package org.apache.geode.internal.cache.tier.sockets;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.Principal;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import org.apache.geode.DataSerializer;
import org.apache.geode.annotations.internal.MutableForTesting;
import org.apache.geode.cache.CacheCallback;
import org.apache.geode.cache.client.ServerRefusedConnectionException;
import org.apache.geode.distributed.DistributedMember;
import org.apache.geode.distributed.DistributedSystem;
import org.apache.geode.internal.ClassLoadUtil;
import org.apache.geode.internal.HeapDataOutputStream;
import org.apache.geode.internal.Version;
import org.apache.geode.internal.cache.tier.ConnectionProxy;
import org.apache.geode.internal.logging.InternalLogWriter;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.security.CallbackInstantiator;
import org.apache.geode.internal.security.Credentials;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.AuthInitialize;
import org.apache.geode.security.AuthenticationFailedException;
import org.apache.geode.security.AuthenticationRequiredException;
import org.apache.geode.security.Authenticator;
import org.apache.geode.security.GemFireSecurityException;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.subject.Subject;

/* loaded from: input_file:org/apache/geode/internal/cache/tier/sockets/Handshake.class */
public abstract class Handshake {
    protected static final byte REPLY_OK = 59;
    protected static final byte REPLY_REFUSED = 60;
    protected static final byte REPLY_INVALID = 61;
    protected static final byte REPLY_EXCEPTION_AUTHENTICATION_REQUIRED = 62;
    protected static final byte REPLY_EXCEPTION_AUTHENTICATION_FAILED = 63;
    protected static final byte REPLY_EXCEPTION_DUPLICATE_DURABLE_CLIENT = 64;
    protected static final byte REPLY_WAN_CREDENTIALS = 65;
    protected static final byte REPLY_AUTH_NOT_REQUIRED = 66;
    public static final byte REPLY_SERVER_IS_LOCATOR = 67;
    protected SecurityService securityService;
    protected int clientReadTimeout;
    protected DistributedSystem system;
    protected ClientProxyMembershipID id;
    protected Properties credentials;
    protected EncryptorImpl encryptor;
    public static final byte CREDENTIALS_NONE = 0;
    public static final byte CREDENTIALS_NORMAL = 1;
    public static final byte CREDENTIALS_DHENCRYPT = 2;
    public static final byte SECURITY_MULTIUSER_NOTIFICATIONCHANNEL = 3;
    public static final String PUBLIC_KEY_FILE_PROP = "security-client-kspath";
    public static final String PUBLIC_KEY_PASSWD_PROP = "security-client-kspasswd";
    public static final String PRIVATE_KEY_FILE_PROP = "security-server-kspath";
    public static final String PRIVATE_KEY_ALIAS_PROP = "security-server-ksalias";
    public static final String PRIVATE_KEY_PASSWD_PROP = "security-server-kspasswd";
    public static final byte CONFLATION_DEFAULT = 0;
    public static final byte CONFLATION_ON = 1;
    public static final byte CONFLATION_OFF = 2;
    protected byte clientConflation;
    protected byte[] overrides;
    public static final byte clientConflationForTesting = 0;
    public static final boolean setClientConflationForTesting = false;
    private static final Logger logger = LogService.getLogger();

    @MutableForTesting
    protected static Version currentClientVersion = ConnectionProxy.VERSION;

    protected abstract byte getReplyCode();

    /* JADX INFO: Access modifiers changed from: protected */
    public Handshake() {
        this.clientReadTimeout = 10000;
        this.clientConflation = (byte) 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Handshake(Handshake handshake) {
        this.clientReadTimeout = 10000;
        this.clientConflation = (byte) 0;
        this.clientConflation = handshake.clientConflation;
        this.clientReadTimeout = handshake.clientReadTimeout;
        this.credentials = handshake.credentials;
        this.overrides = handshake.overrides;
        this.system = handshake.system;
        this.id = handshake.id;
        this.securityService = handshake.securityService;
        this.encryptor = new EncryptorImpl(handshake.encryptor);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setClientConflation(byte b) {
        this.clientConflation = b;
        switch (this.clientConflation) {
            case 0:
            case 1:
            case 2:
                return;
            default:
                throw new IllegalArgumentException("Illegal clientConflation");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getOverrides() {
        return this.overrides;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setOverrides(byte[] bArr) {
        setClientConflation((byte) (bArr[0] & 3));
    }

