtils.getInputStream(socket);
            int read = inputStream.read();
            if (read == -1) {
                throw new EOFException(LocalizedStrings.HandShake_HANDSHAKE_EOF_REACHED_BEFORE_CLIENT_CODE_COULD_BE_READ.toLocalizedString());
            }
            this.code = (byte) read;
            if (this.code != 59) {
                throw new IOException(LocalizedStrings.HandShake_HANDSHAKE_REPLY_CODE_IS_NOT_OK.toLocalizedString());
            }
            try {
                DataInputStream dataInputStream = new DataInputStream(inputStream);
                DataOutputStream dataOutputStream = new DataOutputStream(SocketUtils.getOutputStream(socket));
                this.clientReadTimeout = dataInputStream.readInt();
                if (version.compareTo(Version.CURRENT) < 0) {
                    dataInputStream = new VersionedDataInputStream(dataInputStream, version);
                    dataOutputStream = new VersionedDataOutputStream(dataOutputStream, version);
                }
                this.id = ClientProxyMembershipID.readCanonicalized(dataInputStream);
                String property = this.system.getProperties().getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME);
                if (version.compareTo(Version.GFE_603) >= 0) {
                    setOverrides(new byte[]{dataInputStream.readByte()});
                } else {
                    setClientConflation(dataInputStream.readByte());
                }
                if (this.clientVersion.compareTo(Version.GFE_65) < 0 || b == 103) {
                    this.credentials = readCredentials(dataInputStream, dataOutputStream, property, distributedSystem);
                } else {
                    this.credentials = readCredential(dataInputStream, dataOutputStream, property, distributedSystem);
                }
                if (i2 != -1) {
                    try {
                        socket.setSoTimeout(i2);
                    } catch (IOException e) {
                    }
                }
            } catch (IOException e2) {
                this.code = (byte) -2;
                throw e2;
            } catch (ClassNotFoundException e3) {
                this.code = (byte) -3;
                throw new IOException(LocalizedStrings.HandShake_CLIENTPROXYMEMBERSHIPID_CLASS_COULD_NOT_BE_FOUND_WHILE_DESERIALIZING_THE_OBJECT.toLocalizedString());
            }
        } catch (Throwable th) {
            if (i2 != -1) {
                try {
                    socket.setSoTimeout(i2);
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }

    public final Version getClientVersion() {
        return this.clientVersion;
    }

    public HandShake(ClientProxyMembershipID clientProxyMembershipID, DistributedSystem distributedSystem) {
        this.clientReadTimeout = 10000;
        this.isRead = false;
        this.appSecureMode = (byte) 0;
        this.clientPublicKey = null;
        this.clientSKAlgo = null;
        this.multiuserSecureMode = false;
        this.clientConflation = (byte) 0;
        this.overrides = null;
        this._decrypt = null;
        this.id = clientProxyMembershipID;
        this.code = (byte) 59;
        this.system = distributedSystem;
        setOverrides();
        this.credentials = null;
    }

    public void updateProxyID(InternalDistributedMember internalDistributedMember) {
        this.id.updateID(internalDistributedMember);
    }

    public HandShake(HandShake handShake) {
        this.clientReadTimeout = 10000;
        this.isRead = false;
        this.appSecureMode = (byte) 0;
        this.clientPublicKey = null;
        this.clientSKAlgo = null;
        this.multiuserSecureMode = false;
        this.clientConflation = (byte) 0;
        this.overrides = null;
        this._decrypt = null;
        this.appSecureMode = handShake.appSecureMode;
        this.clientConflation = handShake.clientConflation;
        this.clientPublicKey = null;
        this.clientReadTimeout = handShake.clientReadTimeout;
        this.clientSKAlgo = null;
        this.clientVersion = handShake.clientVersion;
        this.code = handShake.code;
        this.credentials = handShake.credentials;
        this.isRead = handShake.isRead;
        this.multiuserSecureMode = handShake.multiuserSecureMode;
        this.overrides = handShake.overrides;
        this.system = handShake.system;
        this.id = handShake.id;
        this._decrypt = null;
        this._encrypt = null;
    }

    private byte setClientConflation() {
        byte b = 0;
        String property = this.system.getProperties().getProperty(DistributionConfig.CLIENT_CONFLATION_PROP_NAME);
        if (DistributionConfig.CLIENT_CONFLATION_PROP_VALUE_ON.equalsIgnoreCase(property)) {
            b = 1;
        } else if ("false".equalsIgnoreCase(property)) {
            b = 2;
        }
        return b;
    }

    private void setClientConflation(byte b) {
        this.clientConflation = b;
        switch (this.clientConflation) {
            case 0:
            case 1:
            case 2:
                return;
            default:
                throw new IllegalArgumentException("Illegal clientConflation");
        }
    }

    private void setOverrides() {
        this.clientConflation = setClientConflation();
        if (currentClientVersion.compareTo(Version.GFE_603) >= 0) {
            this.overrides = new byte[]{this.clientConflation};
        }
    }

    private void setOverrides(byte[] bArr) {
        setClientConflation((byte) (bArr[0] & 3));
    }

    public static byte[] extractOverrides(byte[] bArr) {
        byte b = bArr[0];
        byte[] bArr2 = new byte[1];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = (byte) (b & 3);
            b = (byte) (b >>> 2);
        }
        return bArr2;
    }

    public static void setVersionForTesting(short s) {
        if (s > Version.CURRENT_ORDINAL) {
            overrideClientVersion = s;
        } else {
            currentClientVersion = Version.fromOrdinalOrCurrent(s);
            overrideClientVersion = (short) -1;
        }
    }

