package org.apache.hadoop.ozone.container.common.transport.server;

import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.token.TokenVerifier;
import org.apache.hadoop.ozone.OzoneConsts;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.ratis.thirdparty.io.grpc.Context;
import org.apache.ratis.thirdparty.io.grpc.Contexts;
import org.apache.ratis.thirdparty.io.grpc.Metadata;
import org.apache.ratis.thirdparty.io.grpc.ServerCall;
import org.apache.ratis.thirdparty.io.grpc.ServerCallHandler;
import org.apache.ratis.thirdparty.io.grpc.ServerInterceptor;
import org.apache.ratis.thirdparty.io.grpc.Status;

/* loaded from: input_file:org/apache/hadoop/ozone/container/common/transport/server/ServerCredentialInterceptor.class */
public class ServerCredentialInterceptor implements ServerInterceptor {
    private static final ServerCall.Listener NOOP_LISTENER = new ServerCall.Listener() { // from class: org.apache.hadoop.ozone.container.common.transport.server.ServerCredentialInterceptor.1
    };
    private final TokenVerifier verifier;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerCredentialInterceptor(TokenVerifier tokenVerifier) {
        this.verifier = tokenVerifier;
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        String str = (String) metadata.get(OzoneConsts.OBT_METADATA_KEY);
        String str2 = (String) metadata.get(OzoneConsts.USER_METADATA_KEY);
        Context current = Context.current();
        try {
            UserGroupInformation verify = this.verifier.verify(str2, str);
            if (verify != null) {
                return Contexts.interceptCall(current.withValue(OzoneConsts.UGI_CTX_KEY, verify), serverCall, metadata, serverCallHandler);
            }
            serverCall.close(Status.UNAUTHENTICATED.withDescription("Missing Block Token from headers when block token is required."), metadata);
            return NOOP_LISTENER;
        } catch (SCMSecurityException e) {
            serverCall.close(Status.UNAUTHENTICATED.withDescription(e.getMessage()).withCause(e), metadata);
            return NOOP_LISTENER;
        }
    }
}
