package io.pravega.controller.server.rpc.auth;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.grpc.Context;
import io.grpc.Contexts;
import io.grpc.Metadata;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.pravega.auth.AuthHandler;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/pravega/controller/server/rpc/auth/PravegaInterceptor.class */
public class PravegaInterceptor implements ServerInterceptor {
    private static final boolean AUTH_ENABLED = true;
    private final AuthHandler handler;
    private String delegationToken;

    @SuppressFBWarnings(justification = "generated code")
    private static final Logger log = LoggerFactory.getLogger(PravegaInterceptor.class);
    private static final String AUTH_CONTEXT = "PravegaContext";
    private static final Context.Key<Map<String, String>> AUTH_CONTEXT_PARAMS = Context.key(AUTH_CONTEXT);
    private static final String INTERCEPTOR_CONTEXT = "InterceptorContext";
    public static final Context.Key<PravegaInterceptor> INTERCEPTOR_OBJECT = Context.key(INTERCEPTOR_CONTEXT);

    /* JADX INFO: Access modifiers changed from: package-private */
    public PravegaInterceptor(AuthHandler authHandler) {
        Preconditions.checkNotNull(authHandler, "handler can not be null");
        this.handler = authHandler;
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        HashMap hashMap = new HashMap();
        metadata.keys().stream().filter(str -> {
            return !str.endsWith("-bin");
        }).forEach(str2 -> {
            try {
                hashMap.put(str2, metadata.get(Metadata.Key.of(str2, Metadata.ASCII_STRING_MARSHALLER)));
            } catch (IllegalArgumentException e) {
                log.warn("Error while marshalling some of the headers {}", e.toString());
            }
        });
        String str3 = (String) hashMap.get("method");
        Context current = Context.current();
        if (Strings.isNullOrEmpty(str3)) {
            serverCall.close(Status.fromCode(Status.Code.UNAUTHENTICATED), metadata);
            return null;
        }
        if (str3.equals(this.handler.getHandlerName())) {
            if (!this.handler.authenticate(hashMap)) {
                serverCall.close(Status.fromCode(Status.Code.UNAUTHENTICATED), metadata);
                return null;
            }
            current = current.withValue(AUTH_CONTEXT_PARAMS, hashMap).withValue(INTERCEPTOR_OBJECT, this);
        }
        return Contexts.interceptCall(current, serverCall, metadata, serverCallHandler);
    }

    public AuthHandler.Permissions authorize(String str) {
        return this.handler.authorize(str, (Map) AUTH_CONTEXT_PARAMS.get());
    }

    public static String retrieveDelegationToken(String str) {
        PravegaInterceptor pravegaInterceptor = (PravegaInterceptor) INTERCEPTOR_OBJECT.get();
        if (pravegaInterceptor != null) {
            return pravegaInterceptor.getDelegationToken();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("*", String.valueOf(AuthHandler.Permissions.READ_UPDATE));
        return Jwts.builder().setSubject("segmentstoreresource").setAudience("segmentstore").setClaims(hashMap).signWith(SignatureAlgorithm.HS512, str.getBytes()).compact();
    }

    public void setDelegationToken(String str, AuthHandler.Permissions permissions, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put(str, String.valueOf(permissions));
        this.delegationToken = Jwts.builder().setSubject("segmentstoreresource").setAudience("segmentstore").setClaims(hashMap).signWith(SignatureAlgorithm.HS512, str2.getBytes()).compact();
    }

    @SuppressFBWarnings(justification = "generated code")
    public String getDelegationToken() {
        return this.delegationToken;
    }
}