    public byte write(DataOutputStream dataOutputStream, DataInputStream dataInputStream, byte b, int i, int i2, List list, Properties properties, DistributedMember distributedMember, boolean z) throws IOException {
        HeapDataOutputStream heapDataOutputStream = new HeapDataOutputStream(32, Version.CURRENT);
        byte b2 = -1;
        try {
            heapDataOutputStream.writeByte(b);
            if (overrideClientVersion > 0) {
                Version.writeOrdinal((DataOutput) heapDataOutputStream, overrideClientVersion, true);
            } else {
                Version.writeOrdinal((DataOutput) heapDataOutputStream, currentClientVersion.ordinal(), true);
            }
            heapDataOutputStream.writeByte(i);
            if (list != null) {
                heapDataOutputStream.writeInt(list.size());
                for (int i3 = 0; i3 < list.size(); i3++) {
                    heapDataOutputStream.writeInt(Integer.parseInt((String) list.get(i3)));
                }
            } else {
                heapDataOutputStream.writeInt(i2);
            }
            DataSerializer.writeObject(this.id, new VersionedDataOutputStream(heapDataOutputStream, Version.GFE_82));
            if (currentClientVersion.compareTo(Version.GFE_603) >= 0) {
                for (int i4 = 0; i4 < this.overrides.length; i4++) {
                    heapDataOutputStream.writeByte(this.overrides[i4]);
                }
            } else if (setClientConflationForTesting) {
                heapDataOutputStream.writeByte(clientConflationForTesting);
            } else {
                heapDataOutputStream.writeByte(this.clientConflation);
            }
            if (!z && b != 103) {
                b2 = writeCredential(dataOutputStream, dataInputStream, this.system.getProperties().getProperty(DistributionConfig.SECURITY_CLIENT_AUTH_INIT_NAME), list != null, distributedMember, heapDataOutputStream);
            } else if (z && this.multiuserSecureMode && b != 103) {
                heapDataOutputStream.writeByte(3);
                heapDataOutputStream.flush();
                dataOutputStream.write(heapDataOutputStream.toByteArray());
                dataOutputStream.flush();
            } else {
                writeCredentials(dataOutputStream, dataInputStream, properties, list != null, distributedMember, heapDataOutputStream);
            }
            return b2;
        } finally {
            heapDataOutputStream.close();
        }
    }

    public void writeCredentials(DataOutputStream dataOutputStream, DataInputStream dataInputStream, Properties properties, boolean z, DistributedMember distributedMember) throws IOException, GemFireSecurityException {
        HeapDataOutputStream heapDataOutputStream = new HeapDataOutputStream(32, Version.CURRENT);
        try {
            writeCredentials(dataOutputStream, dataInputStream, properties, z, distributedMember, heapDataOutputStream);
            heapDataOutputStream.close();
        } catch (Throwable th) {
            heapDataOutputStream.close();
            throw th;
        }
    }

    public void writeCredentials(DataOutputStream dataOutputStream, DataInputStream dataInputStream, Properties properties, boolean z, DistributedMember distributedMember, HeapDataOutputStream heapDataOutputStream) throws IOException, GemFireSecurityException {
        if (properties == null) {
            heapDataOutputStream.writeByte(0);
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            return;
        }
        if (dhSKAlgo == null || dhSKAlgo.length() == 0) {
            heapDataOutputStream.writeByte(1);
            DataSerializer.writeProperties(properties, heapDataOutputStream);
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            return;
        }
        try {
            InternalLogWriter internalLogWriter = (InternalLogWriter) this.system.getSecurityLogWriter();
            internalLogWriter.fine("HandShake: using Diffie-Hellman key exchange with algo " + dhSKAlgo);
            boolean z2 = certificateFilePath != null && certificateFilePath.length() > 0;
            if (z2) {
                internalLogWriter.fine("HandShake: server authentication using digital signature required");
            }
            heapDataOutputStream.writeByte(2);
            heapDataOutputStream.writeBoolean(z2);
            DataSerializer.writeString(dhSKAlgo, heapDataOutputStream);
            DataSerializer.writeByteArray(dhPublicKey.getEncoded(), heapDataOutputStream);
            byte[] bArr = null;
            if (z2) {
                bArr = new byte[64];
                random.nextBytes(bArr);
                DataSerializer.writeByteArray(bArr, heapDataOutputStream);
            }
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            byte readByte = dataInputStream.readByte();
            if (readByte != 59 && readByte != 66) {
                dataInputStream.readByte();
                dataInputStream.readInt();
                if (!z) {
                    DataSerializer.readByteArray(dataInputStream);
                }
                readMessage(dataInputStream, dataOutputStream, readByte, distributedMember);
            } else if (readByte == 59) {
                byte[] readByteArray = DataSerializer.readByteArray(dataInputStream);
                if (z2) {
                    String readString = DataSerializer.readString(dataInputStream);
                    byte[] readByteArray2 = DataSerializer.readByteArray(dataInputStream);
                    if (!certificateMap.containsKey(readString)) {
                        throw new AuthenticationFailedException(LocalizedStrings.HandShake_HANDSHAKE_FAILED_TO_FIND_PUBLIC_KEY_FOR_SERVER_WITH_SUBJECT_0.toLocalizedString(readString));
                    }
                    X509Certificate x509Certificate = (X509Certificate) certificateMap.get(readString);
                    Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
                    signature.initVerify(x509Certificate);
                    signature.update(bArr);
                    if (!signature.verify(readByteArray2)) {
                        throw new AuthenticationFailedException("Mismatch in client challenge bytes. Malicious server?");
                    }
                    internalLogWriter.fine("HandShake: Successfully verified the digital signature from server");
                }
                byte[] readByteArray3 = DataSerializer.readByteArray(dataInputStream);
                this.clientPublicKey = KeyFactory.getInstance("DH").generatePublic(new X509EncodedKeySpec(readByteArray));
                HeapDataOutputStream heapDataOutputStream2 = new HeapDataOutputStream(Version.CURRENT);
                try {
                    DataSerializer.writeProperties(properties, heapDataOutputStream2);
                    DataSerializer.writeByteArray(readByteArray3, heapDataOutputStream2);
                    DataSerializer.writeByteArray(encryptBytes(heapDataOutputStream2.toByteArray(), getEncryptCipher(dhSKAlgo, this.clientPublicKey)), dataOutputStream);
                    heapDataOutputStream2.close();
                } catch (Throwable th) {
                    heapDataOutputStream2.close();
                    throw th;
                }
            }
            dataOutputStream.flush();
        } catch (GemFireSecurityException e) {
            throw e;
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationFailedException("HandShake failed in Diffie-Hellman key exchange", e3);
        }
    }

