package com.pivotal.gemfirexd.internal.impl.jdbc.authentication;

import com.gemstone.gemfire.CancelException;
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.shared.ClientSharedData;
import com.gemstone.gemfire.internal.shared.StringPrintWriter;
import com.gemstone.gemfire.security.AuthInitialize;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.Authenticator;
import com.pivotal.gemfirexd.Constants;
import com.pivotal.gemfirexd.Property;
import com.pivotal.gemfirexd.auth.callback.CredentialInitializer;
import com.pivotal.gemfirexd.auth.callback.UserAuthenticator;
import com.pivotal.gemfirexd.internal.engine.GemFireXDQueryObserver;
import com.pivotal.gemfirexd.internal.engine.GemFireXDQueryObserverHolder;
import com.pivotal.gemfirexd.internal.engine.GfxdConstants;
import com.pivotal.gemfirexd.internal.engine.Misc;
import com.pivotal.gemfirexd.internal.engine.db.FabricDatabase;
import com.pivotal.gemfirexd.internal.engine.distributed.GfxdConnectionWrapper;
import com.pivotal.gemfirexd.internal.engine.distributed.utils.GemFireXDUtils;
import com.pivotal.gemfirexd.internal.engine.distributed.utils.SecurityUtils;
import com.pivotal.gemfirexd.internal.engine.store.GemFireStore;
import com.pivotal.gemfirexd.internal.iapi.error.PublicAPI;
import com.pivotal.gemfirexd.internal.iapi.error.StandardException;
import com.pivotal.gemfirexd.internal.iapi.jdbc.AuthenticationService;
import com.pivotal.gemfirexd.internal.iapi.services.daemon.Serviceable;
import com.pivotal.gemfirexd.internal.iapi.services.monitor.ModuleControl;
import com.pivotal.gemfirexd.internal.iapi.services.monitor.ModuleSupportable;
import com.pivotal.gemfirexd.internal.iapi.services.monitor.Monitor;
import com.pivotal.gemfirexd.internal.iapi.services.property.PropertyFactory;
import com.pivotal.gemfirexd.internal.iapi.services.property.PropertySetCallback;
import com.pivotal.gemfirexd.internal.iapi.services.property.PropertyUtil;
import com.pivotal.gemfirexd.internal.iapi.services.sanity.SanityManager;
import com.pivotal.gemfirexd.internal.iapi.store.access.AccessFactory;
import com.pivotal.gemfirexd.internal.iapi.util.IdUtil;
import com.pivotal.gemfirexd.internal.iapi.util.StringUtil;
import com.pivotal.gemfirexd.internal.impl.sql.execute.PlanUtils;
import java.io.PrintWriter;
import java.io.Serializable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.sql.SQLException;
import java.util.Dictionary;
import java.util.Properties;

/* loaded from: input_file:com/pivotal/gemfirexd/internal/impl/jdbc/authentication/AuthenticationServiceBase.class */
public abstract class AuthenticationServiceBase implements AuthenticationService, ModuleControl, ModuleSupportable, PropertySetCallback, AuthInitialize, Authenticator {
    private Properties bootProperties;
    protected UserAuthenticator authenticationScheme;
    private AccessFactory store;
    private LogWriterI18n securitylogger;
    public static final String AuthenticationTrace = "TraceAuthentication";
    public static final String factoryMethodForGFEAuth = ".getPeerAuthenticationService";
    private static AuthenticationServiceBase peerAuthenticationService;
    public static final String ID_PATTERN_NEW_SCHEME_V3 = "v33b60";
    public static final String ID_PATTERN_NEW_SCHEME_V2 = "v23b60";
    public static final String ID_PATTERN_NEW_SCHEME_V1 = "3b60";
    protected static final int SECMEC_USRSSBPWD = 8;
    public static final int MAGICLEN_NEWENCRYPT_SCHEME = 44;
    public static final String maskedvalue = "******";
    public static final String val = "_!_-p-h-_!_";
    static final /* synthetic */ boolean $assertionsDisabled;
    private final Properties bootCredentials = new Properties();
    private boolean isPeerAuthenticationService = false;
    private volatile boolean isShuttingDown = false;

