package io.pravega.controller.server.rpc.auth;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.grpc.Context;
import io.grpc.Contexts;
import io.grpc.Metadata;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import io.pravega.auth.AuthException;
import io.pravega.auth.AuthHandler;
import java.security.Principal;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/pravega/controller/server/rpc/auth/AuthInterceptor.class */
public class AuthInterceptor implements ServerInterceptor {
    private final AuthHandler handler;

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    private static final Logger log = LoggerFactory.getLogger(AuthInterceptor.class);
    private static final String PRINCIPAL_KEY_NAME = "PravegaContext";
    static final Context.Key<Principal> PRINCIPAL_OBJECT_KEY = Context.key(PRINCIPAL_KEY_NAME);
    private static final String INTERCEPTOR_KEY_NAME = "InterceptorContext";
    static final Context.Key<AuthInterceptor> AUTH_INTERCEPTOR_OBJECT_KEY = Context.key(INTERCEPTOR_KEY_NAME);

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthInterceptor(AuthHandler authHandler) {
        Preconditions.checkNotNull(authHandler, "handler can not be null");
        this.handler = authHandler;
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        Context current = Context.current();
        String str = (String) metadata.get(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER));
        if (!Strings.isNullOrEmpty(str)) {
            String[] split = str.split("\\s+", 2);
            if (split.length == 2) {
                String str2 = split[0];
                String str3 = split[1];
                if (Strings.isNullOrEmpty(str2)) {
                    log.debug("Credentials are present, but method [{}] is null or empty", str2);
                } else if (str2.equals(this.handler.getHandlerName())) {
                    log.debug("Handler [{}] successfully matched auth method [{}]", this.handler, str2);
                    try {
                        Principal authenticate = this.handler.authenticate(str3);
                        if (authenticate == null) {
                            log.warn("Handler for method [{}] returned a null Principal upon authentication for thegiven token", str2);
                            serverCall.close(Status.fromCode(Status.Code.UNAUTHENTICATED), metadata);
                            return null;
                        }
                        current = current.withValues(PRINCIPAL_OBJECT_KEY, authenticate, AUTH_INTERCEPTOR_OBJECT_KEY, this);
                    } catch (AuthException e) {
                        log.warn("Authentication failed", e);
                        serverCall.close(Status.fromCode(Status.Code.UNAUTHENTICATED), metadata);
                        return null;
                    }
                }
            }
        }
        return Contexts.interceptCall(current, serverCall, metadata, serverCallHandler);
    }

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    public AuthHandler getHandler() {
        return this.handler;
    }
}
