package oracle.kv.impl.security.login;

import java.rmi.AccessException;
import java.rmi.ConnectIOException;
import java.rmi.NotBoundException;
import java.rmi.Remote;
import java.rmi.RemoteException;
import java.rmi.registry.Registry;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.concurrent.atomic.AtomicReference;
import oracle.kv.AuthenticationFailureException;
import oracle.kv.AuthenticationRequiredException;
import oracle.kv.FaultException;
import oracle.kv.KVStoreException;
import oracle.kv.LoginCredentials;
import oracle.kv.impl.api.TopologyManager;
import oracle.kv.impl.fault.InternalFaultException;
import oracle.kv.impl.fault.RNUnavailableException;
import oracle.kv.impl.rep.admin.RepNodeAdminAPI;
import oracle.kv.impl.security.ClientProxyCredentials;
import oracle.kv.impl.security.ProxyCredentials;
import oracle.kv.impl.security.SessionAccessException;
import oracle.kv.impl.security.kerberos.KerberosLoginHelper;
import oracle.kv.impl.security.login.KerberosClientCreds;
import oracle.kv.impl.security.login.SessionId;
import oracle.kv.impl.security.login.UserLoginManager;
import oracle.kv.impl.security.util.KerberosPrincipals;
import oracle.kv.impl.topo.RepGroup;
import oracle.kv.impl.topo.RepGroupId;
import oracle.kv.impl.topo.RepNode;
import oracle.kv.impl.topo.RepNodeId;
import oracle.kv.impl.topo.ResourceId;
import oracle.kv.impl.topo.StorageNode;
import oracle.kv.impl.topo.Topology;
import oracle.kv.impl.util.HostPort;
import oracle.kv.impl.util.TopologyLocator;
import oracle.kv.impl.util.registry.RegistryUtils;

/* loaded from: input_file:oracle/kv/impl/security/login/RepNodeLoginManager.class */
public class RepNodeLoginManager extends UserLoginManager {
    private TopologyManager topoManager;
    private KerberosPrincipals krbPrincipalsInfo;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oracle/kv/impl/security/login/RepNodeLoginManager$BSRNLoginHandle.class */
    public static class BSRNLoginHandle extends UserLoginManager.AbstractUserLoginHandle {
        private UserLoginAPI loginAPI;

        public BSRNLoginHandle(LoginToken loginToken, UserLoginAPI userLoginAPI) {
            super(loginToken);
            this.loginAPI = userLoginAPI;
        }

        @Override // oracle.kv.impl.security.login.UserLoginManager.AbstractUserLoginHandle
        protected UserLoginAPI getLoginAPI() throws RemoteException {
            return this.loginAPI;
        }

        @Override // oracle.kv.impl.security.login.LoginHandle
        public boolean isUsable(ResourceId.ResourceType resourceType) {
            return resourceType.equals(ResourceId.ResourceType.REP_NODE) || resourceType.equals(ResourceId.ResourceType.ADMIN);
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/login/RepNodeLoginManager$LiveRNLoginHandle.class */
    class LiveRNLoginHandle extends UserLoginManager.AbstractUserLoginHandle {
        public LiveRNLoginHandle(LoginToken loginToken) {
            super(loginToken);
        }

        @Override // oracle.kv.impl.security.login.UserLoginManager.AbstractUserLoginHandle
        protected UserLoginAPI getLoginAPI() throws RemoteException {
            LoginToken loginToken = getLoginToken();
            if (loginToken == null) {
                return null;
            }
            SessionId sessionId = loginToken.getSessionId();
            String kVStoreName = RepNodeLoginManager.this.topoManager.getTopology().getKVStoreName();
            Topology topology = RepNodeLoginManager.this.topoManager.getTopology();
            if (sessionId.getIdValueScope() != SessionId.IdScope.PERSISTENT) {
                ResourceId allocator = sessionId.getAllocator();
                if (!(allocator instanceof RepNodeId)) {
                    throw new IllegalStateException("Expected a RepNodeId");
                }
                RepNodeId repNodeId = (RepNodeId) allocator;
                RepNode repNode = topology.get(new RepGroupId(repNodeId.getGroupId())).get(repNodeId);
                if (repNode == null) {
                    throw new IllegalStateException("Missing RepNode with id " + repNodeId + " in topology");
                }
                StorageNode storageNode = topology.get(repNode.getStorageNodeId());
                try {
                    return RegistryUtils.getRepNodeLogin(kVStoreName, storageNode.getHostname(), storageNode.getRegistryPort(), repNode.getResourceId(), (LoginManager) null);
                } catch (NotBoundException e) {
                    throw new RemoteException("login interface not bound", e);
                }
            }
            RemoteException remoteException = null;
            for (RepNode repNode2 : topology.getSortedRepNodes()) {
                StorageNode storageNode2 = topology.get(repNode2.getStorageNodeId());
                try {
                    return RegistryUtils.getRepNodeLogin(kVStoreName, storageNode2.getHostname(), storageNode2.getRegistryPort(), repNode2.getResourceId(), (LoginManager) null);
                } catch (NotBoundException e2) {
                } catch (RemoteException e3) {
                    if (remoteException == null) {
                        remoteException = e3;
                    }
                }
            }
            if (remoteException != null) {
                throw remoteException;
            }
            throw new RemoteException("No RepNode available");
        }

