package com.hazelcast.client.impl.protocol.task;

import com.hazelcast.auditlog.AuditlogTypeIds;
import com.hazelcast.client.impl.protocol.AuthenticationStatus;
import com.hazelcast.client.impl.protocol.ClientMessage;
import com.hazelcast.cluster.Address;
import com.hazelcast.core.HazelcastInstanceNotActiveException;
import com.hazelcast.instance.impl.Node;
import com.hazelcast.internal.nio.Connection;
import com.hazelcast.internal.server.ServerConnection;
import com.hazelcast.security.Credentials;
import com.hazelcast.security.PasswordCredentials;
import com.hazelcast.security.SecurityContext;
import com.hazelcast.security.UsernamePasswordCredentials;
import java.security.Permission;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:lib/hazelcast-5.3.7.jar:com/hazelcast/client/impl/protocol/task/AuthenticationBaseMessageTask.class */
public abstract class AuthenticationBaseMessageTask<P> extends AbstractMessageTask<P> implements BlockingMessageTask, UrgentMessageTask {
    protected transient UUID clientUuid;
    protected transient String clusterName;
    protected transient String clientName;
    protected transient Set<String> labels;
    protected transient Credentials credentials;
    transient byte clientSerializationVersion;
    transient String clientVersion;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationBaseMessageTask(ClientMessage clientMessage, Node node, Connection connection) {
        super(clientMessage, node, connection);
    }

    @Override // com.hazelcast.spi.impl.PartitionSpecificRunnable
    public int getPartitionId() {
        return -1;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    protected boolean requiresAuthentication() {
        return false;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    protected boolean acceptOnIncompleteStart() {
        return true;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    protected boolean validateNodeStartBeforeDecode() {
        return false;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    public void processMessage() {
        switch (authenticate()) {
            case SERIALIZATION_VERSION_MISMATCH:
                sendClientMessage(prepareSerializationVersionMismatchClientMessage());
                return;
            case NOT_ALLOWED_IN_CLUSTER:
                sendClientMessage(prepareNotAllowedInCluster());
                return;
            case CREDENTIALS_FAILED:
                sendClientMessage(prepareUnauthenticatedClientMessage());
                return;
            case AUTHENTICATED:
                if (this.logger.isFineEnabled()) {
                    this.logger.fine("Processing authentication with clientUuid " + this.clientUuid + " and clientName " + this.clientName);
                }
                sendClientMessage(prepareAuthenticatedClientMessage());
                return;
            default:
                throw new IllegalStateException("Unhandled authentication result");
        }
    }

    private AuthenticationStatus authenticate() {
        if (this.endpoint.isAuthenticated()) {
            return AuthenticationStatus.AUTHENTICATED;
        }
        if (this.clientSerializationVersion != this.serializationService.getVersion()) {
            return AuthenticationStatus.SERIALIZATION_VERSION_MISMATCH;
        }
        if (this.credentials == null) {
            this.logger.severe("Could not retrieve Credentials object!");
            return AuthenticationStatus.CREDENTIALS_FAILED;
        }
        if (this.clientEngine.getSecurityContext() != null) {
            return authenticate(this.clientEngine.getSecurityContext());
        }
        if (this.credentials instanceof UsernamePasswordCredentials) {
            return verifyEmptyCredentialsAndClusterName((PasswordCredentials) this.credentials);
        }
        this.logger.severe("Hazelcast security is disabled.\nNull username and password values are expected.\nOnly the cluster name is verified in this case!\nCurrent credentials type is: " + this.credentials.getClass().getName());
        return AuthenticationStatus.CREDENTIALS_FAILED;
    }

    /* JADX WARN: Type inference failed for: r0v19, types: [com.hazelcast.auditlog.EventBuilder] */
    /* JADX WARN: Type inference failed for: r0v30, types: [com.hazelcast.auditlog.EventBuilder] */
    /* JADX WARN: Type inference failed for: r0v48, types: [com.hazelcast.auditlog.EventBuilder] */
    private AuthenticationStatus authenticate(SecurityContext securityContext) {
        if (!this.nodeEngine.getConfig().getClusterName().equals(this.clusterName)) {
            return AuthenticationStatus.CREDENTIALS_FAILED;
        }
        ServerConnection connection = this.endpoint.getConnection();
        Boolean bool = Boolean.FALSE;
        try {
            try {
                LoginContext createClientLoginContext = securityContext.createClientLoginContext(this.clusterName, this.credentials, connection);
                createClientLoginContext.login();
                this.endpoint.setLoginContext(createClientLoginContext);
                bool = Boolean.TRUE;
                AuthenticationStatus authenticationStatus = AuthenticationStatus.AUTHENTICATED;
                this.nodeEngine.getNode().getNodeExtension().getAuditlogService().eventBuilder(AuditlogTypeIds.AUTHENTICATION_CLIENT).message("Client connection authentication.").addParameter("connection", connection).addParameter("credentials", this.credentials).addParameter("passed", bool).log();
                return authenticationStatus;
            } catch (LoginException e) {
                this.logger.warning(e);
                AuthenticationStatus authenticationStatus2 = AuthenticationStatus.CREDENTIALS_FAILED;
                this.nodeEngine.getNode().getNodeExtension().getAuditlogService().eventBuilder(AuditlogTypeIds.AUTHENTICATION_CLIENT).message("Client connection authentication.").addParameter("connection", connection).addParameter("credentials", this.credentials).addParameter("passed", bool).log();
                return authenticationStatus2;
            }
        } catch (Throwable th) {
            this.nodeEngine.getNode().getNodeExtension().getAuditlogService().eventBuilder(AuditlogTypeIds.AUTHENTICATION_CLIENT).message("Client connection authentication.").addParameter("connection", connection).addParameter("credentials", this.credentials).addParameter("passed", bool).log();
            throw th;
        }
    }

