package com.mapr.data.gateway.auth;

import com.mapr.data.ProtoConstants;
import com.mapr.data.gateway.Configs;
import io.grpc.Context;
import io.grpc.Contexts;
import io.grpc.ForwardingServerCall;
import io.grpc.Metadata;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import org.ojai.Document;
import org.ojai.store.exceptions.AuthenticationException;
import org.ojai.store.exceptions.ExpiredTokenException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/data/gateway/auth/ServerAuthInterceptor.class */
public class ServerAuthInterceptor implements ServerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(ServerAuthInterceptor.class);
    private static final ServerCall.Listener NULL_LISTENER = new ServerCall.Listener() { // from class: com.mapr.data.gateway.auth.ServerAuthInterceptor.1
    };
    private final boolean authRequired;

    public ServerAuthInterceptor(Document document) {
        this.authRequired = Configs.getBoolean(document, Configs.MAPR_DAG_AUTH_REQUIRED, true);
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        if (!this.authRequired) {
            return serverCallHandler.startCall(serverCall, metadata);
        }
        try {
            final Authentication authenticateCall = authenticateCall(serverCall, metadata, serverCallHandler);
            Context withValue = Context.current().withValue(Constant.AUTH_CTX_KEY, authenticateCall);
            ServerCall<ReqT, RespT> serverCall2 = serverCall;
            if (authenticateCall.getToken() != null) {
                serverCall2 = new ForwardingServerCall.SimpleForwardingServerCall<ReqT, RespT>(serverCall) { // from class: com.mapr.data.gateway.auth.ServerAuthInterceptor.2
                    public void sendHeaders(Metadata metadata2) {
                        metadata2.put(ProtoConstants.RSP_HEADER_JWT_TOKEN, authenticateCall.getToken());
                        super.sendHeaders(metadata2);
                    }
                };
            }
            return Contexts.interceptCall(withValue, serverCall2, metadata, serverCallHandler);
        } catch (AuthenticationException e) {
            log.error("Authentication failed! " + e.getMessage());
            log.debug(e.getMessage(), e);
            serverCall.close(Status.UNAUTHENTICATED.withDescription(e.getMessage()), metadata);
            return NULL_LISTENER;
        } catch (ExpiredTokenException e2) {
            log.debug(e2.getMessage());
            serverCall.close(Status.UNAUTHENTICATED.withDescription("STATUS_TOKEN_EXPIRED"), metadata);
            return NULL_LISTENER;
        }
    }

    private <ReqT, RespT> Authentication authenticateCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) throws AuthenticationException {
        String str = (String) metadata.get(ProtoConstants.REQ_HEADER_AUTH);
        if (str == null) {
            throw new AuthenticationException("No authentication was provided by the client");
        }
        String[] split = str.trim().split("\\s+", 2);
        if (split.length == 1) {
            throw new AuthenticationException("Required authentication token missing for scheme: " + split[0]);
        }
        return Authenticators.getAuthenticator(split[0]).authenticate(UserInfo.builder().token(split[1]).build());
    }
}