        @Override // oracle.kv.impl.security.login.LoginHandle
        public boolean isUsable(ResourceId.ResourceType resourceType) {
            return resourceType.equals(ResourceId.ResourceType.REP_NODE) || resourceType.equals(ResourceId.ResourceType.ADMIN);
        }
    }

    public RepNodeLoginManager(String str, boolean z) {
        super(str, z);
        this.krbPrincipalsInfo = null;
    }

    public void bootstrap(String[] strArr, LoginCredentials loginCredentials, String str) throws KVStoreException, AuthenticationFailureException {
        String isRepNodeLogin;
        AccessException accessException = null;
        String str2 = null;
        for (HostPort hostPort : HostPort.parse(strArr)) {
            String hostname = hostPort.hostname();
            int port = hostPort.port();
            try {
                Registry registry = RegistryUtils.getRegistry(hostname, port, str);
                for (String str3 : registry.list()) {
                    try {
                        isRepNodeLogin = RegistryUtils.isRepNodeLogin(str3);
                    } catch (SessionAccessException e) {
                        accessException = e;
                    } catch (AccessException e2) {
                        accessException = e2;
                    } catch (InternalFaultException e3) {
                        if (accessException == null) {
                            accessException = e3;
                        }
                    } catch (NotBoundException e4) {
                        accessException = e4;
                    } catch (ConnectIOException e5) {
                        accessException = e5;
                    } catch (RNUnavailableException e6) {
                        if (accessException == null) {
                            accessException = e6;
                        }
                    }
                    if (isRepNodeLogin != null) {
                        if (str == null || str.equals(isRepNodeLogin)) {
                            Remote lookup = registry.lookup(str3);
                            if (lookup instanceof UserLogin) {
                                if (bootstrapLogin((UserLogin) lookup, loginCredentials, new HostPort(hostname, port))) {
                                    break;
                                }
                            }
                        } else {
                            str2 = isRepNodeLogin;
                        }
                    }
                }
            } catch (RemoteException e7) {
                accessException = e7;
            }
            if (getLoginHandle() != null) {
                break;
            }
        }
        if (getLoginHandle() == null) {
            if (str2 == null) {
                throw new KVStoreException("Could not establish an initial login from: " + Arrays.toString(strArr), accessException);
            }
            throw new KVStoreException("Could not establish an initial login from: " + Arrays.toString(strArr) + " - ignored non-matching store name " + str2, accessException);
        }
    }

    public void setTopology(TopologyManager topologyManager) {
        this.topoManager = topologyManager;
        LoginHandle loginHandle = getLoginHandle();
        if (loginHandle == null) {
            return;
        }
        init(new LiveRNLoginHandle(loginHandle.getLoginToken()));
    }

    public synchronized void login(LoginCredentials loginCredentials) throws AuthenticationRequiredException, AuthenticationFailureException {
        LoginResult kerberosLogin;
        if (this.topoManager == null) {
            throw new IllegalStateException("Not properly initialized");
        }
        AccessException accessException = null;
        Topology localTopology = this.topoManager.getLocalTopology();
        RegistryUtils registryUtils = new RegistryUtils(localTopology, (LoginManager) null);
        Iterator<RepGroup> it = localTopology.getRepGroupMap().getAll().iterator();
        while (it.hasNext()) {
            for (RepNode repNode : it.next().getRepNodes()) {
                try {
                    UserLoginAPI repNodeLogin = registryUtils.getRepNodeLogin(repNode.getResourceId());
                    kerberosLogin = loginCredentials instanceof KerberosClientCreds ? kerberosLogin(repNodeLogin, (KerberosClientCreds) loginCredentials, localTopology.get(repNode.getStorageNodeId())) : repNodeLogin.login(loginCredentials);
                } catch (InternalFaultException e) {
                    if (accessException == null) {
                        accessException = e;
                    }
                } catch (AccessException e2) {
                    accessException = e2;
                } catch (AuthenticationFailureException e3) {
                    throw e3;
                } catch (RemoteException e4) {
                    if (accessException == null) {
                        accessException = e4;
                    }
                } catch (RNUnavailableException e5) {
                    if (accessException == null) {
                        accessException = e5;
                    }
                } catch (NotBoundException e6) {
                    accessException = e6;
                }
                if (kerberosLogin.getLoginToken() != null) {
                    init(new LiveRNLoginHandle(kerberosLogin.getLoginToken()));
                    return;
                }
                continue;
            }
        }
        throw new AuthenticationRequiredException((Throwable) accessException, false);
    }