    private AuthenticationStatus verifyEmptyCredentialsAndClusterName(PasswordCredentials passwordCredentials) {
        if (passwordCredentials.getName() == null && passwordCredentials.getPassword() == null) {
            return this.nodeEngine.getConfig().getClusterName().equals(this.clusterName) ? AuthenticationStatus.AUTHENTICATED : AuthenticationStatus.CREDENTIALS_FAILED;
        }
        this.logger.warning("Received auth from " + this.connection + " with clientUuid " + this.clientUuid + " and clientName " + this.clientName + ", authentication rejected because security is disabled on the member, and client sends not-null username or password.");
        return AuthenticationStatus.CREDENTIALS_FAILED;
    }

    private ClientMessage prepareUnauthenticatedClientMessage() {
        boolean isClientFailoverSupported = this.nodeEngine.getNode().getNodeExtension().isClientFailoverSupported();
        this.logger.warning("Received auth from " + this.endpoint.getConnection() + " with clientUuid " + this.clientUuid + " and clientName " + this.clientName + ", authentication failed");
        return encodeAuth(AuthenticationStatus.CREDENTIALS_FAILED.getId(), null, null, (byte) -1, "", -1, null, isClientFailoverSupported, null, null);
    }

    private ClientMessage prepareNotAllowedInCluster() {
        return encodeAuth(AuthenticationStatus.NOT_ALLOWED_IN_CLUSTER.getId(), null, null, (byte) -1, "", -1, null, this.nodeEngine.getNode().getNodeExtension().isClientFailoverSupported(), null, null);
    }

    private ClientMessage prepareSerializationVersionMismatchClientMessage() {
        return encodeAuth(AuthenticationStatus.SERIALIZATION_VERSION_MISMATCH.getId(), null, null, (byte) -1, "", -1, null, this.nodeEngine.getNode().getNodeExtension().isClientFailoverSupported(), null, null);
    }

    private ClientMessage prepareAuthenticatedClientMessage() {
        ServerConnection connection = this.endpoint.getConnection();
        setConnectionType();
        setTpcTokenToEndpoint();
        this.endpoint.authenticated(this.clientUuid, this.credentials, this.clientVersion, this.clientMessage.getCorrelationId(), this.clientName, this.labels);
        validateNodeStart();
        UUID clusterId = this.clientEngine.getClusterService().getClusterId();
        if (clusterId == null) {
            throw new HazelcastInstanceNotActiveException("Hazelcast instance is not ready yet!");
        }
        if (!this.clientEngine.bind(this.endpoint)) {
            return prepareNotAllowedInCluster();
        }
        this.logger.info("Received auth from " + connection + ", successfully authenticated, clientUuid: " + this.clientUuid + ", client name: " + this.clientName + ", client version: " + this.clientVersion);
        Address thisAddress = this.clientEngine.getThisAddress();
        UUID uuid = this.clientEngine.getClusterService().getLocalMember().getUuid();
        return encodeAuth(AuthenticationStatus.AUTHENTICATED.getId(), thisAddress, uuid, this.serializationService.getVersion(), getMemberBuildInfo().getVersion(), this.clientEngine.getPartitionService().getPartitionCount(), clusterId, this.nodeEngine.getNode().getNodeExtension().isClientFailoverSupported(), this.nodeEngine.getTpcServerBootstrap().getClientPorts(), this.endpoint.getTpcToken() != null ? this.endpoint.getTpcToken().getContent() : null);
    }

    private void setConnectionType() {
        this.connection.setConnectionType(getClientType());
    }

    protected void setTpcTokenToEndpoint() {
    }

    protected abstract ClientMessage encodeAuth(byte b, Address address, UUID uuid, byte b2, String str, int i, UUID uuid2, boolean z, List<Integer> list, byte[] bArr);

    protected abstract String getClientType();

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    protected ClientMessage encodeResponse(Object obj) {
        return (ClientMessage) obj;
    }

    @Override // com.hazelcast.client.impl.client.SecureRequest
    public Permission getRequiredPermission() {
        return null;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask
    public String getServiceName() {
        return null;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask, com.hazelcast.client.impl.client.SecureRequest
    public String getDistributedObjectName() {
        return null;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask, com.hazelcast.client.impl.client.SecureRequest
    public String getMethodName() {
        return null;
    }

    @Override // com.hazelcast.client.impl.protocol.task.AbstractMessageTask, com.hazelcast.client.impl.client.SecureRequest
    public Object[] getParameters() {
        return null;
    }
}
