package org.janusgraph.graphdb.tinkerpop.gremlin.server.handler;

import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
import org.apache.tinkerpop.gremlin.server.handler.AbstractAuthenticationHandler;

/* loaded from: input_file:WEB-INF/lib/janusgraph-server-0.3.0.jar:org/janusgraph/graphdb/tinkerpop/gremlin/server/handler/HttpHMACAuthenticationHandler.class */
public class HttpHMACAuthenticationHandler extends AbstractAuthenticationHandler {
    private final Base64.Decoder decoder;
    private final String basic = "Basic ";
    private final String token = "Token ";
    public static final String PROPERTY_TOKEN = "TOKEN";
    public static final String PROPERTY_GENERATE_TOKEN = "GENERATE_TOKEN";

    public HttpHMACAuthenticationHandler(Authenticator authenticator) {
        super(authenticator);
        this.decoder = Base64.getUrlDecoder();
        this.basic = "Basic ";
        this.token = "Token ";
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
        if (obj instanceof FullHttpRequest) {
            FullHttpRequest fullHttpRequest = (FullHttpRequest) obj;
            HttpMethod method = fullHttpRequest.getMethod();
            Map<String, String> credentialsMap = getCredentialsMap(channelHandlerContext, fullHttpRequest);
            if (credentialsMap == null) {
                sendError(channelHandlerContext, obj);
                return;
            }
            if (!"/session".equals(fullHttpRequest.getUri()) || !method.equals(HttpMethod.GET)) {
                try {
                    this.authenticator.authenticate(credentialsMap);
                    channelHandlerContext.fireChannelRead(fullHttpRequest);
                    return;
                } catch (Exception e) {
                    sendError(channelHandlerContext, obj);
                    return;
                }
            }
            try {
                credentialsMap.put(PROPERTY_GENERATE_TOKEN, "true");
                this.authenticator.authenticate(credentialsMap);
                replyWithToken(channelHandlerContext, obj, credentialsMap.get(PROPERTY_TOKEN));
            } catch (Exception e2) {
                sendError(channelHandlerContext, obj);
            }
        }
    }

    private Map<String, String> getCredentialsMap(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest) {
        String str = fullHttpRequest.headers().get("Authorization");
        if (str == null) {
            return null;
        }
        if (str.startsWith("Basic ") || str.startsWith("Token ")) {
            return getAuthCredMap(str, str.startsWith("Basic ") ? "Basic " : "Token ");
        }
        return null;
    }

    private Map<String, String> getAuthCredMap(String str, String str2) {
        try {
            String str3 = new String(this.decoder.decode(str.substring(str2.length())));
            HashMap hashMap = new HashMap();
            if (str2.equals("Basic ")) {
                String[] split = str3.split(":");
                if (split.length != 2) {
                    return null;
                }
                hashMap.put("username", split[0]);
                hashMap.put("password", split[1]);
            } else {
                hashMap.put(PROPERTY_TOKEN, str3);
            }
            return hashMap;
        } catch (IllegalArgumentException | IndexOutOfBoundsException e) {
            return null;
        }
    }

    private void sendError(ChannelHandlerContext channelHandlerContext, Object obj) {
        channelHandlerContext.writeAndFlush(new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED)).addListener2((GenericFutureListener<? extends Future<? super Void>>) ChannelFutureListener.CLOSE);
        ReferenceCountUtil.release(obj);
    }

    private void replyWithToken(ChannelHandlerContext channelHandlerContext, Object obj, String str) {
        DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK, Unpooled.wrappedBuffer(("{\"token\": \"" + str + "\"}").getBytes()));
        defaultFullHttpResponse.headers().set("Content-Type", (Object) "application/json");
        defaultFullHttpResponse.headers().set("Content-Length", (Object) Integer.valueOf(defaultFullHttpResponse.content().readableBytes()));
        channelHandlerContext.writeAndFlush(defaultFullHttpResponse).addListener2(ChannelFutureListener.CLOSE);
        ReferenceCountUtil.release(obj);
    }
}