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAuthenticationService(UserAuthenticator userAuthenticator) {
        this.authenticationScheme = userAuthenticator;
        SanityManager.ASSERT(this.authenticationScheme != null, "There is no authentication scheme for that service!");
        if (GemFireXDUtils.TraceAuthentication) {
            PrintWriter GET_DEBUG_STREAM = SanityManager.GET_DEBUG_STREAM();
            GET_DEBUG_STREAM.println("Authentication Service: [" + toString() + "]");
            GET_DEBUG_STREAM.println("Authentication Scheme : [" + this.authenticationScheme.toString() + "]");
        }
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.services.monitor.ModuleControl
    public void boot(boolean z, Properties properties) throws StandardException {
        this.bootCredentials.clear();
        this.store = (AccessFactory) Monitor.getServiceModule(this, AccessFactory.MODULE);
        PropertyFactory propertyFactory = (PropertyFactory) Monitor.getServiceModule(this, "com.pivotal.gemfirexd.internal.iapi.services.property.PropertyFactory");
        if (propertyFactory != null) {
            propertyFactory.addPropertySetNotification(this);
        }
        if (this.isPeerAuthenticationService && !(this instanceof NoneAuthenticationServiceImpl) && requireAuthentication(properties)) {
            String name = getClass().getName();
            properties.put("gemfire.security-peer-auth-init", name + factoryMethodForGFEAuth);
            properties.put("gemfire.security-peer-authenticator", name + factoryMethodForGFEAuth);
            properties.putAll(SecurityUtils.transformGFXDToGemFireProperties(properties));
            this.isShuttingDown = false;
        }
        this.bootProperties = properties;
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.services.monitor.ModuleControl
    public void stop() {
        this.bootCredentials.clear();
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.jdbc.AuthenticationService
    public String authenticate(String str, Properties properties) throws SQLException {
        for (StackTraceElement stackTraceElement : Thread.currentThread().getStackTrace()) {
            String className = stackTraceElement.getClassName();
            String methodName = stackTraceElement.getMethodName();
            if ((className.equals(GfxdConnectionWrapper.class.getName()) && methodName.equals("createConnection")) || (className.equals(GemFireXDUtils.class.getName()) && methodName.equals("createNewInternalConnection"))) {
                if (GemFireXDUtils.TraceAuthentication) {
                    SanityManager.DEBUG_PRINT("TraceAuthentication", "Skipping authentication for peer or internal connection");
                }
                GemFireXDQueryObserver gemFireXDQueryObserverHolder = GemFireXDQueryObserverHolder.getInstance();
                if (gemFireXDQueryObserverHolder == null) {
                    return null;
                }
                gemFireXDQueryObserverHolder.memberConnectionAuthenticationSkipped(true);
                return null;
            }
        }
        GemFireXDQueryObserver gemFireXDQueryObserverHolder2 = GemFireXDQueryObserverHolder.getInstance();
        if (gemFireXDQueryObserverHolder2 != null) {
            gemFireXDQueryObserverHolder2.userConnectionAuthenticationSkipped(false);
        }
        if (properties == null) {
            return "No user/password provided";
        }
        if (!this.isPeerAuthenticationService && properties.getProperty(GfxdConstants.PROPERTY_BOOT_INDICATOR) != null) {
            return null;
        }
        String property = properties.getProperty("user");
        String property2 = property == null ? properties.getProperty("UserName") : property;
        if (property2 != null) {
            try {
                property2 = IdUtil.getUserAuthorizationId(property2);
            } catch (StandardException e) {
                throw PublicAPI.wrapStandardException(e);
            }
        }
        if (property2 != null && property2.length() > 30) {
            return "User name '" + property2 + "' exceeded maximum allowed length 30";
        }
        String authenticateUser = this.authenticationScheme.authenticateUser(property2, properties.getProperty("password"), str, properties);
        if (GemFireXDUtils.TraceAuthentication) {
            SanityManager.DEBUG_PRINT("TraceAuthentication", "Authentication request determined user [" + property2 + "] " + (authenticateUser == null ? " VALID " : PlanUtils.space + authenticateUser + PlanUtils.space));
        }
        return authenticateUser;
    }

    public String getProperty(String str) {
        Properties properties;
        try {
            String serviceProperty = PropertyUtil.getServiceProperty(Misc.getMemStoreBootingNoThrow(), str, null);
            if (serviceProperty == null && (properties = this.bootProperties) != null) {
                serviceProperty = properties.getProperty(str);
            }
            return serviceProperty;
        } catch (CancelException e) {
            if (Monitor.reportOn || GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", "getProperty(" + str + ") received cancel exception ", e);
                return null;
            }
            SanityManager.DEBUG_PRINT("TraceAuthentication", "AuthenticationServiceBase:getProperty(" + str + ") received cancel exception: " + e.getMessage());
            return null;
        } catch (StandardException e2) {
            if (Monitor.reportOn || GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", "getProperty(" + str + ") received standard exception ", e2);
                return null;
            }
            SanityManager.DEBUG_PRINT("TraceAuthentication", "AuthenticationServiceBase:getProperty(" + str + ") received standard exception: " + e2.getMessage());
            return null;
        }
    }