    public void locateKrbPrincipals() throws KVStoreException {
        Topology localTopology = this.topoManager.getLocalTopology();
        ArrayList arrayList = new ArrayList();
        for (StorageNode storageNode : localTopology.getStorageNodeMap().getAll()) {
            arrayList.add(storageNode.getHostname() + TopologyLocator.HOST_PORT_SEPARATOR + storageNode.getRegistryPort());
        }
        locateKrbPrincipals((String[]) arrayList.toArray(new String[arrayList.size()]), localTopology.getKVStoreName());
    }

    public void locateKrbPrincipals(String[] strArr, String str) throws KVStoreException {
        AtomicReference atomicReference = new AtomicReference();
        final AtomicReference atomicReference2 = new AtomicReference();
        TopologyLocator.applyToRNs(strArr, str, "Kerberos principals locator", this, atomicReference, new TopologyLocator.RNAdminCallback() { // from class: oracle.kv.impl.security.login.RepNodeLoginManager.1
            @Override // oracle.kv.impl.util.TopologyLocator.RNAdminCallback
            public void callback(RepNodeAdminAPI repNodeAdminAPI) throws RemoteException {
                atomicReference2.set(repNodeAdminAPI);
            }
        });
        if (atomicReference2.get() == null) {
            if (!(atomicReference.get() instanceof FaultException)) {
                throw new KVStoreException("Could not contact any RepNode at: " + Arrays.toString(strArr), (Throwable) atomicReference.get());
            }
            throw ((FaultException) atomicReference.get());
        }
        try {
            this.krbPrincipalsInfo = ((RepNodeAdminAPI) atomicReference2.get()).getKerberosPrincipals();
        } catch (RemoteException e) {
            throw new KVStoreException("Could not find Kerberos principal map from: " + Arrays.toString(strArr), (Throwable) atomicReference.get());
        } catch (InternalFaultException e2) {
            throw new FaultException((Throwable) e2, false);
        }
    }

    private boolean bootstrapLogin(UserLogin userLogin, LoginCredentials loginCredentials, HostPort hostPort) throws RemoteException, AuthenticationFailureException, SessionAccessException {
        UserLoginAPI wrap = UserLoginAPI.wrap(userLogin);
        LoginResult proxyBootstrapLogin = loginCredentials instanceof ClientProxyCredentials ? proxyBootstrapLogin(userLogin, (ClientProxyCredentials) loginCredentials, hostPort) : loginCredentials instanceof KerberosClientCreds ? KerberosLoginHelper.kerberosLogin(wrap, (KerberosClientCreds) loginCredentials, hostPort.hostname()) : wrap.login(loginCredentials);
        if (proxyBootstrapLogin.getLoginToken() == null) {
            return false;
        }
        init(new BSRNLoginHandle(proxyBootstrapLogin.getLoginToken(), wrap));
        return true;
    }

    private LoginResult proxyBootstrapLogin(UserLogin userLogin, ClientProxyCredentials clientProxyCredentials, HostPort hostPort) throws RemoteException, SessionAccessException {
        return UserLoginAPI.wrap(userLogin, clientProxyCredentials.getInternalManager().getHandle(hostPort, ResourceId.ResourceType.REP_NODE)).proxyLogin(new ProxyCredentials(clientProxyCredentials.getUser()));
    }

    private LoginResult kerberosLogin(UserLoginAPI userLoginAPI, KerberosClientCreds kerberosClientCreds, StorageNode storageNode) {
        KerberosClientCreds.KrbServicePrincipals krbServicePrincipals = kerberosClientCreds.getKrbServicePrincipals();
        String hostname = storageNode.getHostname();
        if (krbServicePrincipals.getPrincipal(hostname) == null) {
            kerberosClientCreds.addServicePrincipal(hostname, this.krbPrincipalsInfo.getInstanceName(storageNode));
        }
        return KerberosLoginHelper.kerberosLogin(userLoginAPI, kerberosClientCreds, hostname);
    }
}
