package com.hazelcast.client.impl.protocol.task;

import com.hazelcast.client.ClientEndpoint;
import com.hazelcast.client.ClientTypes;
import com.hazelcast.client.impl.ClientEndpointImpl;
import com.hazelcast.client.impl.client.ClientPrincipal;
import com.hazelcast.client.impl.operations.ClientReAuthOperation;
import com.hazelcast.client.impl.protocol.AuthenticationStatus;
import com.hazelcast.client.impl.protocol.ClientMessage;
import com.hazelcast.config.GroupConfig;
import com.hazelcast.core.Member;
import com.hazelcast.instance.MemberImpl;
import com.hazelcast.instance.Node;
import com.hazelcast.logging.ILogger;
import com.hazelcast.nio.Address;
import com.hazelcast.nio.Connection;
import com.hazelcast.nio.ConnectionType;
import com.hazelcast.security.Credentials;
import com.hazelcast.security.SecurityContext;
import com.hazelcast.security.UsernamePasswordCredentials;
import com.hazelcast.spi.InvocationBuilder;
import com.hazelcast.util.UuidUtil;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Future;
import java.util.logging.Level;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/hazelcast/client/impl/protocol/task/AuthenticationBaseMessageTask.class */
public abstract class AuthenticationBaseMessageTask<P> extends AbstractCallableMessageTask<P> {
    protected transient ClientPrincipal principal;
    protected transient Credentials credentials;
    protected transient byte clientSerializationVersion;
    protected transient String clientVersion;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/hazelcast/client/impl/protocol/task/AuthenticationBaseMessageTask$OperationInfo.class */
    public class OperationInfo {
        private final Member member;
        private final Future future;

        public OperationInfo(Future future, Member member) {
            this.future = future;
            this.member = member;
        }

        public Member getMember() {
            return this.member;
        }

        public Future getFuture() {
            return this.future;
        }
    }

    public AuthenticationBaseMessageTask(ClientMessage clientMessage, Node node, Connection connection) {
        super(clientMessage, node, connection);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEndpoint() {
        if (!this.connection.isAlive()) {
            handleEndpointNotCreatedConnectionNotAlive();
            return;
        }
        checkExistingEndpoint();
        if (null == this.endpoint) {
            this.endpoint = new ClientEndpointImpl(this.clientEngine, this.connection);
        }
    }

    private void checkExistingEndpoint() {
        if (null != this.principal) {
            this.endpoint = this.endpointManager.getEndpoint(this.principal.getUuid());
            if (null != this.endpoint) {
                Connection connection = this.endpoint.getConnection();
                if (null != connection && !this.connection.equals(connection)) {
                    connection.close("A new authentication request from the same client with uuid " + this.clientUuid + " is received. Closing the existing connection for this endpoint.", null);
                }
                this.endpoint.setConnection(this.connection);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    public ClientEndpoint getEndpoint() {
        if (this.connection.isAlive()) {
            return this.endpoint;
        }
        handleEndpointNotCreatedConnectionNotAlive();
        return null;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    protected boolean isAuthenticationMessage() {
        return true;
    }

    private void handleEndpointNotCreatedConnectionNotAlive() {
        this.logger.warning("Dropped: " + this.clientMessage + " -> endpoint not created for AuthenticationRequest, connection not alive");
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractCallableMessageTask
    public Object call() {
        AuthenticationStatus authenticate = this.clientSerializationVersion != this.serializationService.getVersion() ? AuthenticationStatus.SERIALIZATION_VERSION_MISMATCH : authenticate();
        switch (authenticate) {
            case AUTHENTICATED:
                return handleAuthenticated();
            case CREDENTIALS_FAILED:
                return handleUnauthenticated();
            case SERIALIZATION_VERSION_MISMATCH:
                return handleSerializationVersionMismatch();
            default:
                throw new IllegalStateException("Unsupported authentication status :" + authenticate);
        }
    }

    private AuthenticationStatus authenticate() {
        AuthenticationStatus authenticationStatus;
        ILogger logger = this.clientEngine.getLogger(getClass());
        if (this.credentials == null) {
            authenticationStatus = AuthenticationStatus.CREDENTIALS_FAILED;
            logger.severe("Could not retrieve Credentials object!");
        } else if (this.clientEngine.getSecurityContext() != null) {
            authenticationStatus = authenticate(this.clientEngine.getSecurityContext());
        } else if (this.credentials instanceof UsernamePasswordCredentials) {
            authenticationStatus = authenticate((UsernamePasswordCredentials) this.credentials);
        } else {
            authenticationStatus = AuthenticationStatus.CREDENTIALS_FAILED;
            logger.severe("Hazelcast security is disabled.\nUsernamePasswordCredentials or cluster group-name and group-password should be used for authentication!\nCurrent credentials type is: " + this.credentials.getClass().getName());
        }
        return authenticationStatus;
    }

    private AuthenticationStatus authenticate(SecurityContext securityContext) {
        this.credentials.setEndpoint(this.endpoint.getConnection().getInetAddress().getHostAddress());
        try {
            LoginContext createClientLoginContext = securityContext.createClientLoginContext(this.credentials);
            createClientLoginContext.login();
            this.endpoint.setLoginContext(createClientLoginContext);
            return AuthenticationStatus.AUTHENTICATED;
        } catch (LoginException e) {
            this.logger.warning(e);
            return AuthenticationStatus.CREDENTIALS_FAILED;
        }
    }