    public String getDatabaseProperty(String str) {
        try {
            return PropertyUtil.getDatabaseProperty(Misc.getMemStoreBooting(), str);
        } catch (CancelException e) {
            return null;
        } catch (StandardException e2) {
            return null;
        }
    }

    public String getSystemProperty(String str) {
        if (Boolean.valueOf(getDatabaseProperty("gemfirexd.distributedsystem.propertiesOnly")).booleanValue()) {
            return null;
        }
        return PropertyUtil.getSystemProperty(str);
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.services.property.PropertySetCallback
    public void init(boolean z, Dictionary dictionary) {
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.services.property.PropertySetCallback
    public boolean validate(String str, Serializable serializable, Dictionary dictionary) {
        boolean z = str.startsWith("gemfirexd.user.") || str.startsWith("sqlfire.user.");
        if (GemFireXDUtils.TraceAuthentication) {
            if (z) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", str + " recognized as database user & credentials will be stored.");
            } else {
                SanityManager.DEBUG_PRINT("TraceAuthentication", str + " not recognized as a database user & therefore credentials won't be stored in GemFireXD.");
            }
        }
        return z;
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.services.property.PropertySetCallback
    public Serviceable apply(String str, Serializable serializable, Dictionary dictionary) {
        return null;
    }

    @Override // com.pivotal.gemfirexd.internal.iapi.services.property.PropertySetCallback
    public Serializable map(String str, Serializable serializable, Dictionary dictionary) throws StandardException {
        if (!str.startsWith("gemfirexd.user.") && !str.startsWith("sqlfire.user.")) {
            return null;
        }
        String str2 = (String) dictionary.get("gemfirexd.auth-provider");
        if (str2 != null && StringUtil.SQLEqualsIgnoreCase(str2, Constants.AUTHENTICATION_PROVIDER_LDAP)) {
            return null;
        }
        String str3 = (String) serializable;
        if (str3 != null) {
            str3 = str.startsWith("sqlfire.user.") ? encryptPassword(str.substring("sqlfire.user.".length()), str3, false, false, true) : encryptPassword(str.substring("gemfirexd.user.".length()), str3, false, false, true);
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean requireAuthentication(Properties properties) {
        return Boolean.valueOf(PropertyUtil.getPropertyFromSet(properties, "gemfirexd.authentication.required")).booleanValue();
    }

    public static String encryptPassword(String str, String str2) throws StandardException {
        return encryptPassword(str, str2, true, false, true);
    }

    public static boolean isEncrypted(String str) {
        return (str.startsWith(ID_PATTERN_NEW_SCHEME_V3) && str.length() > ID_PATTERN_NEW_SCHEME_V3.length()) || (str.startsWith(ID_PATTERN_NEW_SCHEME_V2) && str.length() > ID_PATTERN_NEW_SCHEME_V2.length()) || (str.startsWith(ID_PATTERN_NEW_SCHEME_V1) && str.length() > ID_PATTERN_NEW_SCHEME_V1.length());
    }

    public static String encryptUserPassword(String str, String str2, boolean z, boolean z2, boolean z3) throws SQLException {
        try {
            return encryptPassword(str, str2, z, z2, z3);
        } catch (StandardException e) {
            throw PublicAPI.wrapStandardException(e);
        }
    }