    public byte writeCredential(DataOutputStream dataOutputStream, DataInputStream dataInputStream, String str, boolean z, DistributedMember distributedMember, HeapDataOutputStream heapDataOutputStream) throws IOException, GemFireSecurityException {
        if (!this.multiuserSecureMode && (str == null || str.length() == 0)) {
            heapDataOutputStream.writeByte(0);
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            return (byte) -1;
        }
        if (dhSKAlgo == null || dhSKAlgo.length() == 0) {
            heapDataOutputStream.writeByte(1);
            this.appSecureMode = (byte) 1;
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            return (byte) -1;
        }
        try {
            InternalLogWriter internalLogWriter = (InternalLogWriter) this.system.getSecurityLogWriter();
            internalLogWriter.fine("HandShake: using Diffie-Hellman key exchange with algo " + dhSKAlgo);
            boolean z2 = certificateFilePath != null && certificateFilePath.length() > 0;
            if (z2) {
                internalLogWriter.fine("HandShake: server authentication using digital signature required");
            }
            heapDataOutputStream.writeByte(2);
            this.appSecureMode = (byte) 2;
            heapDataOutputStream.writeBoolean(z2);
            DataSerializer.writeString(dhSKAlgo, heapDataOutputStream);
            DataSerializer.writeByteArray(dhPublicKey.getEncoded(), heapDataOutputStream);
            byte[] bArr = null;
            if (z2) {
                bArr = new byte[64];
                random.nextBytes(bArr);
                DataSerializer.writeByteArray(bArr, heapDataOutputStream);
            }
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            byte readByte = dataInputStream.readByte();
            if (readByte != 59 && readByte != 66) {
                dataInputStream.readByte();
                dataInputStream.readInt();
                if (!z) {
                    DataSerializer.readByteArray(dataInputStream);
                }
                readMessage(dataInputStream, dataOutputStream, readByte, distributedMember);
            } else if (readByte == 59) {
                byte[] readByteArray = DataSerializer.readByteArray(dataInputStream);
                if (z2) {
                    String readString = DataSerializer.readString(dataInputStream);
                    byte[] readByteArray2 = DataSerializer.readByteArray(dataInputStream);
                    if (!certificateMap.containsKey(readString)) {
                        throw new AuthenticationFailedException(LocalizedStrings.HandShake_HANDSHAKE_FAILED_TO_FIND_PUBLIC_KEY_FOR_SERVER_WITH_SUBJECT_0.toLocalizedString(readString));
                    }
                    X509Certificate x509Certificate = (X509Certificate) certificateMap.get(readString);
                    Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());
                    signature.initVerify(x509Certificate);
                    signature.update(bArr);
                    if (!signature.verify(readByteArray2)) {
                        throw new AuthenticationFailedException("Mismatch in client challenge bytes. Malicious server?");
                    }
                    internalLogWriter.fine("HandShake: Successfully verified the digital signature from server");
                }
                byte[] readByteArray3 = DataSerializer.readByteArray(dataInputStream);
                this.clientPublicKey = KeyFactory.getInstance("DH").generatePublic(new X509EncodedKeySpec(readByteArray));
                HeapDataOutputStream heapDataOutputStream2 = new HeapDataOutputStream(Version.CURRENT);
                try {
                    DataSerializer.writeByteArray(readByteArray3, heapDataOutputStream2);
                    DataSerializer.writeByteArray(encryptBytes(heapDataOutputStream2.toByteArray(), getEncryptCipher(dhSKAlgo, this.clientPublicKey)), dataOutputStream);
                    heapDataOutputStream2.close();
                } catch (Throwable th) {
                    heapDataOutputStream2.close();
                    throw th;
                }
            }
            dataOutputStream.flush();
            return readByte;
        } catch (GemFireSecurityException e) {
            throw e;
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationFailedException("HandShake failed in Diffie-Hellman key exchange", e3);
        }
    }

    public byte[] encryptBytes(byte[] bArr) throws Exception {
        if (this.appSecureMode == 2) {
            return encryptBytes(bArr, getEncryptCipher(this.clientSKAlgo != null ? this.clientSKAlgo : dhSKAlgo, this.clientPublicKey));
        }
        return bArr;
    }

    public static byte[] encryptBytes(byte[] bArr, Cipher cipher) throws Exception {
        try {
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw e;
        }
    }

    private Cipher getEncryptCipher(String str, PublicKey publicKey) throws Exception {
        Cipher cipher;
        try {
            if (this._encrypt == null) {
                KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
                keyAgreement.init(dhPrivateKey);
                keyAgreement.doPhase(publicKey, true);
                int keySize = getKeySize(str);
                int blockSize = getBlockSize(str);
                if (keySize == -1 || blockSize == -1) {
                    SecretKey generateSecret = keyAgreement.generateSecret(str);
                    cipher = Cipher.getInstance(str);
                    cipher.init(1, generateSecret);
                } else {
                    String dhAlgoStr = getDhAlgoStr(str);
                    byte[] generateSecret2 = keyAgreement.generateSecret();
                    SecretKeySpec secretKeySpec = new SecretKeySpec(generateSecret2, 0, keySize, dhAlgoStr);
                    IvParameterSpec ivParameterSpec = new IvParameterSpec(generateSecret2, keySize, blockSize);
                    cipher = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
                    cipher.init(1, secretKeySpec, ivParameterSpec);
                }
                this._encrypt = cipher;
            }
            return this._encrypt;
        } catch (Exception e) {
            throw e;
        }
    }

