package org.apache.hugegraph.auth;

import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpMessage;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMessage;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.util.ReferenceCountUtil;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import org.apache.hugegraph.api.filter.AuthenticationFilter;
import org.apache.tinkerpop.gremlin.server.Settings;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
import org.apache.tinkerpop.gremlin.server.handler.AbstractAuthenticationHandler;
import org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler;

@ChannelHandler.Sharable
/* loaded from: input_file:org/apache/hugegraph/auth/WsAndHttpBasicAuthHandler.class */
public class WsAndHttpBasicAuthHandler extends SaslAuthenticationHandler {
    private static final String AUTHENTICATOR = "authenticator";
    private static final String HTTP_AUTH = "http-authentication";

    @ChannelHandler.Sharable
    /* loaded from: input_file:org/apache/hugegraph/auth/WsAndHttpBasicAuthHandler$HttpBasicAuthHandler.class */
    private static class HttpBasicAuthHandler extends AbstractAuthenticationHandler {
        private final Base64.Decoder decoder;

        public HttpBasicAuthHandler(Authenticator authenticator) {
            super(authenticator);
            this.decoder = Base64.getUrlDecoder();
        }

        public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
            if (obj instanceof FullHttpMessage) {
                FullHttpMessage fullHttpMessage = (FullHttpMessage) obj;
                if (!fullHttpMessage.headers().contains("Authorization")) {
                    sendError(channelHandlerContext, obj);
                    return;
                }
                String str = fullHttpMessage.headers().get("Authorization");
                if (!str.startsWith(AuthenticationFilter.BASIC_AUTH_PREFIX)) {
                    sendError(channelHandlerContext, obj);
                    return;
                }
                try {
                    String[] split = new String(this.decoder.decode(str.substring(AuthenticationFilter.BASIC_AUTH_PREFIX.length())), StandardCharsets.UTF_8).split(":");
                    if (split.length != 2) {
                        sendError(channelHandlerContext, obj);
                        return;
                    }
                    String obj2 = channelHandlerContext.channel().remoteAddress().toString();
                    if (obj2.startsWith("/") && obj2.length() > 1) {
                        obj2 = obj2.substring(1);
                    }
                    HashMap hashMap = new HashMap();
                    hashMap.put("username", split[0]);
                    hashMap.put("password", split[1]);
                    hashMap.put(HugeAuthenticator.KEY_ADDRESS, obj2);
                    try {
                        this.authenticator.authenticate(hashMap);
                        channelHandlerContext.fireChannelRead(fullHttpMessage);
                    } catch (AuthenticationException e) {
                        sendError(channelHandlerContext, obj);
                    }
                } catch (IllegalArgumentException e2) {
                    sendError(channelHandlerContext, obj);
                } catch (IndexOutOfBoundsException e3) {
                    sendError(channelHandlerContext, obj);
                }
            }
        }

        private void sendError(ChannelHandlerContext channelHandlerContext, Object obj) {
            channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED)).addListener(ChannelFutureListener.CLOSE);
            ReferenceCountUtil.release(obj);
        }
    }

    public WsAndHttpBasicAuthHandler(Authenticator authenticator, Settings settings) {
        super(authenticator, settings);
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (!(obj instanceof HttpMessage) || isWebSocket((HttpMessage) obj)) {
            super.channelRead(channelHandlerContext, obj);
            return;
        }
        ChannelPipeline pipeline = channelHandlerContext.pipeline();
        pipeline.addAfter(AUTHENTICATOR, HTTP_AUTH, pipeline.get(HTTP_AUTH) != null ? pipeline.remove(HTTP_AUTH) : new HttpBasicAuthHandler(this.authenticator));
        channelHandlerContext.fireChannelRead(obj);
    }

    public static boolean isWebSocket(HttpMessage httpMessage) {
        return "Upgrade".equalsIgnoreCase(httpMessage.headers().get(HttpHeaderNames.CONNECTION)) || "WebSocket".equalsIgnoreCase(httpMessage.headers().get(HttpHeaderNames.UPGRADE));
    }
}
