package org.apache.geode.distributed.internal.membership.adapter.auth;

import java.security.Principal;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import org.apache.geode.LogWriter;
import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
import org.apache.geode.distributed.internal.membership.api.Authenticator;
import org.apache.geode.distributed.internal.membership.api.MemberIdentifier;
import org.apache.geode.internal.cache.tier.sockets.Handshake;
import org.apache.geode.internal.security.CallbackInstantiator;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.AuthenticationFailedException;
import org.apache.geode.security.GemFireSecurityException;
import org.apache.geode.security.ResourcePermission;

/* loaded from: input_file:org/apache/geode/distributed/internal/membership/adapter/auth/GMSAuthenticator.class */
public class GMSAuthenticator implements Authenticator<InternalDistributedMember> {
    private final Properties securityProps;
    private final SecurityService securityService;
    private final LogWriter securityLogWriter;
    private final LogWriter logWriter;

    public GMSAuthenticator(Properties properties, SecurityService securityService, LogWriter logWriter, LogWriter logWriter2) {
        this.securityProps = properties;
        this.securityService = securityService;
        this.securityLogWriter = logWriter;
        this.logWriter = logWriter2;
    }

    public String authenticate(InternalDistributedMember internalDistributedMember, Properties properties) {
        return authenticate(internalDistributedMember, properties, this.securityProps);
    }

    String authenticate(MemberIdentifier memberIdentifier, Properties properties, Properties properties2) {
        String property = properties2.getProperty("security-peer-authenticator");
        if (!this.securityService.isPeerSecurityRequired() && StringUtils.isBlank(property)) {
            return null;
        }
        if (properties == null) {
            this.securityLogWriter.warning(String.format("Failed to find credentials from [%s]", memberIdentifier));
            return String.format("Failed to find credentials from [%s]", memberIdentifier);
        }
        String str = null;
        try {
            if (this.securityService.isIntegratedSecurity()) {
                this.securityService.login(properties);
                this.securityService.authorize(ResourcePermission.Resource.CLUSTER, ResourcePermission.Operation.MANAGE);
            } else {
                invokeAuthenticator(properties2, memberIdentifier, properties);
            }
        } catch (Exception e) {
            this.securityLogWriter.warning(String.format("Security check failed for [%s]. %s", memberIdentifier, e.getLocalizedMessage()), e);
            str = String.format("Security check failed. %s", e.getLocalizedMessage());
        }
        return str;
    }

    Principal invokeAuthenticator(Properties properties, MemberIdentifier memberIdentifier, Properties properties2) throws AuthenticationFailedException {
        org.apache.geode.security.Authenticator authenticator = null;
        try {
            try {
                authenticator = (org.apache.geode.security.Authenticator) CallbackInstantiator.getObjectOfType(properties.getProperty("security-peer-authenticator"), org.apache.geode.security.Authenticator.class);
                authenticator.init(this.securityProps, this.logWriter, this.securityLogWriter);
                Principal authenticate = authenticator.authenticate(properties2, (InternalDistributedMember) memberIdentifier);
                if (authenticator != null) {
                    authenticator.close();
                }
                return authenticate;
            } catch (GemFireSecurityException e) {
                throw e;
            } catch (Exception e2) {
                throw new AuthenticationFailedException("Failed to acquire Authenticator object", e2);
            }
        } catch (Throwable th) {
            if (authenticator != null) {
                authenticator.close();
            }
            throw th;
        }
    }

    public Properties getCredentials(InternalDistributedMember internalDistributedMember) {
        try {
            return getCredentials(internalDistributedMember, this.securityProps);
        } catch (Exception e) {
            this.securityLogWriter.warning(String.format("Failed to obtain credentials using AuthInitialize [%s]. %s", this.securityProps.getProperty("security-peer-auth-init"), e.getLocalizedMessage()));
            return null;
        }
    }

    Properties getCredentials(MemberIdentifier memberIdentifier, Properties properties) {
        return Handshake.getCredentials(properties.getProperty("security-peer-auth-init"), properties, (InternalDistributedMember) memberIdentifier, true, this.logWriter, this.securityLogWriter);
    }

    Properties getSecurityProps() {
        return this.securityProps;
    }
}
