package io.hetu.core.security.authentication;

import com.hazelcast.instance.impl.Node;
import com.hazelcast.internal.cluster.impl.JoinRequest;
import com.hazelcast.internal.nio.Connection;
import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import com.hazelcast.security.Credentials;
import io.hetu.core.security.authentication.kerberos.KerberosAuthenticator;
import io.hetu.core.security.authentication.kerberos.KerberosException;
import io.hetu.core.security.authentication.kerberos.KerberosSecurityContext;
import io.hetu.core.security.authentication.kerberos.KerberosTokenCredentials;
import java.lang.reflect.Field;
import org.aspectj.lang.NoAspectBoundException;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.ietf.jgss.GSSException;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:io/hetu/core/security/authentication/ClusterJoinManagerAspect.class */
public class ClusterJoinManagerAspect {
    private static final ILogger LOGGER = Logger.getLogger(ClusterJoinManagerAspect.class);
    private static /* synthetic */ Throwable ajc$initFailureCause;
    public static /* synthetic */ ClusterJoinManagerAspect ajc$perSingletonInstance;

    static {
        try {
            ajc$postClinit();
        } catch (Throwable th) {
            ajc$initFailureCause = th;
        }
    }

    @Around("execution(* com.hazelcast.internal.cluster.impl.ClusterJoinManager.secureLogin(JoinRequest, Connection)) && args(joinRequest, connection)")
    public void aroundSecureLogin(ProceedingJoinPoint proceedingJoinPoint, JoinRequest joinRequest, Connection connection) {
        Field field = null;
        String host = joinRequest.getAddress().getHost();
        try {
            try {
                Field declaredField = proceedingJoinPoint.getTarget().getClass().getDeclaredField("node");
                declaredField.setAccessible(true);
                Node node = (Node) declaredField.get(proceedingJoinPoint.getTarget());
                if (node.securityContext != null) {
                    Credentials credentials = joinRequest.getCredentials();
                    if (credentials == null) {
                        throw new SecurityException("Missing credentials in the join request.");
                    }
                    KerberosAuthenticator kerberosAuthenticator = ((KerberosSecurityContext) node.securityContext).getKerberosAuthenticator();
                    if (!kerberosAuthenticator.getPrincipalFullName().equals(kerberosAuthenticator.doAuthenticateFilter((KerberosTokenCredentials) credentials).getName())) {
                        throw new KerberosException(String.format("Authenticate failed for %s to join the cluster.", host));
                    }
                    LOGGER.info(String.format("Authenticate success for %s to join the cluster.", host));
                }
                if (declaredField != null) {
                    declaredField.setAccessible(false);
                }
            } catch (KerberosException | GSSException e) {
                throw new SecurityException(String.format("Authenticate failed for %s, cause: %s", host, e.getMessage()));
            } catch (IllegalAccessException | NoSuchFieldException unused) {
                throw new RuntimeException(String.format("Cann't get class[%s] field.", proceedingJoinPoint.getTarget().getClass().getName()));
            }
        } catch (Throwable th) {
            if (0 != 0) {
                field.setAccessible(false);
            }
            throw th;
        }
    }

    public static ClusterJoinManagerAspect aspectOf() {
        if (ajc$perSingletonInstance == null) {
            throw new NoAspectBoundException("io.hetu.core.security.authentication.ClusterJoinManagerAspect", ajc$initFailureCause);
        }
        return ajc$perSingletonInstance;
    }

    public static boolean hasAspect() {
        return ajc$perSingletonInstance != null;
    }

    private static /* synthetic */ void ajc$postClinit() {
        ajc$perSingletonInstance = new ClusterJoinManagerAspect();
    }
}