    protected static String encryptPassword(String str, String str2, boolean z, boolean z2, boolean z3) throws StandardException {
        if (str2 == null) {
            return null;
        }
        if (!z && isEncrypted(str2)) {
            if (GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", "Skipping encryption as it must be encrypted from origin - " + str2);
            }
            return str2;
        }
        String str3 = z3 ? "SHA-256" : "SHA-1";
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str3);
            messageDigest.reset();
            byte[] hexByte = StringUtil.toHexByte(str2, 0, str2.length());
            if (z3 || z2) {
                GemFireXDUtils.updateCipherKeyBytes(hexByte, ((str == null || str.length() == 0) ? "USER" : IdUtil.getUserAuthorizationId(str)).getBytes(ClientSharedData.UTF8));
            }
            messageDigest.update(hexByte);
            byte[] digest = messageDigest.digest();
            String str4 = (z3 ? ID_PATTERN_NEW_SCHEME_V3 : z2 ? ID_PATTERN_NEW_SCHEME_V2 : ID_PATTERN_NEW_SCHEME_V1) + StringUtil.toHexString(digest, 0, digest.length);
            if (SanityManager.DEBUG_ON("__PINT__")) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", " encrypting with v2encrypt=" + z2 + str2 + " to " + str4, new Throwable());
            }
            return str4;
        } catch (NoSuchAlgorithmException e) {
            throw StandardException.newException("XBCXC.S", str3, "default");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String substitutePassword(String str, String str2, Properties properties, boolean z) {
        String str3;
        MessageDigest messageDigest = null;
        byte[] bArr = {0, 0, 0, 0, 0, 0, 0, 1};
        try {
            messageDigest = MessageDigest.getInstance("SHA-1");
        } catch (NoSuchAlgorithmException e) {
        }
        messageDigest.reset();
        byte[] hexByte = StringUtil.toHexByte(str, 0, str.length());
        SanityManager.ASSERT((properties.getProperty("drdaSecTokenIn") == null || properties.getProperty("drdaSecTokenOut") == null) ? false : true, "Unexpected: Requester or server seed not available");
        String property = properties.getProperty("drdaSecTokenIn");
        String property2 = properties.getProperty("drdaSecTokenOut");
        byte[] fromHexString = StringUtil.fromHexString(property, 0, property.length());
        byte[] fromHexString2 = StringUtil.fromHexString(property2, 0, property2.length());
        if (z) {
            str3 = str2;
        } else {
            messageDigest.update(StringUtil.toHexByte(str2, 0, str2.length()));
            byte[] digest = messageDigest.digest();
            str3 = ID_PATTERN_NEW_SCHEME_V1 + StringUtil.toHexString(digest, 0, digest.length);
        }
        messageDigest.update(hexByte);
        messageDigest.update(StringUtil.toHexByte(str3, 0, str3.length()));
        messageDigest.update(messageDigest.digest());
        messageDigest.update(fromHexString2);
        messageDigest.update(fromHexString);
        messageDigest.update(hexByte);
        messageDigest.update(bArr);
        byte[] digest2 = messageDigest.digest();
        return StringUtil.toHexString(digest2, 0, digest2.length);
    }

    public static void setPeerAuthenticationService(AuthenticationServiceBase authenticationServiceBase) {
        peerAuthenticationService = authenticationServiceBase;
    }

    public static void setIsShuttingDown(boolean z) {
        if (peerAuthenticationService != null) {
            if (GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("security-warning:TraceAuthentication", " Shutting down authentication module. ");
            }
            peerAuthenticationService.isShuttingDown = z;
        }
    }

    public static void refreshAuthenticationServices(FabricDatabase fabricDatabase, AccessFactory accessFactory, PropertyFactory propertyFactory, Properties properties) throws StandardException {
        AuthenticationServiceBase authenticationServiceBase = peerAuthenticationService;
        authenticationServiceBase.store = accessFactory;
        authenticationServiceBase.securitylogger = Misc.getGemFireCache().getSecurityLoggerI18n();
        AuthenticationServiceBase authenticationServiceBase2 = (AuthenticationServiceBase) Monitor.findServiceModule(fabricDatabase, AuthenticationService.MODULE, GfxdConstants.AUTHENTICATION_SERVICE);
        propertyFactory.addPropertySetNotification(authenticationServiceBase2);
        authenticationServiceBase2.store = accessFactory;
        authenticationServiceBase2.securitylogger = authenticationServiceBase.securitylogger;
        try {
            String authenticate = authenticationServiceBase.authenticate("gemfirexd", properties);
            if (authenticate != null) {
                String property = properties.getProperty("user");
                String property2 = property == null ? properties.getProperty("UserName") : property;
                String systemProperty = PropertyUtil.getSystemProperty(SecurityUtils.SYSTEM_USER_KEY_PROPERTY);
                if (systemProperty != null && PropertyUtil.getSystemProperty(systemProperty) == null) {
                    PropertyUtil.clearSystemProperty(systemProperty);
                    PropertyUtil.clearSystemProperty(SecurityUtils.SYSTEM_USER_KEY_PROPERTY);
                }
                if (authenticationServiceBase.securitylogger.infoEnabled()) {
                    authenticationServiceBase.securitylogger.convertToLogWriter().info("Second phase authentication failed for user '" + property2 + "': " + authenticate);
                }
                throw StandardException.newException("08004.C.1", (Throwable) new AuthenticationFailedException("Authentication failed for " + GemFireStore.getMyId() + ": " + authenticate), (Object) authenticate);
            }
        } catch (SQLException e) {
            throw StandardException.newException("08004.C.1", (Throwable) e, (Object) ("Authentication failed with exception " + e));
        }
    }

