package com.hazelcast.client.impl.client;

import com.hazelcast.client.AuthenticationException;
import com.hazelcast.client.ClientEndpoint;
import com.hazelcast.client.impl.ClientEngineImpl;
import com.hazelcast.client.impl.operations.ClientReAuthOperation;
import com.hazelcast.config.GroupConfig;
import com.hazelcast.core.Member;
import com.hazelcast.logging.ILogger;
import com.hazelcast.nio.serialization.Portable;
import com.hazelcast.nio.serialization.PortableReader;
import com.hazelcast.nio.serialization.PortableWriter;
import com.hazelcast.security.Credentials;
import com.hazelcast.security.SecurityContext;
import com.hazelcast.security.UsernamePasswordCredentials;
import com.hazelcast.spi.impl.SerializableList;
import com.hazelcast.util.UuidUtil;
import java.io.IOException;
import java.security.Permission;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.logging.Level;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:WEB-INF/lib/hazelcast-3.6.4.jar:com/hazelcast/client/impl/client/AuthenticationRequest.class */
public final class AuthenticationRequest extends CallableClientRequest {
    private Credentials credentials;
    private ClientPrincipal principal;
    private boolean ownerConnection;

    public AuthenticationRequest() {
    }

    public AuthenticationRequest(Credentials credentials) {
        this.credentials = credentials;
    }

    public AuthenticationRequest(Credentials credentials, ClientPrincipal clientPrincipal) {
        this.credentials = credentials;
        this.principal = clientPrincipal;
    }

    @Override // java.util.concurrent.Callable
    public Object call() throws Exception {
        return authenticate() ? handleAuthenticated() : handleUnauthenticated();
    }

    private boolean authenticate() {
        boolean z;
        ILogger logger = this.clientEngine.getLogger(getClass());
        if (this.credentials == null) {
            z = false;
            logger.severe("Could not retrieve Credentials object!");
        } else if (this.clientEngine.getSecurityContext() != null) {
            z = authenticate(this.clientEngine.getSecurityContext());
        } else if (this.credentials instanceof UsernamePasswordCredentials) {
            z = authenticate((UsernamePasswordCredentials) this.credentials);
        } else {
            z = false;
            logger.severe("Hazelcast security is disabled.\nUsernamePasswordCredentials or cluster group-name and group-password should be used for authentication!\nCurrent credentials type is: " + this.credentials.getClass().getName());
        }
        return z;
    }

    private boolean authenticate(UsernamePasswordCredentials usernamePasswordCredentials) {
        GroupConfig groupConfig = ((ClientEngineImpl) getService()).getConfig().getGroupConfig();
        return groupConfig.getName().equals(usernamePasswordCredentials.getUsername()) && groupConfig.getPassword().equals(usernamePasswordCredentials.getPassword());
    }

    private boolean authenticate(SecurityContext securityContext) {
        this.credentials.setEndpoint(this.endpoint.getConnection().getInetAddress().getHostAddress());
        try {
            LoginContext createClientLoginContext = securityContext.createClientLoginContext(this.credentials);
            createClientLoginContext.login();
            this.endpoint.setLoginContext(createClientLoginContext);
            return true;
        } catch (LoginException e) {
            this.clientEngine.getLogger(getClass()).warning(e);
            return false;
        }
    }

    private Object handleUnauthenticated() {
        this.clientEngine.getLogger(getClass()).log(Level.WARNING, "Received auth from " + this.endpoint.getConnection() + " with principal " + this.principal + " , authentication failed");
        return new AuthenticationException("Invalid credentials!");
    }

    private Object handleAuthenticated() {
        if (this.ownerConnection) {
            String uuid = getUuid();
            this.principal = new ClientPrincipal(uuid, this.clientEngine.getLocalMember().getUuid());
            reAuthLocal();
            for (Member member : this.clientEngine.getClusterService().getMembers()) {
                if (!member.localMember()) {
                    ClientReAuthOperation clientReAuthOperation = new ClientReAuthOperation(uuid);
                    clientReAuthOperation.setCallerUuid(this.clientEngine.getLocalMember().getUuid());
                    this.operationService.send(clientReAuthOperation, member.getAddress());
                }
            }
        }
        if (this.clientEngine.getClusterService().getMember(this.principal.getOwnerUuid()) == null) {
            return new AuthenticationException("Invalid owner-uuid: " + this.principal.getOwnerUuid() + ", it's not member of this cluster!");
        }
        this.clientEngine.getLogger(getClass()).log(Level.INFO, "Received auth from " + this.endpoint.getConnection() + ", successfully authenticated, principal : " + this.principal + ", owner connection : " + this.ownerConnection);
        this.endpoint.authenticated(this.principal, this.credentials, this.ownerConnection);
        this.clientEngine.getEndpointManager().registerEndpoint(this.endpoint);
        this.clientEngine.bind(this.endpoint);
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.serializationService.toData(this.clientEngine.getThisAddress()));
        arrayList.add(this.serializationService.toData(this.principal));
        return new SerializableList(arrayList);
    }

    private String getUuid() {
        return this.principal != null ? this.principal.getUuid() : UuidUtil.createClientUuid(this.endpoint.getConnection().getEndPoint());
    }

    private void reAuthLocal() {
        Iterator<ClientEndpoint> it = this.clientEngine.getEndpointManager().getEndpoints(this.principal.getUuid()).iterator();
        while (it.hasNext()) {
            it.next().authenticated(this.principal);
        }
        this.clientEngine.addOwnershipMapping(this.principal.getUuid(), this.principal.getOwnerUuid());
    }

    @Override // com.hazelcast.client.impl.client.ClientRequest
    public String getServiceName() {
        return ClientEngineImpl.SERVICE_NAME;
    }

    @Override // com.hazelcast.nio.serialization.Portable
    public int getFactoryId() {
        return ClientPortableHook.ID;
    }

    @Override // com.hazelcast.nio.serialization.Portable
    public int getClassId() {
        return 2;
    }

    public void setOwnerConnection(boolean z) {
        this.ownerConnection = z;
    }

    @Override // com.hazelcast.client.impl.client.ClientRequest
    public void write(PortableWriter portableWriter) throws IOException {
        portableWriter.writePortable("credentials", (Portable) this.credentials);
        if (this.principal != null) {
            portableWriter.writePortable("principal", this.principal);
        } else {
            portableWriter.writeNullPortable("principal", ClientPortableHook.ID, 3);
        }
        portableWriter.writeBoolean("firstConnection", this.ownerConnection);
    }

    @Override // com.hazelcast.client.impl.client.ClientRequest
    public void read(PortableReader portableReader) throws IOException {
        this.credentials = (Credentials) portableReader.readPortable("credentials");
        this.principal = (ClientPrincipal) portableReader.readPortable("principal");
        this.ownerConnection = portableReader.readBoolean("firstConnection");
    }

    @Override // com.hazelcast.client.impl.client.SecureRequest
    public Permission getRequiredPermission() {
        return null;
    }
}