    public Properties readCredential(DataInputStream dataInputStream, DataOutputStream dataOutputStream, String str, DistributedSystem distributedSystem) throws GemFireSecurityException, IOException {
        boolean z = str != null && str.length() > 0;
        try {
            byte readByte = dataInputStream.readByte();
            if (readByte == 0) {
                if (z) {
                    throw new AuthenticationRequiredException(LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED.toLocalizedString());
                }
            } else if (readByte == 1) {
                this.appSecureMode = (byte) 1;
            } else if (readByte == 2) {
                this.appSecureMode = (byte) 2;
                boolean readBoolean = dataInputStream.readBoolean();
                InternalLogWriter internalLogWriter = (InternalLogWriter) distributedSystem.getSecurityLogWriter();
                this.clientSKAlgo = DataSerializer.readString(dataInputStream);
                byte[] readByteArray = DataSerializer.readByteArray(dataInputStream);
                if (z) {
                    this.clientPublicKey = KeyFactory.getInstance("DH").generatePublic(new X509EncodedKeySpec(readByteArray));
                    byte[] encoded = dhPublicKey.getEncoded();
                    byte[] bArr = new byte[64];
                    random.nextBytes(bArr);
                    if (readBoolean) {
                        byte[] readByteArray2 = DataSerializer.readByteArray(dataInputStream);
                        if (privateKeyEncrypt == null) {
                            throw new AuthenticationFailedException(LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE.toLocalizedString());
                        }
                        Signature signature = Signature.getInstance(privateKeySignAlgo);
                        signature.initSign(privateKeyEncrypt);
                        signature.update(readByteArray2);
                        byte[] sign = signature.sign();
                        dataOutputStream.writeByte(59);
                        DataSerializer.writeByteArray(encoded, dataOutputStream);
                        DataSerializer.writeString(privateKeySubject, dataOutputStream);
                        DataSerializer.writeByteArray(sign, dataOutputStream);
                        internalLogWriter.fine("HandShake: sent the signed client challenge");
                    } else {
                        dataOutputStream.writeByte(59);
                        DataSerializer.writeByteArray(encoded, dataOutputStream);
                    }
                    DataSerializer.writeByteArray(bArr, dataOutputStream);
                    internalLogWriter.fine("HandShake: sent the public key and challenge");
                    dataOutputStream.flush();
                    DataInputStream dataInputStream2 = new DataInputStream(new ByteArrayInputStream(decryptBytes(DataSerializer.readByteArray(dataInputStream), getDecryptCipher(this.clientSKAlgo, this.clientPublicKey))));
                    if (!Arrays.equals(bArr, DataSerializer.readByteArray(dataInputStream2))) {
                        throw new AuthenticationFailedException(LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT.toLocalizedString());
                    }
                    dataInputStream2.close();
                } else {
                    if (readBoolean) {
                        DataSerializer.readByteArray(dataInputStream);
                    }
                    dataOutputStream.writeByte(66);
                    dataOutputStream.flush();
                }
            }
            return null;
        } catch (GemFireSecurityException e) {
            throw e;
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationFailedException(LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), e3);
        }
    }

    public byte[] decryptBytes(byte[] bArr) throws Exception {
        if (this.appSecureMode == 2) {
            return decryptBytes(bArr, getDecryptCipher(this.clientSKAlgo != null ? this.clientSKAlgo : dhSKAlgo, this.clientPublicKey));
        }
        return bArr;
    }

    public static byte[] decryptBytes(byte[] bArr, Cipher cipher) throws Exception {
        try {
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw e;
        }
    }

    private Cipher getDecryptCipher(String str, PublicKey publicKey) throws Exception {
        Cipher cipher;
        if (this._decrypt == null) {
            try {
                KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
                keyAgreement.init(dhPrivateKey);
                keyAgreement.doPhase(publicKey, true);
                int keySize = getKeySize(str);
                int blockSize = getBlockSize(str);
                if (keySize == -1 || blockSize == -1) {
                    SecretKey generateSecret = keyAgreement.generateSecret(str);
                    cipher = Cipher.getInstance(str);
                    cipher.init(2, generateSecret);
                } else {
                    String dhAlgoStr = getDhAlgoStr(str);
                    byte[] generateSecret2 = keyAgreement.generateSecret();
                    SecretKeySpec secretKeySpec = new SecretKeySpec(generateSecret2, 0, keySize, dhAlgoStr);
                    IvParameterSpec ivParameterSpec = new IvParameterSpec(generateSecret2, keySize, blockSize);
                    cipher = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
                    cipher.init(2, secretKeySpec, ivParameterSpec);
                }
                this._decrypt = cipher;
            } catch (Exception e) {
                throw e;
            }
        }
        return this._decrypt;
    }