    public static void cleanupOnError(FabricDatabase fabricDatabase, GemFireStore gemFireStore, PropertyFactory propertyFactory) {
        String systemProperty = PropertyUtil.getSystemProperty(SecurityUtils.SYSTEM_USER_KEY_PROPERTY);
        if (systemProperty != null) {
            PropertyUtil.clearSystemProperty(systemProperty);
            PropertyUtil.clearSystemProperty(SecurityUtils.SYSTEM_USER_KEY_PROPERTY);
        }
    }

    public static AuthenticationServiceBase getPeerAuthenticationService() {
        AuthenticationServiceBase authenticationServiceBase = peerAuthenticationService;
        if (authenticationServiceBase == null) {
            NoneAuthenticationServiceImpl noneAuthenticationServiceImpl = new NoneAuthenticationServiceImpl();
            if (GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("security-warning:TraceAuthentication", " Using NONE authentication ... ");
            }
            authenticationServiceBase = noneAuthenticationServiceImpl;
            authenticationServiceBase.isPeerAuthenticationService = true;
        }
        if (authenticationServiceBase == null || !Authenticator.class.isAssignableFrom(authenticationServiceBase.getClass()) || !AuthInitialize.class.isAssignableFrom(authenticationServiceBase.getClass())) {
            SanityManager.THROWASSERT("AuthenticationService (" + authenticationServiceBase.getClass() + ") is not compatible with GemFire interfaces ");
        }
        return authenticationServiceBase;
    }

    public Properties getCredentials(Properties properties, DistributedMember distributedMember, boolean z) throws AuthenticationFailedException {
        Properties trimOffGemFireProperties;
        if (!$assertionsDisabled && z != this.isPeerAuthenticationService) {
            throw new AssertionError(this + " service shouldn't be used for something else other than peer authentication ");
        }
        if (this.authenticationScheme instanceof CredentialInitializer) {
            Properties transformGemFireToGFXDProperties = SecurityUtils.transformGemFireToGFXDProperties(properties);
            if (this.securitylogger != null && this.securitylogger.fineEnabled()) {
                StringPrintWriter stringPrintWriter = new StringPrintWriter();
                GemFireXDUtils.dumpProperties(properties, "transforming GemFire Properties ", "TraceAuthentication", true, stringPrintWriter);
                GemFireXDUtils.dumpProperties(transformGemFireToGFXDProperties, " to GFXD Properties ", "TraceAuthentication", true, stringPrintWriter);
                this.securitylogger.fine(stringPrintWriter.toString());
            }
            try {
                trimOffGemFireProperties = ((CredentialInitializer) this.authenticationScheme).getCredentials(transformGemFireToGFXDProperties);
            } catch (Exception e) {
                this.securitylogger.warning(LocalizedStrings.ONE_ARG, new Object[]{"Exception in acquiring credentials with authentication scheme: " + this.authenticationScheme}, e);
                throw new AuthenticationFailedException("Error getting credentials: " + e, e);
            }
        } else {
            if (this.securitylogger != null) {
                this.securitylogger.warning(LocalizedStrings.Gfxd_AUTHENTICATION__NO_CREDENTIAL_INITIALIZER, new String[]{CredentialInitializer.class.getCanonicalName(), SecurityUtils.GFXD_SEC_PREFIX, UserAuthenticator.class.getCanonicalName()});
            }
            trimOffGemFireProperties = SecurityUtils.trimOffGemFireProperties(properties);
        }
        if (trimOffGemFireProperties == null) {
            this.securitylogger.warning(LocalizedStrings.ONE_ARG, new Object[]{"Couldn't locate credentials with authentication scheme: " + this.authenticationScheme + properties});
            throw new AuthenticationFailedException("Null credentials not allowed");
        }
        GemFireXDUtils.dumpProperties(trimOffGemFireProperties, "authentication credentials", "TraceAuthentication", GemFireXDUtils.TraceAuthentication, null);
        if (this.bootCredentials.isEmpty()) {
            this.bootCredentials.putAll(trimOffGemFireProperties);
            if (GemFireXDUtils.TraceAuthentication) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", "AuthenticationServiceBase: storing boot credentials of size " + this.bootCredentials.size());
            }
        }
        return trimOffGemFireProperties;
    }

