package org.apache.tinkerpop.gremlin.server.handler;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.util.Attribute;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.Base64;
import java.util.HashMap;
import org.apache.tinkerpop.gremlin.driver.message.RequestMessage;
import org.apache.tinkerpop.gremlin.driver.message.ResponseMessage;
import org.apache.tinkerpop.gremlin.driver.message.ResponseStatusCode;
import org.apache.tinkerpop.gremlin.server.GremlinServer;
import org.apache.tinkerpop.gremlin.server.Settings;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticatedUser;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
import org.apache.tinkerpop.gremlin.server.authz.Authorizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ChannelHandler.Sharable
/* loaded from: input_file:org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.class */
public class SaslAuthenticationHandler extends AbstractAuthenticationHandler {
    private static final Logger logger = LoggerFactory.getLogger(SaslAuthenticationHandler.class);
    private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder();
    private static final Base64.Encoder BASE64_ENCODER = Base64.getEncoder();
    private static final Logger auditLogger = LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME);
    protected final Settings settings;

    @Deprecated
    public SaslAuthenticationHandler(Authenticator authenticator, Settings settings) {
        this(authenticator, null, settings);
    }

    public SaslAuthenticationHandler(Authenticator authenticator, Authorizer authorizer, Settings settings) {
        super(authenticator, authorizer);
        this.settings = settings;
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (!(obj instanceof RequestMessage)) {
            logger.warn("{} only processes RequestMessage instances - received {} - channel closing", getClass().getSimpleName(), obj.getClass());
            channelHandlerContext.close();
            return;
        }
        RequestMessage requestMessage = (RequestMessage) obj;
        Attribute attr = channelHandlerContext.attr(StateKey.NEGOTIATOR);
        Attribute attr2 = channelHandlerContext.attr(StateKey.REQUEST_MESSAGE);
        if (attr.get() == null) {
            try {
                attr.set(this.authenticator.newSaslNegotiator(getRemoteInetAddress(channelHandlerContext)));
                attr2.set(requestMessage);
                channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).code(ResponseStatusCode.AUTHENTICATE).create());
                return;
            } catch (Exception e) {
                logger.error(String.format("%s is not ready to handle requests - check its configuration or related services", this.authenticator.getClass().getSimpleName()), e);
                channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).statusMessage("Authenticator is not ready to handle requests").code(ResponseStatusCode.SERVER_ERROR).create());
                return;
            }
        }
        if (!requestMessage.getOp().equals("authentication") || !requestMessage.getArgs().containsKey("sasl")) {
            channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).statusMessage("Failed to authenticate").code(ResponseStatusCode.UNAUTHORIZED).create());
            return;
        }
        Object obj2 = requestMessage.getArgs().get("sasl");
        if (!(obj2 instanceof String)) {
            channelHandlerContext.writeAndFlush(ResponseMessage.build((RequestMessage) attr2.get()).statusMessage("Incorrect type for : sasl - base64 encoded String is expected").code(ResponseStatusCode.REQUEST_ERROR_MALFORMED_REQUEST).create());
            return;
        }
        try {
            byte[] evaluateResponse = ((Authenticator.SaslNegotiator) attr.get()).evaluateResponse(BASE64_DECODER.decode((String) obj2));
            if (((Authenticator.SaslNegotiator) attr.get()).isComplete()) {
                AuthenticatedUser authenticatedUser = ((Authenticator.SaslNegotiator) attr.get()).getAuthenticatedUser();
                channelHandlerContext.channel().attr(StateKey.AUTHENTICATED_USER).set(authenticatedUser);
                if (this.settings.enableAuditLog.booleanValue()) {
                    String obj3 = channelHandlerContext.channel().remoteAddress().toString();
                    if (obj3.startsWith("/") && obj3.length() > 1) {
                        obj3 = obj3.substring(1);
                    }
                    String[] split = this.authenticator.getClass().toString().split("[.]");
                    auditLogger.info("User {} with address {} authenticated by {}", new Object[]{authenticatedUser.getName(), obj3, split[split.length - 1]});
                }
                channelHandlerContext.pipeline().remove(this);
                channelHandlerContext.fireChannelRead((RequestMessage) attr2.get());
            } else {
                HashMap hashMap = new HashMap();
                hashMap.put("sasl", BASE64_ENCODER.encodeToString(evaluateResponse));
                channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).statusAttributes(hashMap).code(ResponseStatusCode.AUTHENTICATE).create());
            }
        } catch (AuthenticationException e2) {
            channelHandlerContext.writeAndFlush(ResponseMessage.build((RequestMessage) attr2.get()).statusMessage(e2.getMessage()).code(ResponseStatusCode.UNAUTHORIZED).create());
        }
    }

    private InetAddress getRemoteInetAddress(ChannelHandlerContext channelHandlerContext) {
        SocketAddress remoteAddress;
        Channel channel = channelHandlerContext.channel();
        if (null == channel || null == (remoteAddress = channel.remoteAddress()) || !(remoteAddress instanceof InetSocketAddress)) {
            return null;
        }
        return ((InetSocketAddress) remoteAddress).getAddress();
    }
}