    public static byte[] extractOverrides(byte[] bArr) {
        byte b = bArr[0];
        byte[] bArr2 = new byte[1];
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = (byte) (b & 3);
            b = (byte) (b >>> 2);
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte writeCredential(DataOutputStream dataOutputStream, DataInputStream dataInputStream, String str, boolean z, DistributedMember distributedMember, HeapDataOutputStream heapDataOutputStream) throws IOException, GemFireSecurityException {
        if (!this.encryptor.isEnabled()) {
            heapDataOutputStream.writeByte(1);
            this.encryptor.setAppSecureMode((byte) 1);
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            return (byte) -1;
        }
        byte writeEncryptedCredential = this.encryptor.writeEncryptedCredential(dataOutputStream, dataInputStream, heapDataOutputStream);
        if (writeEncryptedCredential != 59 && writeEncryptedCredential != 66) {
            dataInputStream.readByte();
            dataInputStream.readInt();
            if (!z) {
                DataSerializer.readByteArray(dataInputStream);
            }
            readMessage(dataInputStream, dataOutputStream, writeEncryptedCredential, distributedMember);
        }
        dataOutputStream.flush();
        return writeEncryptedCredential;
    }

    public void writeCredentials(DataOutputStream dataOutputStream, DataInputStream dataInputStream, Properties properties, boolean z, DistributedMember distributedMember) throws IOException, GemFireSecurityException {
        HeapDataOutputStream heapDataOutputStream = new HeapDataOutputStream(32, Version.CURRENT);
        try {
            writeCredentials(dataOutputStream, dataInputStream, properties, z, distributedMember, heapDataOutputStream);
            heapDataOutputStream.close();
        } catch (Throwable th) {
            heapDataOutputStream.close();
            throw th;
        }
    }

    public void writeCredentials(DataOutputStream dataOutputStream, DataInputStream dataInputStream, Properties properties, boolean z, DistributedMember distributedMember, HeapDataOutputStream heapDataOutputStream) throws IOException, GemFireSecurityException {
        if (properties == null) {
            heapDataOutputStream.writeByte(0);
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            return;
        }
        if (!this.encryptor.isEnabled()) {
            heapDataOutputStream.writeByte(1);
            DataSerializer.writeProperties(properties, heapDataOutputStream);
            heapDataOutputStream.flush();
            dataOutputStream.write(heapDataOutputStream.toByteArray());
            dataOutputStream.flush();
            return;
        }
        byte writeEncryptedCredentials = this.encryptor.writeEncryptedCredentials(dataOutputStream, dataInputStream, properties, heapDataOutputStream);
        if (writeEncryptedCredentials != 59 && writeEncryptedCredentials != 66) {
            dataInputStream.readByte();
            dataInputStream.readInt();
            if (!z) {
                DataSerializer.readByteArray(dataInputStream);
            }
            readMessage(dataInputStream, dataOutputStream, writeEncryptedCredentials, distributedMember);
        }
        dataOutputStream.flush();
    }

    static void throwIfMissingRequiredCredentials(boolean z, boolean z2) {
        if (z && !z2) {
            throw new AuthenticationRequiredException("No security credentials are provided");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Properties readCredential(DataInputStream dataInputStream, DataOutputStream dataOutputStream, DistributedSystem distributedSystem) throws GemFireSecurityException, IOException {
        boolean isClientSecurityRequired = this.securityService.isClientSecurityRequired();
        try {
            byte readByte = dataInputStream.readByte();
            throwIfMissingRequiredCredentials(isClientSecurityRequired, readByte != 0);
            if (readByte == 1) {
                this.encryptor.setAppSecureMode((byte) 1);
            } else if (readByte == 2) {
                this.encryptor.readEncryptedCredentials(dataInputStream, dataOutputStream, distributedSystem, isClientSecurityRequired);
            }
            return null;
        } catch (IOException e) {
            throw e;
        } catch (GemFireSecurityException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationFailedException("Failure in reading credentials", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void readMessage(DataInputStream dataInputStream, DataOutputStream dataOutputStream, byte b, DistributedMember distributedMember) throws IOException, AuthenticationRequiredException, AuthenticationFailedException, ServerRefusedConnectionException {
        String readUTF = dataInputStream.readUTF();
        if (readUTF.length() != 0 || b == 65) {
            switch (b) {
                case 62:
                    throw new AuthenticationRequiredException(readUTF);
                case 63:
                    throw new AuthenticationFailedException(readUTF);
                case 64:
                    throw new ServerRefusedConnectionException(distributedMember, readUTF);
                case 65:
                    checkIfAuthenticWanSite(dataInputStream, dataOutputStream, distributedMember);
                    return;
                default:
                    throw new ServerRefusedConnectionException(distributedMember, readUTF);
            }
        }
    }

    public boolean isOK() {
        return getReplyCode() == 59;
    }

    public void setClientReadTimeout(int i) {
        this.clientReadTimeout = i;
    }

    public int getClientReadTimeout() {
        return this.clientReadTimeout;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof Handshake)) {
            return false;
        }
        Handshake handshake = (Handshake) obj;
        return this.id.isSameDSMember(handshake.id) && getReplyCode() == handshake.getReplyCode();
    }