    public void init(LogWriter logWriter, LogWriter logWriter2) throws AuthenticationFailedException {
        if (this.securitylogger == null) {
            this.securitylogger = logWriter2.convertToLogWriterI18n();
        }
    }

    public void close() {
    }

    public Principal authenticate(Properties properties, DistributedMember distributedMember) throws AuthenticationFailedException {
        if (this.isShuttingDown) {
            if (!GemFireXDUtils.TraceAuthentication) {
                return null;
            }
            SanityManager.DEBUG_PRINT("security-warning:TraceAuthentication", "VM is shutting down, so skip authentication");
            return null;
        }
        String str = null;
        try {
            GemFireXDUtils.dumpProperties(properties, "connection authentication for " + distributedMember + " with ", "TraceAuthentication", GemFireXDUtils.TraceAuthentication, null);
            str = authenticate("gemfirexd", properties);
        } catch (Throwable th) {
            StringBuilder sb = new StringBuilder("Exception in getting credentials of user for ");
            sb.append(distributedMember).append(GfxdConstants.SYS_HDFS_ROOT_DIR_DEF);
            if (this.authenticationScheme instanceof BasicAuthenticationServiceImpl) {
                sb.append(GemFireXDUtils.dumpProperties(properties, " Properties : ", "TraceAuthentication", true, new StringPrintWriter()).toString());
            }
            if (this.securitylogger != null) {
                sb.append(". Exception : ").append(th);
                this.securitylogger.warning(LocalizedStrings.ONE_ARG, sb.toString(), th);
            } else {
                sb.append(". Exception : ").append(th);
                SanityManager.DEBUG_PRINT("security-warning:TraceAuthentication", sb.toString(), th);
            }
            Misc.throwIfCacheNotClosed(new AuthenticationFailedException("Authentication failed for " + distributedMember + " with " + th, th));
        }
        if (str == null) {
            return null;
        }
        String str2 = "undefined value";
        String property = properties.getProperty("user");
        String property2 = property == null ? properties.getProperty("UserName") : property;
        if (property2 != null) {
            try {
                property2 = IdUtil.getUserAuthorizationId(property2);
            } catch (StandardException e) {
                throw new AuthenticationFailedException(e.getMessage());
            }
        }
        if (this.authenticationScheme instanceof BasicAuthenticationServiceImpl) {
            str2 = getSystemProperty("gemfirexd.user." + property2);
            if (str2 == null) {
                str2 = getSystemProperty("sqlfire.user." + property2);
            }
        }
        if (str2 == null && distributedMember == null) {
            if (!GemFireXDUtils.TraceAuthentication) {
                return null;
            }
            SanityManager.DEBUG_PRINT("TraceAuthentication", "user not found. initiating second phase authentication for " + property2);
            return null;
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Rejecting credentials of user '").append(property2).append("' for ").append(distributedMember).append(": ").append(str).append(GfxdConstants.SYS_HDFS_ROOT_DIR_DEF);
        if (this.authenticationScheme instanceof BasicAuthenticationServiceImpl) {
            sb2.append(" User Definition in this member is ").append(str2);
        }
        if (this.securitylogger != null) {
            this.securitylogger.warning(LocalizedStrings.ONE_ARG, sb2.toString());
        } else {
            SanityManager.DEBUG_PRINT("security-warning:TraceAuthentication", sb2.toString());
        }
        throw new AuthenticationFailedException(str);
    }

    public void init(Properties properties, LogWriter logWriter, LogWriter logWriter2) throws AuthenticationFailedException {
    }

    public UserAuthenticator getAuthenticationScheme() {
        return this.authenticationScheme;
    }

    public Properties getBootCredentials() {
        GemFireXDUtils.dumpProperties(this.bootCredentials, "AuthenticationServiceBase: returning cached boot credentials", "TraceAuthentication", GemFireXDUtils.TraceAuthentication, null);
        return this.bootCredentials;
    }