    public static void initCertsMap(Properties properties) throws Exception {
        certificateMap = new HashMap();
        certificateFilePath = properties.getProperty(PUBLIC_KEY_FILE_PROP);
        if (certificateFilePath == null || certificateFilePath.length() <= 0) {
            return;
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        String property = properties.getProperty(PUBLIC_KEY_PASSWD_PROP);
        char[] charArray = property != null ? property.toCharArray() : null;
        FileInputStream fileInputStream = new FileInputStream(certificateFilePath);
        try {
            keyStore.load(fileInputStream, charArray);
            fileInputStream.close();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    certificateMap.put(((X509Certificate) certificate).getSubjectDN().getName(), certificate);
                }
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public static void initPrivateKey(Properties properties) throws Exception {
        String property = properties.getProperty(PRIVATE_KEY_FILE_PROP);
        privateKeyAlias = "";
        privateKeyEncrypt = null;
        if (property == null || property.length() <= 0) {
            return;
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        privateKeyAlias = properties.getProperty(PRIVATE_KEY_ALIAS_PROP);
        if (privateKeyAlias == null) {
            privateKeyAlias = "";
        }
        String property2 = properties.getProperty(PRIVATE_KEY_PASSWD_PROP);
        char[] charArray = property2 != null ? property2.toCharArray() : null;
        FileInputStream fileInputStream = new FileInputStream(property);
        try {
            keyStore.load(fileInputStream, charArray);
            fileInputStream.close();
            Key key = keyStore.getKey(privateKeyAlias, charArray);
            Certificate certificate = keyStore.getCertificate(privateKeyAlias);
            if ((key instanceof PrivateKey) && (certificate instanceof X509Certificate)) {
                privateKeyEncrypt = (PrivateKey) key;
                privateKeySignAlgo = ((X509Certificate) certificate).getSigAlgName();
                privateKeySubject = ((X509Certificate) certificate).getSubjectDN().getName();
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public static void initDHKeys(DistributionConfig distributionConfig) throws Exception {
        dhSKAlgo = distributionConfig.getSecurityClientDHAlgo();
        dhPrivateKey = null;
        dhPublicKey = null;
        String securityClientAuthenticator = distributionConfig.getSecurityClientAuthenticator();
        if ((dhSKAlgo == null || dhSKAlgo.length() <= 0) && (securityClientAuthenticator == null || securityClientAuthenticator.length() <= 0)) {
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
        keyPairGenerator.initialize(new DHParameterSpec(dhP, dhG, 1023));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        dhPrivateKey = generateKeyPair.getPrivate();
        dhPublicKey = generateKeyPair.getPublic();
        random = new SecureRandom();
        random.nextBytes(new byte[48]);
    }

    @Override // com.gemstone.gemfire.internal.cache.tier.ClientHandShake
    public void accept(OutputStream outputStream, InputStream inputStream, byte b, int i, byte b2, Principal principal) throws IOException {
        DataInputStream dataInputStream;
        DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
        if (this.clientVersion.compareTo(Version.CURRENT) < 0) {
            dataInputStream = new VersionedDataInputStream(inputStream, this.clientVersion);
            dataOutputStream = new VersionedDataOutputStream(dataOutputStream, this.clientVersion);
        } else {
            dataInputStream = new DataInputStream(inputStream);
        }
        if (b2 != 103 || principal == null) {
            dataOutputStream.writeByte(59);
        } else {
            dataOutputStream.writeByte(65);
        }
        if (b2 == 103) {
            Version.writeOrdinal((DataOutput) dataOutputStream, ServerHandShakeProcessor.currentServerVersion.ordinal(), true);
        }
        dataOutputStream.writeByte(b);
        dataOutputStream.writeInt(i);
        ServerHandShakeProcessor.writeServerMember(this.system.getDistributedMember(), dataOutputStream);
        dataOutputStream.writeUTF("");
        if (b2 != 103 && this.clientVersion.compareTo(Version.GFE_61) >= 0) {
            dataOutputStream.writeBoolean(((InternalDistributedSystem) this.system).getConfig().getDeltaPropagation());
        }
        if (b2 == 103 && principal != null) {
            sendCredentialsForWan(dataOutputStream, dataInputStream);
        }
        if (b2 == 103 && this.clientVersion.compareTo(Version.GFE_66) >= 0 && ServerHandShakeProcessor.currentServerVersion.compareTo(Version.GFE_66) >= 0) {
            dataOutputStream.writeByte(((InternalDistributedSystem) this.system).getDistributionManager().getDistributedSystemId());
        }
        if (b2 == 103 && this.clientVersion.compareTo(Version.GFE_80) >= 0 && ServerHandShakeProcessor.currentServerVersion.compareTo(Version.GFE_80) >= 0) {
            dataOutputStream.writeInt(PeerTypeRegistration.getPdxRegistrySize());
        }
        dataOutputStream.flush();
    }

    private DistributedMember getDistributedMember(Socket socket) {
        return new InternalDistributedMember(socket.getInetAddress(), socket.getPort(), false);
    }