    public int hashCode() {
        return (37 * this.id.hashCode()) + getReplyCode();
    }

    public String toString() {
        StringBuffer append = new StringBuffer().append("HandShake@").append(System.identityHashCode(this)).append(" code: ").append((int) getReplyCode());
        if (this.id != null) {
            append.append(" identity: ");
            append.append(this.id.toString());
        }
        return append.toString();
    }

    public ClientProxyMembershipID getMembershipId() {
        return this.id;
    }

    public static Properties getCredentials(String str, Properties properties, DistributedMember distributedMember, boolean z, InternalLogWriter internalLogWriter, InternalLogWriter internalLogWriter2) throws AuthenticationRequiredException {
        if (StringUtils.isBlank(str)) {
            return Credentials.getCredentials(properties);
        }
        try {
            AuthInitialize authInitialize = (AuthInitialize) CallbackInstantiator.getObjectOfType(str, AuthInitialize.class);
            authInitialize.init(internalLogWriter, internalLogWriter2);
            try {
                Properties credentials = authInitialize.getCredentials(properties, distributedMember, z);
                authInitialize.close();
                return credentials;
            } catch (Throwable th) {
                authInitialize.close();
                throw th;
            }
        } catch (GemFireSecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new AuthenticationRequiredException(String.format("Failed to acquire AuthInitialize method %s", str), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Properties getCredentials(DistributedMember distributedMember) {
        return getCredentials(this.system.getProperties().getProperty("security-client-auth-init"), this.system.getSecurityProperties(), distributedMember, false, (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter());
    }

    public static Properties readCredentials(DataInputStream dataInputStream, DataOutputStream dataOutputStream, DistributedSystem distributedSystem, SecurityService securityService) throws GemFireSecurityException, IOException {
        boolean isClientSecurityRequired = securityService.isClientSecurityRequired();
        Properties properties = null;
        try {
            byte readByte = dataInputStream.readByte();
            throwIfMissingRequiredCredentials(isClientSecurityRequired, readByte != 0);
            if (readByte == 1) {
                if (isClientSecurityRequired) {
                    properties = DataSerializer.readProperties(dataInputStream);
                } else {
                    DataSerializer.readProperties(dataInputStream);
                }
            } else if (readByte == 2) {
                properties = EncryptorImpl.getDecryptedCredentials(dataInputStream, dataOutputStream, distributedSystem, isClientSecurityRequired, null);
            } else if (readByte == 3) {
                logger.debug("readCredential where multiuser mode creating callback connection");
            }
            return properties;
        } catch (IOException e) {
            throw e;
        } catch (GemFireSecurityException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new AuthenticationFailedException("Failure in reading credentials", e3);
        }
    }

    public static Object verifyCredentials(String str, Properties properties, Properties properties2, InternalLogWriter internalLogWriter, InternalLogWriter internalLogWriter2, DistributedMember distributedMember, SecurityService securityService) throws AuthenticationRequiredException, AuthenticationFailedException {
        if (!AcceptorImpl.isAuthenticationRequired()) {
            return null;
        }
        CacheCallback cacheCallback = null;
        try {
            try {
                if (securityService.isIntegratedSecurity()) {
                    Subject login = securityService.login(properties);
                    if (0 != 0) {
                        cacheCallback.close();
                    }
                    return login;
                }
                Authenticator authenticator = (Authenticator) ClassLoadUtil.methodFromName(str).invoke(null, (Object[]) null);
                authenticator.init(properties2, internalLogWriter, internalLogWriter2);
                Principal authenticate = authenticator.authenticate(properties, distributedMember);
                if (authenticator != null) {
                    authenticator.close();
                }
                return authenticate;
            } catch (AuthenticationFailedException e) {
                throw e;
            } catch (Exception e2) {
                throw new AuthenticationFailedException(e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                cacheCallback.close();
            }
            throw th;
        }
    }

    public Object verifyCredentials() throws AuthenticationRequiredException, AuthenticationFailedException {
        return verifyCredentials(this.system.getProperties().getProperty("security-client-authenticator"), this.credentials, this.system.getSecurityProperties(), (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter(), this.id.getDistributedMember(), this.securityService);
    }

    private void checkIfAuthenticWanSite(DataInputStream dataInputStream, DataOutputStream dataOutputStream, DistributedMember distributedMember) throws GemFireSecurityException, IOException {
        if (this.credentials == null) {
            return;
        }
        verifyCredentials(this.system.getProperties().getProperty("security-client-authenticator"), readCredentials(dataInputStream, dataOutputStream, this.system, this.securityService), this.system.getSecurityProperties(), (InternalLogWriter) this.system.getLogWriter(), (InternalLogWriter) this.system.getSecurityLogWriter(), distributedMember, this.securityService);
    }
}
