package org.lognet.springboot.grpc.security;

import io.grpc.Context;
import io.grpc.Contexts;
import io.grpc.ForwardingServerCall;
import io.grpc.ForwardingServerCallListener;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import io.grpc.StatusRuntimeException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import org.lognet.springboot.grpc.FailureHandlingSupport;
import org.lognet.springboot.grpc.GRpcServicesRegistry;
import org.lognet.springboot.grpc.MessageBlockingServerCallListener;
import org.lognet.springboot.grpc.autoconfigure.GRpcServerProperties;
import org.lognet.springboot.grpc.recovery.GRpcRuntimeExceptionWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.Ordered;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.util.SimpleMethodInvocation;

/* loaded from: input_file:org/lognet/springboot/grpc/security/SecurityInterceptor.class */
public class SecurityInterceptor extends AbstractSecurityInterceptor implements ServerInterceptor, Ordered {
    private static final Logger log = LoggerFactory.getLogger(SecurityInterceptor.class);
    private static final Context.Key<InterceptorStatusToken> INTERCEPTOR_STATUS_TOKEN = Context.key("INTERCEPTOR_STATUS_TOKEN");
    private static final Context.Key<GrpcMethodInvocation<?, ?>> METHOD_INVOCATION = Context.key("METHOD_INVOCATION");
    private final SecurityMetadataSource securityMetadataSource;
    private final AuthenticationSchemeSelector schemeSelector;
    private GRpcServerProperties.SecurityProperties.Auth authCfg;
    private FailureHandlingSupport failureHandlingSupport;
    private GRpcServicesRegistry registry;

    /* renamed from: org.lognet.springboot.grpc.security.SecurityInterceptor$5, reason: invalid class name */
    /* loaded from: input_file:org/lognet/springboot/grpc/security/SecurityInterceptor$5.class */
    static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$io$grpc$MethodDescriptor$MethodType = new int[MethodDescriptor.MethodType.values().length];

        static {
            try {
                $SwitchMap$io$grpc$MethodDescriptor$MethodType[MethodDescriptor.MethodType.SERVER_STREAMING.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$grpc$MethodDescriptor$MethodType[MethodDescriptor.MethodType.UNARY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$grpc$MethodDescriptor$MethodType[MethodDescriptor.MethodType.BIDI_STREAMING.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$grpc$MethodDescriptor$MethodType[MethodDescriptor.MethodType.CLIENT_STREAMING.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$grpc$MethodDescriptor$MethodType[MethodDescriptor.MethodType.UNKNOWN.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/lognet/springboot/grpc/security/SecurityInterceptor$GrpcMethodInvocation.class */
    public static class GrpcMethodInvocation<ReqT, RespT> extends SimpleMethodInvocation {
        private final ServerCall<ReqT, RespT> call;
        private final Metadata headers;
        private final ServerCallHandler<ReqT, RespT> next;
        private Object[] arguments;

        public GrpcMethodInvocation(GRpcServicesRegistry.GrpcServiceMethod grpcServiceMethod, ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
            super(grpcServiceMethod.getService(), grpcServiceMethod.getMethod(), new Object[0]);
            this.call = serverCall;
            this.headers = metadata;
            this.next = serverCallHandler;
        }

        public Object proceed() {
            return this.next.startCall(this.call, this.headers);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public ServerCall<ReqT, RespT> getCall() {
            return this.call;
        }

        public Object[] getArguments() {
            return this.arguments;
        }

        public void setArguments(Object[] objArr) {
            this.arguments = objArr;
        }
    }

    public SecurityInterceptor(SecurityMetadataSource securityMetadataSource, AuthenticationSchemeSelector authenticationSchemeSelector) {
        this.securityMetadataSource = securityMetadataSource;
        this.schemeSelector = authenticationSchemeSelector;
    }

    @Autowired
    public void setGRpcServicesRegistry(GRpcServicesRegistry gRpcServicesRegistry) {
        this.registry = gRpcServicesRegistry;
    }