    public boolean checkAndSetSchemeSupported(String str, Properties properties, String str2) {
        if (Monitor.reportOn) {
            SanityManager.DEBUG_PRINT("TraceAuthentication", "Checking support for scheme " + str2 + " with service " + str);
        }
        String propertyFromSet = PropertyUtil.getPropertyFromSet(properties, "auth-provider");
        if (propertyFromSet == null) {
            propertyFromSet = PropertyUtil.getPropertyFromSet(properties, "gemfirexd.auth-provider");
        }
        if (propertyFromSet == null) {
            propertyFromSet = PropertyUtil.getPropertyFromSet(properties, "sqlfire.auth-provider");
        }
        String propertyFromSet2 = PropertyUtil.getPropertyFromSet(properties, "server-auth-provider");
        if (propertyFromSet2 == null) {
            propertyFromSet2 = PropertyUtil.getPropertyFromSet(properties, "gemfirexd.server-auth-provider");
        }
        if (propertyFromSet2 == null) {
            propertyFromSet2 = PropertyUtil.getPropertyFromSet(properties, "sqlfire.server-auth-provider");
        }
        if (Monitor.reportOn) {
            SanityManager.DEBUG_PRINT("TraceAuthentication", str + " authenticationProvider=" + propertyFromSet + " peerAuthenticationProvider=" + propertyFromSet2);
        }
        if ((propertyFromSet == null || propertyFromSet.length() <= 0) && (propertyFromSet2 == null || propertyFromSet2.length() <= 0)) {
            properties.setProperty("gemfirexd.authentication.required", Boolean.FALSE.toString());
        } else {
            properties.setProperty("gemfirexd.authentication.required", Boolean.TRUE.toString());
        }
        if ((propertyFromSet2 == null || propertyFromSet2.length() == 0) && propertyFromSet != null && propertyFromSet.length() > 0) {
            if (Monitor.reportOn) {
                SanityManager.DEBUG_PRINT("TraceAuthentication", "inheriting peer.authentication from authentication service to " + propertyFromSet);
            }
            properties.setProperty("server-auth-provider", propertyFromSet);
            propertyFromSet2 = propertyFromSet;
        }
        if (propertyFromSet != null && propertyFromSet.length() > 0 && !StringUtil.SQLEqualsIgnoreCase(propertyFromSet, "NONE") && PropertyUtil.getPropertyFromSet(properties, Property.SQL_AUTHORIZATION) == null && PropertyUtil.getSystemProperty(Property.SQL_AUTHORIZATION) == null) {
            SanityManager.DEBUG_PRINT("TraceAuthentication", "Enabling authorization for auth provider " + propertyFromSet);
            PropertyUtil.setSystemProperty(Property.SQL_AUTHORIZATION, "true");
        }
        if (str.equals(GfxdConstants.AUTHENTICATION_SERVICE)) {
            if (propertyFromSet == null || propertyFromSet.length() <= 0 || !StringUtil.SQLEqualsIgnoreCase(propertyFromSet, str2)) {
                if (!Monitor.reportOn) {
                    return false;
                }
                SanityManager.DEBUG_PRINT("TraceAuthentication", "authentication is NOT enabled with " + str2 + " auth provider is " + propertyFromSet);
                return false;
            }
            if (!Monitor.reportOn) {
                return true;
            }
            SanityManager.DEBUG_PRINT("TraceAuthentication", "authentication is enabled with " + str2);
            return true;
        }
        if (!str.equals(GfxdConstants.PEER_AUTHENTICATION_SERVICE)) {
            return false;
        }
        this.isPeerAuthenticationService = true;
        if (propertyFromSet2 == null || propertyFromSet2.length() <= 0 || !StringUtil.SQLEqualsIgnoreCase(propertyFromSet2, str2)) {
            return false;
        }
        if (!Monitor.reportOn) {
            return true;
        }
        SanityManager.DEBUG_PRINT("TraceAuthentication", "peer.authentication is enabled with " + str2);
        return true;
    }