    public ServerQueueStatus greet(Connection connection, ServerLocation serverLocation, byte b) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException {
        try {
            Socket socket = connection.getSocket();
            DataOutputStream dataOutputStream = new DataOutputStream(SocketUtils.getOutputStream(socket));
            InputStream inputStream = SocketUtils.getInputStream(socket);
            DataInputStream dataInputStream = new DataInputStream(inputStream);
            DistributedMember distributedMember = getDistributedMember(socket);
            DM distributionManager = ((InternalDistributedSystem) this.system).getDistributionManager();
            InternalDistributedMember distributionManagerId = distributionManager.getDistributionManagerId();
            synchronized (distributionManagerId) {
                if (distributionManagerId.getPort() == 0 && (distributionManager instanceof LonerDistributionManager)) {
                    ((LonerDistributionManager) distributionManager).updateLonerPort(socket.getLocalPort());
                    updateProxyID(distributionManager.getDistributionManagerId());
                }
            }
            if (b == 103) {
                this.credentials = getCredentials(distributedMember);
            }
            byte write = write(dataOutputStream, dataInputStream, b, 59, this.clientReadTimeout, null, this.credentials, distributedMember, false);
            String property = this.system.getProperties().getProperty(DistributionConfig.SECURITY_CLIENT_AUTH_INIT_NAME);
            if (b != 103 && write != 66 && property != null && property.length() != 0) {
                serverLocation.compareAndSetRequiresCredentials(true);
            }
            byte readByte = dataInputStream.readByte();
            if (readByte == 21 && !(socket instanceof SSLSocket)) {
                throw new AuthenticationRequiredException(LocalizedStrings.HandShake_SERVER_EXPECTING_SSL_CONNECTION.toLocalizedString());
            }
            if (b == 103 && readByte != 62 && readByte != 63) {
                short readOrdinal = Version.readOrdinal(dataInputStream);
                connection.setWanSiteVersion(readOrdinal);
                if (readOrdinal < Version.CURRENT_ORDINAL) {
                    dataInputStream = new VersionedDataInputStream(dataInputStream, Version.fromOrdinalOrCurrent(readOrdinal));
                }
            }
            byte readByte2 = dataInputStream.readByte();
            int readInt = dataInputStream.readInt();
            DistributedMember readServerMember = readServerMember(dataInputStream);
            ServerQueueStatus serverQueueStatus = new ServerQueueStatus(readByte2, readInt, readServerMember);
            readMessage(dataInputStream, dataOutputStream, readByte, readServerMember);
            if (b != 103 && currentClientVersion.compareTo(Version.GFE_61) >= 0) {
                deltaEnabledOnServer = dataInputStream.readBoolean();
            }
            if (b == 103 && Version.GFE_66.compareTo(connection.getWanSiteVersion()) <= 0 && currentClientVersion.compareTo(Version.GFE_66) >= 0) {
                int read = inputStream.read();
                int distributedSystemId = ((InternalDistributedSystem) this.system).getDistributionManager().getDistributedSystemId();
                if (distributedSystemId >= 0 && distributedSystemId == read) {
                    throw new GatewayConfigurationException("Remote WAN site's distributed system id " + read + " matches this sites distributed system id " + distributedSystemId);
                }
            }
            if (b == 103 && Version.GFE_80.compareTo(connection.getWanSiteVersion()) <= 0 && currentClientVersion.compareTo(Version.GFE_80) >= 0) {
                serverQueueStatus.setPdxSize(dataInputStream.readInt());
            }
            return serverQueueStatus;
        } catch (IOException e) {
            this.system.getCancelCriterion().checkCancelInProgress(null);
            throw e;
        }
    }

    public ServerQueueStatus greetNotifier(Socket socket, boolean z, ServerLocation serverLocation) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException, ClassNotFoundException {
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(SocketUtils.getOutputStream(socket));
            DataInputStream dataInputStream = new DataInputStream(SocketUtils.getInputStream(socket));
            DistributedMember distributedMember = getDistributedMember(socket);
            if (!this.multiuserSecureMode) {
                this.credentials = getCredentials(distributedMember);
            }
            write(dataOutputStream, dataInputStream, z ? (byte) 101 : (byte) 102, 59, 0, new ArrayList(), this.credentials, distributedMember, true);
            byte readByte = dataInputStream.readByte();
            if (readByte == 21 && !(socket instanceof SSLSocket)) {
                throw new AuthenticationRequiredException(LocalizedStrings.HandShake_SERVER_EXPECTING_SSL_CONNECTION.toLocalizedString());
            }
            ServerQueueStatus serverQueueStatus = new ServerQueueStatus(dataInputStream.readByte(), dataInputStream.readInt(), distributedMember);
            readMessage(dataInputStream, dataOutputStream, readByte, distributedMember);
            if (currentClientVersion.compareTo(Version.GFE_61) < 0) {
                return serverQueueStatus;
            }
            for (Map.Entry entry : DataSerializer.readHashMap(dataInputStream).entrySet()) {
                Integer num = (Integer) entry.getKey();
                ArrayList arrayList = (ArrayList) entry.getValue();
                InternalInstantiator.register((String) arrayList.get(0), (String) arrayList.get(1), num.intValue(), false);
            }
            for (Map.Entry entry2 : DataSerializer.readHashMap(dataInputStream).entrySet()) {
                InternalDataSerializer.register((String) entry2.getValue(), false, null, null, ((Integer) entry2.getKey()).intValue());
            }
            InternalDataSerializer.updateSupportedClassesMap(DataSerializer.readHashMap(dataInputStream));
            return serverQueueStatus;
        } catch (IOException e) {
            this.system.getCancelCriterion().checkCancelInProgress(null);
            throw e;
        } catch (ClassNotFoundException e2) {
            this.system.getCancelCriterion().checkCancelInProgress(null);
            throw e2;
        }
    }

    protected DistributedMember readServerMember(DataInputStream dataInputStream) throws IOException {
        DataInputStream dataInputStream2 = new DataInputStream(new ByteArrayInputStream(DataSerializer.readByteArray(dataInputStream)));
        Version versionForDataStreamOrNull = InternalDataSerializer.getVersionForDataStreamOrNull(dataInputStream);
        if (versionForDataStreamOrNull != null) {
            dataInputStream2 = new VersionedDataInputStream(dataInputStream2, versionForDataStreamOrNull);
        }
        try {
            return (DistributedMember) DataSerializer.readObject(dataInputStream2);
        } catch (EOFException e) {
            throw e;
        } catch (Exception e2) {
            throw new InternalGemFireException(LocalizedStrings.HandShake_UNABLE_TO_DESERIALIZE_MEMBER.toLocalizedString(), e2);
        }
    }

    protected void readMessage(DataInputStream dataInputStream, DataOutputStream dataOutputStream, byte b, DistributedMember distributedMember) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException {
        String readUTF = dataInputStream.readUTF();
        if (readUTF.length() != 0 || b == 65) {
            switch (b) {
                case 62:
                    throw new AuthenticationRequiredException(readUTF);
                case 63:
                    throw new AuthenticationFailedException(readUTF);
                case 64:
                    throw new ServerRefusedConnectionException(distributedMember, readUTF);
                case 65:
                    checkIfAuthenticWanSite(dataInputStream, dataOutputStream, distributedMember);
                    return;
                default:
                    throw new ServerRefusedConnectionException(distributedMember, readUTF);
            }
        }
    }

