package org.apache.tinkerpop.gremlin.server.handler;

import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import java.util.Map;
import org.apache.tinkerpop.gremlin.process.traversal.Bytecode;
import org.apache.tinkerpop.gremlin.server.GremlinServer;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticatedUser;
import org.apache.tinkerpop.gremlin.server.auth.JaasKrbUtil;
import org.apache.tinkerpop.gremlin.server.authz.AuthorizationException;
import org.apache.tinkerpop.gremlin.server.authz.Authorizer;
import org.apache.tinkerpop.gremlin.server.op.traversal.TraversalOpProcessor;
import org.apache.tinkerpop.gremlin.util.message.RequestMessage;
import org.apache.tinkerpop.gremlin.util.message.ResponseMessage;
import org.apache.tinkerpop.gremlin.util.message.ResponseStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ChannelHandler.Sharable
/* loaded from: input_file:org/apache/tinkerpop/gremlin/server/handler/WebSocketAuthorizationHandler.class */
public class WebSocketAuthorizationHandler extends ChannelInboundHandlerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(WebSocketAuthorizationHandler.class);
    private static final Logger auditLogger = LoggerFactory.getLogger(GremlinServer.AUDIT_LOGGER_NAME);
    private AuthenticatedUser user;
    private final Authorizer authorizer;

    public WebSocketAuthorizationHandler(Authorizer authorizer) {
        this.authorizer = authorizer;
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (!(obj instanceof RequestMessage)) {
            logger.warn("{} only processes RequestMessage instances - received {} - channel closing", getClass().getSimpleName(), obj.getClass());
            channelHandlerContext.close();
            return;
        }
        RequestMessage requestMessage = (RequestMessage) obj;
        try {
            this.user = (AuthenticatedUser) channelHandlerContext.channel().attr(StateKey.AUTHENTICATED_USER).get();
            if (null == this.user) {
                this.user = AuthenticatedUser.ANONYMOUS_USER;
            }
            String op = requestMessage.getOp();
            boolean z = -1;
            switch (op.hashCode()) {
                case -1867166987:
                    if (op.equals("bytecode")) {
                        z = false;
                        break;
                    }
                    break;
                case 3125404:
                    if (op.equals("eval")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case JaasKrbUtil.ENABLE_DEBUG /* 0 */:
                    Bytecode bytecode = (Bytecode) requestMessage.getArgs().get("gremlin");
                    Map<String, String> map = (Map) requestMessage.getArgs().get("aliases");
                    channelHandlerContext.fireChannelRead(RequestMessage.build("bytecode").overrideRequestId(requestMessage.getRequestId()).processor(TraversalOpProcessor.OP_PROCESSOR_NAME).addArg("gremlin", this.authorizer.authorize(this.user, bytecode, map)).addArg("aliases", map).create());
                    break;
                case true:
                    this.authorizer.authorize(this.user, requestMessage);
                    channelHandlerContext.fireChannelRead(requestMessage);
                    break;
                default:
                    throw new AuthorizationException("This AuthorizationHandler only handles requests with OPS_BYTECODE or OPS_EVAL.");
            }
        } catch (AuthorizationException e) {
            String obj2 = channelHandlerContext.channel().remoteAddress().toString();
            if (obj2.startsWith("/") && obj2.length() > 1) {
                obj2 = obj2.substring(1);
            }
            auditLogger.info("User {} with address {} attempted an unauthorized request for {} operation: {}", new Object[]{this.user.getName(), obj2, requestMessage.getOp(), requestMessage.getArgs().get("gremlin")});
            interruptEvaluation(channelHandlerContext, requestMessage, e.getMessage());
        } catch (Exception e2) {
            logger.error("{} is not ready to handle requests - unknown error", this.authorizer.getClass().getSimpleName());
            interruptEvaluation(channelHandlerContext, requestMessage, "Unknown error in gremlin-server");
        }
    }

    private void interruptEvaluation(ChannelHandlerContext channelHandlerContext, RequestMessage requestMessage, String str) {
        channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).statusMessage("Failed to authorize: " + str).code(ResponseStatusCode.UNAUTHORIZED).create());
    }
}