    private AuthenticationStatus authenticate(UsernamePasswordCredentials usernamePasswordCredentials) {
        GroupConfig groupConfig = this.nodeEngine.getConfig().getGroupConfig();
        return (groupConfig.getName().equals(usernamePasswordCredentials.getUsername()) && groupConfig.getPassword().equals(usernamePasswordCredentials.getPassword())) ? AuthenticationStatus.AUTHENTICATED : AuthenticationStatus.CREDENTIALS_FAILED;
    }

    private Object handleUnauthenticated() {
        this.clientEngine.getLogger(getClass()).log(Level.WARNING, "Received auth from " + this.endpoint.getConnection() + " with principal " + this.principal + " , authentication failed");
        return encodeAuth(AuthenticationStatus.CREDENTIALS_FAILED.getId(), null, null, null, this.serializationService.getVersion(), null);
    }

    private Object handleSerializationVersionMismatch() {
        return encodeAuth(AuthenticationStatus.SERIALIZATION_VERSION_MISMATCH.getId(), null, null, null, this.serializationService.getVersion(), null);
    }

    private ClientMessage handleAuthenticated() {
        ArrayList arrayList = new ArrayList();
        if (isOwnerConnection()) {
            String uuid = getUuid();
            this.principal = new ClientPrincipal(uuid, this.clientEngine.getLocalMember().getUuid());
            if (!reAuthenticateWithMembers(uuid)) {
                return encodeAuth(AuthenticationStatus.CREDENTIALS_FAILED.getId(), null, null, null, this.serializationService.getVersion(), null);
            }
        }
        if (this.clientEngine.getClusterService().getMember(this.principal.getOwnerUuid()) == null) {
            return encodeAuth(AuthenticationStatus.CREDENTIALS_FAILED.getId(), null, null, null, this.serializationService.getVersion(), null);
        }
        Connection connection = this.endpoint.getConnection();
        ILogger logger = this.clientEngine.getLogger(getClass());
        this.endpoint.authenticated(this.principal, this.credentials, isOwnerConnection(), this.clientVersion);
        setConnectionType();
        logger.log(Level.INFO, "Received auth from " + connection + ", successfully authenticated, principal : " + this.principal + ", owner connection : " + isOwnerConnection() + ", client version : " + this.clientVersion);
        this.endpointManager.registerEndpoint(this.endpoint);
        this.clientEngine.bind(this.endpoint);
        return encodeAuth(AuthenticationStatus.AUTHENTICATED.getId(), this.clientEngine.getThisAddress(), this.principal.getUuid(), this.principal.getOwnerUuid(), this.serializationService.getVersion(), arrayList);
    }

    private boolean reAuthenticateWithMembers(String str) {
        boolean z = true;
        ArrayList arrayList = new ArrayList();
        MemberImpl localMember = this.clientEngine.getLocalMember();
        for (Member member : this.nodeEngine.getClusterService().getMembers()) {
            if (!member.localMember()) {
                ClientReAuthOperation clientReAuthOperation = new ClientReAuthOperation(str);
                clientReAuthOperation.setCallerUuid(localMember.getUuid());
                try {
                    InvocationBuilder createInvocationBuilder = this.nodeEngine.getOperationService().createInvocationBuilder((String) null, clientReAuthOperation, member.getAddress());
                    createInvocationBuilder.setTryCount(1);
                    arrayList.add(new OperationInfo(createInvocationBuilder.invoke(), member));
                } catch (Exception e) {
                    this.logger.warning("Failed to invoke ClientReAuthOperation of client " + str + " at member " + member);
                    z = false;
                }
            }
        }
        if (z) {
            reAuthLocal();
        }
        return z;
    }

    private void setConnectionType() {
        String clientType = getClientType();
        if (ClientTypes.JAVA.equals(clientType)) {
            this.connection.setType(ConnectionType.JAVA_CLIENT);
            return;
        }
        if (ClientTypes.CSHARP.equals(clientType)) {
            this.connection.setType(ConnectionType.CSHARP_CLIENT);
            return;
        }
        if (ClientTypes.CPP.equals(clientType)) {
            this.connection.setType(ConnectionType.CPP_CLIENT);
            return;
        }
        if (ClientTypes.PYTHON.equals(clientType)) {
            this.connection.setType(ConnectionType.PYTHON_CLIENT);
            return;
        }
        if (ClientTypes.RUBY.equals(clientType)) {
            this.connection.setType(ConnectionType.RUBY_CLIENT);
        } else if (ClientTypes.NODEJS.equals(clientType)) {
            this.connection.setType(ConnectionType.NODEJS_CLIENT);
        } else {
            this.clientEngine.getLogger(getClass()).info("Unknown client type: " + clientType);
            this.connection.setType(ConnectionType.BINARY_CLIENT);
        }
    }

    protected abstract ClientMessage encodeAuth(byte b, Address address, String str, String str2, byte b2, List<Member> list);

    protected abstract boolean isOwnerConnection();

    protected abstract String getClientType();

    private String getUuid() {
        return this.principal != null ? this.principal.getUuid() : UuidUtil.createClientUuid(this.endpoint.getConnection().getEndPoint());
    }

    private boolean reAuthLocal() {
        Set<ClientEndpoint> endpoints = this.endpointManager.getEndpoints(this.principal.getUuid());
        Iterator<ClientEndpoint> it = endpoints.iterator();
        while (it.hasNext()) {
            it.next().authenticated(this.principal);
        }
        this.clientEngine.addOwnershipMapping(this.principal.getUuid(), this.principal.getOwnerUuid());
        return endpoints.isEmpty();
    }

    @Override // com.hazelcast.client.impl.client.SecureRequest
    public Permission getRequiredPermission() {
        return null;
    }
}