    @Autowired
    public void setFailureHandlingSupport(@Lazy FailureHandlingSupport failureHandlingSupport) {
        this.failureHandlingSupport = failureHandlingSupport;
    }

    public void setConfig(GRpcServerProperties.SecurityProperties.Auth auth) {
        this.authCfg = (GRpcServerProperties.SecurityProperties.Auth) Optional.ofNullable(auth).orElseGet(GRpcServerProperties.SecurityProperties.Auth::new);
    }

    public int getOrder() {
        return ((Integer) Optional.ofNullable(this.authCfg.getInterceptorOrder()).orElse(-2147483647)).intValue();
    }

    public Class<?> getSecureObjectClass() {
        return GrpcMethodInvocation.class;
    }

    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return this.securityMetadataSource;
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        try {
            try {
                try {
                    ServerCall.Listener<ReqT> interceptCall = Contexts.interceptCall(setupGRpcSecurityContext(serverCall, metadata, serverCallHandler, (CharSequence) Optional.ofNullable((byte[]) metadata.get(Metadata.Key.of("Authorization-bin", Metadata.BINARY_BYTE_MARSHALLER))).map(bArr -> {
                        return StandardCharsets.UTF_8.decode(ByteBuffer.wrap(bArr));
                    }).orElse((CharSequence) metadata.get(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)))), serverCall, metadata, authenticationPropagatingHandler(serverCallHandler));
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                    return interceptCall;
                } catch (Exception e) {
                    ServerCall.Listener<ReqT> fail = fail(serverCallHandler, serverCall, metadata, new GRpcRuntimeExceptionWrapper(e));
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                    return fail;
                }
            } catch (RuntimeException e2) {
                ServerCall.Listener<ReqT> fail2 = fail(serverCallHandler, serverCall, metadata, e2);
                SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                return fail2;
            }
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
            throw th;
        }
    }

    private <ReqT, RespT> ServerCallHandler<ReqT, RespT> authenticationPropagatingHandler(ServerCallHandler<ReqT, RespT> serverCallHandler) {
        return (serverCall, metadata) -> {
            return new ForwardingServerCallListener.SimpleForwardingServerCallListener<ReqT>(serverCallHandler.startCall(afterInvocationPropagator(serverCall), metadata)) { // from class: org.lognet.springboot.grpc.security.SecurityInterceptor.1
                public void onMessage(ReqT reqt) {
                    ServerCall serverCall = serverCall;
                    Metadata metadata = metadata;
                    propagateAuthentication(() -> {
                        try {
                            try {
                                switch (AnonymousClass5.$SwitchMap$io$grpc$MethodDescriptor$MethodType[serverCall.getMethodDescriptor().getType().ordinal()]) {
                                    case 1:
                                    case 2:
                                        ((GrpcMethodInvocation) SecurityInterceptor.METHOD_INVOCATION.get()).setArguments(new Object[]{reqt, null});
                                        break;
                                    case 3:
                                    case 4:
                                    case 5:
                                        ((GrpcMethodInvocation) SecurityInterceptor.METHOD_INVOCATION.get()).setArguments(new Object[]{reqt});
                                        break;
                                    default:
                                        SecurityInterceptor.log.error("Unsupported call type " + serverCall.getMethodDescriptor().getType());
                                        throw new StatusRuntimeException(Status.UNAUTHENTICATED);
                                }
                                SecurityInterceptor.this.beforeInvocation(SecurityInterceptor.METHOD_INVOCATION.get());
                                super.onMessage(reqt);
                                ((GrpcMethodInvocation) SecurityInterceptor.METHOD_INVOCATION.get()).setArguments(null);
                            } catch (RuntimeException e) {
                                SecurityInterceptor.this.failureHandlingSupport.closeCall(e, serverCall, metadata);
                                ((GrpcMethodInvocation) SecurityInterceptor.METHOD_INVOCATION.get()).setArguments(null);
                            } catch (Exception e2) {
                                SecurityInterceptor.this.failureHandlingSupport.closeCall(new GRpcRuntimeExceptionWrapper(e2), serverCall, metadata);
                                ((GrpcMethodInvocation) SecurityInterceptor.METHOD_INVOCATION.get()).setArguments(null);
                            }
                        } catch (Throwable th) {
                            ((GrpcMethodInvocation) SecurityInterceptor.METHOD_INVOCATION.get()).setArguments(null);
                            throw th;
                        }
                    });
                }