    @Override // com.gemstone.gemfire.internal.cache.tier.ClientHandShake
    public byte getCode() {
        return this.code;
    }

    public boolean isRead() {
        return this.isRead;
    }

    @Override // com.gemstone.gemfire.internal.cache.tier.ClientHandShake
    public boolean isOK() {
        return getCode() == 59;
    }

    public void setClientReadTimeout(int i) {
        this.clientReadTimeout = i;
    }

    @Override // com.gemstone.gemfire.internal.cache.tier.ClientHandShake
    public int getClientReadTimeout() {
        return this.clientReadTimeout;
    }

    public void setMultiuserSecureMode(boolean z) {
        this.multiuserSecureMode = z;
    }

    public boolean isMultiuserSecureMode() {
        return this.multiuserSecureMode;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof HandShake)) {
            return false;
        }
        HandShake handShake = (HandShake) obj;
        return this.id.isSameDSMember(handShake.id) && this.code == handShake.code;
    }

    public int hashCode() {
        return (37 * this.id.hashCode()) + this.code;
    }

    public String toString() {
        StringBuffer append = new StringBuffer().append("HandShake@").append(System.identityHashCode(this)).append(" code: ").append((int) this.code);
        if (this.id != null) {
            append.append(" identity: ");
            append.append(this.id.toString());
        }
        return append.toString();
    }

    @Override // com.gemstone.gemfire.internal.cache.tier.ClientHandShake
    public ClientProxyMembershipID getMembership() {
        return this.id;
    }

    public static Properties getCredentials(String str, Properties properties, DistributedMember distributedMember, boolean z, InternalLogWriter internalLogWriter, InternalLogWriter internalLogWriter2) throws AuthenticationRequiredException {
        AuthInitialize authInitialize;
        Properties properties2 = null;
        if (str != null) {
            try {
                if (str.length() > 0 && (authInitialize = (AuthInitialize) ClassLoadUtil.methodFromName(str).invoke(null, (Object[]) null)) != null) {
                    authInitialize.init(internalLogWriter, internalLogWriter2);
                    try {
                        properties2 = authInitialize.getCredentials(properties, distributedMember, z);
                        authInitialize.close();
                    } catch (Throwable th) {
                        authInitialize.close();
                        throw th;
                    }
                }
            } catch (GemFireSecurityException e) {
                throw e;
            } catch (Exception e2) {
                throw new AuthenticationRequiredException(LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHINITIALIZE_METHOD_0.toLocalizedString(str), e2);
            }
        }
        return properties2;
    }

    private Properties getCredentials(DistributedMember distributedMember) {
        return getCredentials(this.system.getProperties().getProperty(DistributionConfig.SECURITY_CLIENT_AUTH_INIT_NAME), this.system.getSecurityProperties(), distributedMember, false, (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter());
    }

    public static Properties readCredentials(DataInputStream dataInputStream, DataOutputStream dataOutputStream, String str, DistributedSystem distributedSystem) throws GemFireSecurityException, IOException {
        Cipher cipher;
        Properties properties = null;
        boolean z = str != null && str.length() > 0;
        try {
            byte readByte = dataInputStream.readByte();
            if (readByte == 0) {
                if (z) {
                    throw new AuthenticationRequiredException(LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED.toLocalizedString());
                }
            } else if (readByte == 1) {
                if (z) {
                    properties = DataSerializer.readProperties(dataInputStream);
                } else {
                    DataSerializer.readProperties(dataInputStream);
                }
            } else if (readByte == 2) {
                boolean readBoolean = dataInputStream.readBoolean();
                InternalLogWriter internalLogWriter = (InternalLogWriter) distributedSystem.getSecurityLogWriter();
                String readString = DataSerializer.readString(dataInputStream);
                byte[] readByteArray = DataSerializer.readByteArray(dataInputStream);
                if (z) {
                    PublicKey generatePublic = KeyFactory.getInstance("DH").generatePublic(new X509EncodedKeySpec(readByteArray));
                    byte[] encoded = dhPublicKey.getEncoded();
                    byte[] bArr = new byte[64];
                    random.nextBytes(bArr);
                    if (readBoolean) {
                        byte[] readByteArray2 = DataSerializer.readByteArray(dataInputStream);
                        if (privateKeyEncrypt == null) {
                            throw new AuthenticationFailedException(LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE.toLocalizedString());
                        }
                        Signature signature = Signature.getInstance(privateKeySignAlgo);
                        signature.initSign(privateKeyEncrypt);
                        signature.update(readByteArray2);
                        byte[] sign = signature.sign();
                        dataOutputStream.writeByte(59);
                        DataSerializer.writeByteArray(encoded, dataOutputStream);
                        DataSerializer.writeString(privateKeySubject, dataOutputStream);
                        DataSerializer.writeByteArray(sign, dataOutputStream);
                        internalLogWriter.fine("HandShake: sent the signed client challenge");
                    } else {
                        dataOutputStream.writeByte(59);
                        DataSerializer.writeByteArray(encoded, dataOutputStream);
                    }
                    DataSerializer.writeByteArray(bArr, dataOutputStream);
                    internalLogWriter.fine("HandShake: sent the public key and challenge");
                    dataOutputStream.flush();
                    byte[] readByteArray3 = DataSerializer.readByteArray(dataInputStream);
                    KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
                    keyAgreement.init(dhPrivateKey);
                    keyAgreement.doPhase(generatePublic, true);
                    int keySize = getKeySize(readString);
                    int blockSize = getBlockSize(readString);
                    if (keySize == -1 || blockSize == -1) {
                        SecretKey generateSecret = keyAgreement.generateSecret(readString);
                        cipher = Cipher.getInstance(readString);
                        cipher.init(2, generateSecret);
                    } else {
                        String dhAlgoStr = getDhAlgoStr(readString);
                        byte[] generateSecret2 = keyAgreement.generateSecret();
                        SecretKeySpec secretKeySpec = new SecretKeySpec(generateSecret2, 0, keySize, dhAlgoStr);
                        IvParameterSpec ivParameterSpec = new IvParameterSpec(generateSecret2, keySize, blockSize);
                        cipher = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
                        cipher.init(2, secretKeySpec, ivParameterSpec);
                    }
                    DataInputStream dataInputStream2 = new DataInputStream(new ByteArrayInputStream(cipher.doFinal(readByteArray3)));
                    properties = DataSerializer.readProperties(dataInputStream2);
                    if (!Arrays.equals(bArr, DataSerializer.readByteArray(dataInputStream2))) {
                        throw new AuthenticationFailedException(LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT.toLocalizedString());
                    }
                    dataInputStream2.close();
                } else {
                    if (readBoolean) {
                        DataSerializer.readByteArray(dataInputStream);
                    }
                    dataOutputStream.writeByte(66);
                    dataOutputStream.flush();
                }
            } else if (readByte == 3) {
                logger.debug("readCredential where multiuser mode creating callback connection");
            }
            return properties;
        } catch (GemFireSecurityException e) {
            throw e;
        } catch (IOException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationFailedException(LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), e3);
        }
    }