    public static final boolean isSecurityProperty(String str, String str2, Properties properties) throws SQLException {
        boolean z = false;
        if (str.equalsIgnoreCase("gemfirexd.authentication.required") || str.equalsIgnoreCase("gemfirexd.auth-provider") || str.equalsIgnoreCase("gemfirexd.server-auth-provider") || str.equalsIgnoreCase("sqlfire.auth-provider") || str.equalsIgnoreCase("sqlfire.server-auth-provider")) {
            z = false;
        }
        if (str.equalsIgnoreCase(Property.SQL_AUTHORIZATION) || str.equalsIgnoreCase(Property.AUTHZ_DEFAULT_CONNECTION_MODE) || str.equalsIgnoreCase(Property.AUTHZ_READ_ONLY_ACCESS_USERS) || str.equalsIgnoreCase(Property.AUTHZ_FULL_ACCESS_USERS) || str.equalsIgnoreCase("gemfirexd.distributedsystem.propertiesOnly")) {
            z = true;
        }
        if (str.toLowerCase().startsWith("gemfirexd.user.")) {
            z = false;
            if (!isEncrypted(str2)) {
                str2 = encryptUserPassword(str.substring("gemfirexd.user.".length()), str2, true, false, true);
            }
        } else if (str.toLowerCase().startsWith("sqlfire.user.")) {
            z = false;
            if (!isEncrypted(str2)) {
                str2 = encryptUserPassword(str.substring("sqlfire.user.".length()), str2, true, false, true);
            }
        } else if (str.equalsIgnoreCase("auth-provider")) {
            properties.setProperty("gemfirexd.authentication.required", "true");
            str = "gemfirexd.auth-provider";
            z = false;
        } else if (str.equalsIgnoreCase("server-auth-provider")) {
            properties.setProperty("gemfirexd.authentication.required", "true");
            str = "gemfirexd.server-auth-provider";
            z = false;
        }
        if (z) {
            properties.setProperty(str, str2);
        }
        return z;
    }

    public static final Object maskProperty(String str, Object obj) {
        String lowerCase = str.toLowerCase();
        if (lowerCase.startsWith("gemfirexd.__rt.")) {
            return val;
        }
        if (lowerCase.startsWith("gemfirexd.user.") || lowerCase.startsWith("sqlfire.user.") || lowerCase.contains("password") || lowerCase.equals(Property.AUTH_LDAP_SEARCH_PW) || lowerCase.equals("java.naming.security.credentials")) {
            return maskedvalue;
        }
        if ((lowerCase.contains("authenticator") || lowerCase.contains("auth-init")) && obj != null) {
            if (NoneAuthenticationServiceImpl.AUTHFACTORYMETHOD.equals(obj)) {
                return "NONE";
            }
            if (BasicAuthenticationServiceImpl.AUTHFACTORYMETHOD.equals(obj)) {
                return Constants.AUTHENTICATION_PROVIDER_BUILTIN;
            }
            if (JNDIAuthenticationService.AUTHFACTORYMETHOD.equals(obj)) {
                return Constants.AUTHENTICATION_PROVIDER_LDAP;
            }
        }
        return obj;
    }

    public static final boolean isAuthenticationBUILTIN(AuthenticationService[] authenticationServiceArr) {
        FabricDatabase database = Misc.getMemStoreBooting().getDatabase();
        AuthenticationServiceBase authenticationServiceBase = (AuthenticationServiceBase) Monitor.findServiceModule(database, AuthenticationService.MODULE, GfxdConstants.PEER_AUTHENTICATION_SERVICE);
        SanityManager.ASSERT(authenticationServiceBase != null, " couldn't find authentication service");
        if (authenticationServiceBase instanceof BasicAuthenticationServiceImpl) {
            return true;
        }
        if (authenticationServiceBase == null || (authenticationServiceBase instanceof NoneAuthenticationServiceImpl)) {
            authenticationServiceBase = (AuthenticationServiceBase) Monitor.findServiceModule(database, AuthenticationService.MODULE, GfxdConstants.AUTHENTICATION_SERVICE);
            if (authenticationServiceBase instanceof BasicAuthenticationServiceImpl) {
                return true;
            }
        }
        if (authenticationServiceArr == null) {
            return false;
        }
        authenticationServiceArr[0] = authenticationServiceBase;
        return false;
    }

    public static final void validateUserPassword(String str, String str2, boolean z) throws SQLException {
        StandardException standardException = null;
        if (str == null) {
            standardException = StandardException.newException("08001.C.7");
        } else if (!z && str2 == null) {
            standardException = StandardException.newException("08001.C.8");
        } else if (PropertyUtil.whereSet(str, null) == 0) {
            standardException = StandardException.newException("28503", str);
        }
        if (standardException != null) {
            throw PublicAPI.wrapStandardException(standardException);
        }
    }

    static {
        $assertionsDisabled = !AuthenticationServiceBase.class.desiredAssertionStatus();
    }
}