                public void onHalfClose() {
                    try {
                        propagateAuthentication(() -> {
                            super.onHalfClose();
                        });
                    } finally {
                        SecurityInterceptor.this.finallyInvocation((InterceptorStatusToken) SecurityInterceptor.INTERCEPTOR_STATUS_TOKEN.get());
                    }
                }

                public void onCancel() {
                    propagateAuthentication(() -> {
                        super.onCancel();
                    });
                }

                public void onComplete() {
                    propagateAuthentication(() -> {
                        super.onComplete();
                    });
                }

                public void onReady() {
                    propagateAuthentication(() -> {
                        super.onReady();
                    });
                }

                private void propagateAuthentication(Runnable runnable) {
                    try {
                        SecurityContextHolder.getContext().setAuthentication((Authentication) GrpcSecurity.AUTHENTICATION_CONTEXT_KEY.get());
                        runnable.run();
                    } finally {
                        SecurityContextHolder.clearContext();
                    }
                }
            };
        };
    }

    private <RespT, ReqT> ServerCall<RespT, ReqT> afterInvocationPropagator(ServerCall<RespT, ReqT> serverCall) {
        return new ForwardingServerCall.SimpleForwardingServerCall<RespT, ReqT>(serverCall) { // from class: org.lognet.springboot.grpc.security.SecurityInterceptor.2
            public void sendMessage(ReqT reqt) {
                super.sendMessage(SecurityInterceptor.this.afterInvocation((InterceptorStatusToken) SecurityInterceptor.INTERCEPTOR_STATUS_TOKEN.get(), reqt));
            }
        };
    }

    private <RespT, ReqT> Context setupGRpcSecurityContext(ServerCall<RespT, ReqT> serverCall, Metadata metadata, ServerCallHandler<RespT, ReqT> serverCallHandler, CharSequence charSequence) {
        Authentication orElseThrow = null == charSequence ? null : this.schemeSelector.getAuthScheme(charSequence).orElseThrow(() -> {
            return new StatusRuntimeException(Status.UNAUTHENTICATED);
        });
        SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
        createEmptyContext.setAuthentication(orElseThrow);
        SecurityContextHolder.setContext(createEmptyContext);
        GrpcMethodInvocation grpcMethodInvocation = new GrpcMethodInvocation(this.registry.getGrpServiceMethod(serverCall.getMethodDescriptor()), serverCall, metadata, serverCallHandler);
        return Context.current().withValue(GrpcSecurity.AUTHENTICATION_CONTEXT_KEY, SecurityContextHolder.getContext().getAuthentication()).withValue(INTERCEPTOR_STATUS_TOKEN, beforeInvocation(grpcMethodInvocation)).withValue(METHOD_INVOCATION, grpcMethodInvocation);
    }

    private <RespT, ReqT> ServerCall.Listener<ReqT> fail(ServerCallHandler<ReqT, RespT> serverCallHandler, final ServerCall<ReqT, RespT> serverCall, final Metadata metadata, final RuntimeException runtimeException) throws RuntimeException {
        if (!this.authCfg.isFailFast()) {
            return new MessageBlockingServerCallListener<ReqT>(serverCallHandler.startCall(serverCall, metadata)) { // from class: org.lognet.springboot.grpc.security.SecurityInterceptor.4
                public void onMessage(ReqT reqt) {
                    blockMessage();
                    SecurityInterceptor.this.failureHandlingSupport.closeCall(runtimeException, serverCall, metadata, gRpcExceptionScopeBuilder -> {
                        gRpcExceptionScopeBuilder.request(reqt);
                    });
                }
            };
        }
        this.failureHandlingSupport.closeCall(runtimeException, serverCall, metadata);
        return new ServerCall.Listener<ReqT>() { // from class: org.lognet.springboot.grpc.security.SecurityInterceptor.3
        };
    }
}
