package com.hazelcast.security;

import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

@SuppressFBWarnings({"URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD"})
/* loaded from: input_file:com/hazelcast/security/ClusterLoginModule.class */
public abstract class ClusterLoginModule implements LoginModule {
    public static final String OPTION_SKIP_IDENTITY = "skipIdentity";
    public static final String OPTION_SKIP_ROLE = "skipRole";
    public static final String OPTION_SKIP_ENDPOINT = "skipEndpoint";
    protected static final String SHARED_STATE_IDENTITY = "hazelcast.last.identity";
    protected String endpoint;
    protected Subject subject;
    protected Map<String, ?> options;
    protected Map sharedState;
    protected boolean loginSucceeded;
    protected boolean commitSucceeded;
    protected CallbackHandler callbackHandler;
    protected final ILogger logger = Logger.getLogger(getClass().getName());
    private Set<String> assignedRoles = new HashSet();

    public final void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        onInitialize();
    }

    public final boolean login() throws LoginException {
        if (!getBoolOption(OPTION_SKIP_ENDPOINT, false)) {
            EndpointCallback endpointCallback = new EndpointCallback();
            try {
                this.callbackHandler.handle(new Callback[]{endpointCallback});
            } catch (Exception e) {
                this.logger.log(Level.WARNING, "Retrieving the remote address failed", e);
            }
            this.endpoint = endpointCallback.getEndpoint();
            if (this.endpoint == null) {
                this.logger.log(Level.WARNING, "Remote address is empty!");
            }
        }
        if (this.logger.isFinestEnabled()) {
            this.logger.log(Level.FINEST, "Authenticating request from " + getEndpointString());
        }
        this.loginSucceeded = onLogin();
        String name = getName();
        if (this.loginSucceeded && !isSkipIdentity() && name != null) {
            this.sharedState.put(SHARED_STATE_IDENTITY, name);
        }
        return this.loginSucceeded;
    }

    public final boolean commit() throws LoginException {
        if (!this.loginSucceeded) {
            this.logger.log(Level.WARNING, "Authentication has been failed! Endpoint " + getEndpointString());
            return false;
        }
        String name = getName();
        this.logger.log(Level.FINEST, "Committing authentication from " + name);
        Set<Principal> principals = this.subject.getPrincipals();
        if (name != null && !isSkipIdentity()) {
            replaceTypedPrincipal(principals, new ClusterIdentityPrincipal(name));
        }
        if (this.endpoint != null && !getBoolOption(OPTION_SKIP_ENDPOINT, false)) {
            replaceTypedPrincipal(principals, new ClusterEndpointPrincipal(this.endpoint));
        }
        if (!isSkipRole()) {
            Iterator<String> it = this.assignedRoles.iterator();
            while (it.hasNext()) {
                principals.add(new ClusterRolePrincipal(it.next()));
            }
        }
        this.commitSucceeded = onCommit();
        return this.commitSucceeded;
    }

    private void replaceTypedPrincipal(Set<Principal> set, Principal principal) {
        Class<?> cls = principal.getClass();
        Iterator<Principal> it = set.iterator();
        while (it.hasNext()) {
            if (cls.isInstance(it.next())) {
                it.remove();
            }
        }
        set.add(principal);
    }

    public final boolean abort() throws LoginException {
        this.logger.log(Level.FINEST, "Aborting authentication");
        boolean onAbort = onAbort();
        clearSubject();
        this.loginSucceeded = false;
        this.commitSucceeded = false;
        return onAbort;
    }

    public final boolean logout() throws LoginException {
        this.logger.log(Level.FINEST, "Logging out");
        boolean onLogout = onLogout();
        clearSubject();
        this.loginSucceeded = false;
        this.commitSucceeded = false;
        return onLogout;
    }

    private void clearSubject() {
        Iterator<Principal> it = this.subject.getPrincipals().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof HazelcastPrincipal) {
                it.remove();
            }
        }
    }

    protected abstract boolean onLogin() throws LoginException;

    protected abstract String getName();

    /* JADX INFO: Access modifiers changed from: protected */
    public void onInitialize() {
    }

    protected boolean onCommit() throws LoginException {
        return true;
    }

    protected boolean onAbort() throws LoginException {
        return true;
    }

    protected boolean onLogout() throws LoginException {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addRole(String str) {
        if (this.logger.isFineEnabled()) {
            this.logger.fine("Assigning role: " + str);
        }
        this.assignedRoles.add(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getStringOption(String str, String str2) {
        String optionInternal = getOptionInternal(str);
        return optionInternal != null ? optionInternal.toString() : str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getBoolOption(String str, boolean z) {
        String optionInternal = getOptionInternal(str);
        return optionInternal != null ? Boolean.parseBoolean(optionInternal) : z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getIntOption(String str, int i) {
        String optionInternal = getOptionInternal(str);
        return optionInternal != null ? Integer.parseInt(optionInternal) : i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSkipRole() {
        return getBoolOption(OPTION_SKIP_ROLE, false);
    }

    protected boolean isSkipIdentity() {
        return getBoolOption(OPTION_SKIP_IDENTITY, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getLastIdentity() {
        return (String) this.sharedState.get(SHARED_STATE_IDENTITY);
    }

    private String getOptionInternal(String str) {
        Object obj;
        if (this.options == null || (obj = this.options.get(str)) == null) {
            return null;
        }
        return obj.toString();
    }

    private String getEndpointString() {
        return this.endpoint == null ? "<undefined>" : this.endpoint;
    }
}
