package org.apache.tinkerpop.gremlin.server.handler;

import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.http.FullHttpMessage;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.util.ReferenceCountUtil;
import org.apache.tinkerpop.gremlin.server.GremlinServer;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticatedUser;
import org.apache.tinkerpop.gremlin.server.authz.AuthorizationException;
import org.apache.tinkerpop.gremlin.server.authz.Authorizer;
import org.apache.tinkerpop.gremlin.server.op.standard.StandardOpProcessor;
import org.apache.tinkerpop.gremlin.util.message.RequestMessage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ChannelHandler.Sharable
/* loaded from: input_file:org/apache/tinkerpop/gremlin/server/handler/HttpBasicAuthorizationHandler.class */
public class HttpBasicAuthorizationHandler extends ChannelInboundHandlerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(HttpBasicAuthorizationHandler.class);
    private static final Logger auditLogger = LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME);
    private AuthenticatedUser user;
    private final Authorizer authorizer;

    public HttpBasicAuthorizationHandler(Authorizer authorizer) {
        this.authorizer = authorizer;
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (!(obj instanceof FullHttpMessage)) {
            logger.warn("{} only processes FullHttpMessage instances - received {} - channel closing", getClass().getSimpleName(), obj.getClass());
            channelHandlerContext.close();
            return;
        }
        FullHttpRequest fullHttpRequest = (FullHttpMessage) obj;
        boolean isKeepAlive = HttpUtil.isKeepAlive(fullHttpRequest);
        try {
            RequestMessage requestMessageFromHttpRequest = HttpHandlerUtil.getRequestMessageFromHttpRequest(fullHttpRequest);
            try {
                this.user = (AuthenticatedUser) channelHandlerContext.channel().attr(StateKey.AUTHENTICATED_USER).get();
                if (null == this.user) {
                    this.user = AuthenticatedUser.ANONYMOUS_USER;
                }
                this.authorizer.authorize(this.user, requestMessageFromHttpRequest);
                channelHandlerContext.fireChannelRead(fullHttpRequest);
            } catch (AuthorizationException e) {
                String obj2 = channelHandlerContext.channel().remoteAddress().toString();
                if (obj2.startsWith("/") && obj2.length() > 1) {
                    obj2 = obj2.substring(1);
                }
                try {
                    String str = (String) HttpHandlerUtil.getRequestMessageFromHttpRequest(fullHttpRequest).getArgOrDefault("gremlin", StandardOpProcessor.OP_PROCESSOR_NAME);
                    auditLogger.info("User {} with address {} attempted an unauthorized http request: {}", new Object[]{this.user.getName(), obj2, str});
                    HttpHandlerUtil.sendError(channelHandlerContext, HttpResponseStatus.UNAUTHORIZED, requestMessageFromHttpRequest.getRequestId(), String.format("No authorization for script [%s] - check permissions.", str), isKeepAlive);
                    ReferenceCountUtil.release(obj);
                } catch (IllegalArgumentException e2) {
                    HttpHandlerUtil.sendError(channelHandlerContext, HttpResponseStatus.BAD_REQUEST, requestMessageFromHttpRequest.getRequestId(), e2.getMessage(), isKeepAlive);
                }
            } catch (Exception e3) {
                HttpHandlerUtil.sendError(channelHandlerContext, HttpResponseStatus.INTERNAL_SERVER_ERROR, requestMessageFromHttpRequest.getRequestId(), String.format("%s is not ready to handle requests - unknown error", this.authorizer.getClass().getSimpleName()), isKeepAlive);
                ReferenceCountUtil.release(obj);
            }
        } catch (IllegalArgumentException e4) {
            HttpHandlerUtil.sendError(channelHandlerContext, HttpResponseStatus.BAD_REQUEST, e4.getMessage(), isKeepAlive);
        }
    }
}
