package com.hazelcast.security.loginimpl;

import com.hazelcast.config.Config;
import com.hazelcast.config.SecurityConfig;
import com.hazelcast.security.ClusterLoginModule;
import com.hazelcast.security.ClusterNameCallback;
import com.hazelcast.security.ConfigCallback;
import com.hazelcast.security.Credentials;
import com.hazelcast.security.CredentialsCallback;
import com.hazelcast.security.ICredentialsFactory;
import com.hazelcast.security.UsernamePasswordCredentials;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:WEB-INF/lib/hazelcast-jet-enterprise-4.3.jar:com/hazelcast/security/loginimpl/DefaultLoginModule.class */
public class DefaultLoginModule extends ClusterLoginModule implements LoginModule {
    private String name;

    @Override // com.hazelcast.security.ClusterLoginModule
    public boolean onLogin() throws LoginException {
        CredentialsCallback credentialsCallback = new CredentialsCallback();
        ConfigCallback configCallback = new ConfigCallback();
        ClusterNameCallback clusterNameCallback = new ClusterNameCallback();
        try {
            this.callbackHandler.handle(new Callback[]{credentialsCallback, configCallback, clusterNameCallback});
            Credentials credentials = credentialsCallback.getCredentials();
            String clusterName = clusterNameCallback.getClusterName();
            this.name = credentials.getName();
            Config config = configCallback.getConfig();
            if (config == null) {
                throw new LoginException("Cluster Configuration is not available.");
            }
            UsernamePasswordCredentials credentialsFromRealm = getCredentialsFromRealm(config.getSecurityConfig());
            if (credentialsFromRealm != null) {
                if (credentialsFromRealm.equals(credentials)) {
                    addRole(this.name);
                    return true;
                }
            } else if (clusterName != null && clusterName.equals(config.getClusterName())) {
                this.logger.fine("Username-password identity is not configured, only the cluster names are compared!");
                this.name = clusterName;
                addRole(this.name);
                return true;
            }
            throw new FailedLoginException("Username/password provided don't match the expected values.");
        } catch (IOException | UnsupportedCallbackException e) {
            this.logger.warning("Retrieving the password failed.", e);
            throw new LoginException("Unable to retrieve the password");
        }
    }

    private UsernamePasswordCredentials getCredentialsFromRealm(SecurityConfig securityConfig) {
        String memberRealm = securityConfig.getMemberRealm();
        if (memberRealm == null) {
            this.logger.warning("Member Realm name is not configured.");
            return null;
        }
        ICredentialsFactory realmCredentialsFactory = securityConfig.getRealmCredentialsFactory(memberRealm);
        if (realmCredentialsFactory == null) {
            this.logger.warning("Member realm name " + memberRealm + " is missing an identity configuration.");
            return null;
        }
        Credentials newCredentials = realmCredentialsFactory.newCredentials();
        if (newCredentials instanceof UsernamePasswordCredentials) {
            return (UsernamePasswordCredentials) newCredentials;
        }
        this.logger.warning("Member realm '" + memberRealm + "' doesn't have username-password identity configured. Only cluster-name comparison will be used for authentication.");
        return null;
    }

    @Override // com.hazelcast.security.ClusterLoginModule
    protected String getName() {
        return this.name;
    }
}