    public static Principal verifyCredentials(String str, Properties properties, Properties properties2, InternalLogWriter internalLogWriter, InternalLogWriter internalLogWriter2, DistributedMember distributedMember) throws AuthenticationRequiredException, AuthenticationFailedException {
        if (str == null) {
            return null;
        }
        try {
            if (str.length() == 0) {
                return null;
            }
            Authenticator authenticator = (Authenticator) ClassLoadUtil.methodFromName(str).invoke(null, (Object[]) null);
            if (authenticator == null) {
                throw new AuthenticationFailedException(LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
            }
            authenticator.init(properties2, internalLogWriter, internalLogWriter2);
            try {
                Principal authenticate = authenticator.authenticate(properties, distributedMember);
                authenticator.close();
                return authenticate;
            } catch (Throwable th) {
                authenticator.close();
                throw th;
            }
        } catch (Exception e) {
            throw new AuthenticationFailedException(LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), e);
        }
    }

    public Principal verifyCredentials() throws AuthenticationRequiredException, AuthenticationFailedException {
        return verifyCredentials(this.system.getProperties().getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME), this.credentials, this.system.getSecurityProperties(), (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter(), this.id.getDistributedMember());
    }

    public void sendCredentialsForWan(OutputStream outputStream, InputStream inputStream) {
        try {
            writeCredentials(new DataOutputStream(outputStream), new DataInputStream(inputStream), getCredentials(this.id.getDistributedMember()), false, this.system.getDistributedMember());
        } catch (Exception e) {
            this.system.getSecurityLogWriter().convertToLogWriterI18n().severe(LocalizedStrings.HandShake_AN_EXCEPTION_WAS_THROWN_WHILE_SENDING_WAN_CREDENTIALS_0, e.getLocalizedMessage());
        }
    }

    private void checkIfAuthenticWanSite(DataInputStream dataInputStream, DataOutputStream dataOutputStream, DistributedMember distributedMember) throws GemFireSecurityException, IOException {
        if (this.credentials == null) {
            return;
        }
        String property = this.system.getProperties().getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME);
        verifyCredentials(property, readCredentials(dataInputStream, dataOutputStream, property, this.system), this.system.getSecurityProperties(), (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter(), distributedMember);
    }

    private static int getKeySize(String str) {
        String str2;
        int indexOf = str.indexOf(58);
        int i = 0;
        if (indexOf >= 0) {
            str2 = str.substring(0, indexOf);
            i = Integer.parseInt(str.substring(indexOf + 1));
        } else {
            str2 = str;
        }
        int i2 = -1;
        if (str2.equalsIgnoreCase("DESede")) {
            i2 = 24;
        } else if (str2.equalsIgnoreCase("Blowfish")) {
            i2 = i > 128 ? i / 8 : 16;
        } else if (str2.equalsIgnoreCase("AES")) {
            i2 = (i == 192 || i == 256) ? i / 8 : 16;
        }
        return i2;
    }

    private static String getDhAlgoStr(String str) {
        int indexOf = str.indexOf(58);
        return indexOf >= 0 ? str.substring(0, indexOf) : str;
    }

    private static int getBlockSize(String str) {
        int i = -1;
        String dhAlgoStr = getDhAlgoStr(str);
        if (dhAlgoStr.equalsIgnoreCase("DESede")) {
            i = 8;
        } else if (dhAlgoStr.equalsIgnoreCase("Blowfish")) {
            i = 8;
        } else if (dhAlgoStr.equalsIgnoreCase("AES")) {
            i = 16;
        }
        return i;
    }

    @Override // com.gemstone.gemfire.internal.cache.tier.ClientHandShake
    public Version getVersion() {
        return this.clientVersion;
    }

    public static boolean isDeltaEnabledOnServer() {
        return deltaEnabledOnServer;
    }

    public boolean hasCredentials() {
        return this.credentials != null;
    }
}
