package io.pravega.controller.server.rpc.auth;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.grpc.ServerBuilder;
import io.pravega.auth.AuthException;
import io.pravega.auth.AuthHandler;
import io.pravega.auth.AuthenticationException;
import io.pravega.controller.server.rpc.grpc.GRPCServerConfig;
import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.ServiceLoader;
import javax.annotation.concurrent.GuardedBy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/pravega/controller/server/rpc/auth/AuthHandlerManager.class */
public class AuthHandlerManager {

    @SuppressFBWarnings(justification = "generated code")
    private static final Logger log = LoggerFactory.getLogger(AuthHandlerManager.class);
    private final GRPCServerConfig serverConfig;

    @GuardedBy("this")
    private final Map<String, AuthHandler> handlerMap = new HashMap();

    public AuthHandlerManager(GRPCServerConfig gRPCServerConfig) {
        this.serverConfig = gRPCServerConfig;
    }

    private AuthHandler getHandler(String str) throws AuthenticationException {
        AuthHandler authHandler;
        synchronized (this) {
            authHandler = this.handlerMap.get(str);
        }
        if (authHandler == null) {
            throw new AuthenticationException("Handler does not exist for method " + str);
        }
        return authHandler;
    }

    public boolean authenticateAndAuthorize(String str, String str2, AuthHandler.Permissions permissions) throws AuthenticationException {
        Preconditions.checkNotNull(str2, "credentials");
        try {
            String[] extractMethodAndToken = extractMethodAndToken(str2);
            String str3 = extractMethodAndToken[0];
            String str4 = extractMethodAndToken[1];
            AuthHandler handler = getHandler(str3);
            Preconditions.checkNotNull(handler, "Can not find handler.");
            Principal authenticate = handler.authenticate(str4);
            if (authenticate == null) {
                throw new AuthenticationException("Authentication failure");
            }
            return handler.authorize(str, authenticate).ordinal() >= permissions.ordinal();
        } catch (AuthException e) {
            throw new AuthenticationException("Authentication failure");
        }
    }

    public Principal authenticate(String str) throws AuthException {
        Preconditions.checkNotNull(str, "credentials");
        String[] extractMethodAndToken = extractMethodAndToken(str);
        String str2 = extractMethodAndToken[0];
        String str3 = extractMethodAndToken[1];
        AuthHandler handler = getHandler(str2);
        Preconditions.checkNotNull(handler, "Can not find handler.");
        return handler.authenticate(str3);
    }

    private String[] extractMethodAndToken(String str) throws AuthenticationException {
        String[] split = str.split("\\s+", 2);
        if (split.length != 2) {
            throw new AuthenticationException("Malformed request");
        }
        return split;
    }

    public boolean authorize(String str, Principal principal, String str2, AuthHandler.Permissions permissions) throws AuthException {
        Preconditions.checkNotNull(str2, "credentials");
        AuthHandler handler = getHandler(extractMethodAndToken(str2)[0]);
        Preconditions.checkNotNull(handler, "Can not find handler.");
        return handler.authorize(str, principal).ordinal() >= permissions.ordinal();
    }

    @VisibleForTesting
    public synchronized void registerHandler(AuthHandler authHandler) {
        Preconditions.checkNotNull(authHandler, "authHandler");
        this.handlerMap.put(authHandler.getHandlerName(), authHandler);
    }

    public void registerInterceptors(ServerBuilder<?> serverBuilder) {
        try {
            if (this.serverConfig.isAuthorizationEnabled()) {
                Iterator it = ServiceLoader.load(AuthHandler.class).iterator();
                while (it.hasNext()) {
                    AuthHandler authHandler = (AuthHandler) it.next();
                    try {
                        authHandler.initialize(this.serverConfig);
                    } catch (Exception e) {
                        log.warn("Exception while initializing auth handler {}", authHandler, e);
                    }
                    synchronized (this) {
                        if (this.handlerMap.putIfAbsent(authHandler.getHandlerName(), authHandler) != null) {
                            log.warn("Handler with name {} already exists. Not replacing it with the latest handler");
                        } else {
                            serverBuilder.intercept(new AuthInterceptor(authHandler));
                        }
                    }
                }
            }
        } catch (Throwable th) {
            log.warn("Exception while loading the auth handlers", th);
        }
    }
}
