package org.dcache.xrootd.core;

import com.google.common.collect.ImmutableSet;
import java.security.SecureRandom;
import javax.security.auth.Subject;
import org.dcache.xrootd.plugins.AuthenticationFactory;
import org.dcache.xrootd.plugins.AuthenticationHandler;
import org.dcache.xrootd.plugins.InvalidHandlerConfigurationException;
import org.dcache.xrootd.protocol.XrootdProtocol;
import org.dcache.xrootd.protocol.messages.AbstractResponseMessage;
import org.dcache.xrootd.protocol.messages.AuthenticationRequest;
import org.dcache.xrootd.protocol.messages.ErrorResponse;
import org.dcache.xrootd.protocol.messages.LoginRequest;
import org.dcache.xrootd.protocol.messages.LoginResponse;
import org.dcache.xrootd.protocol.messages.XrootdRequest;
import org.jboss.netty.channel.ChannelHandlerContext;
import org.jboss.netty.channel.MessageEvent;
import org.jboss.netty.channel.SimpleChannelUpstreamHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/xrootd/core/XrootdAuthenticationHandler.class */
public class XrootdAuthenticationHandler extends SimpleChannelUpstreamHandler {
    private static final int SESSION_ID_SIZE = 16;
    private final AuthenticationFactory _authenticationFactory;
    private AuthenticationHandler _authenticationHandler;
    private Subject _subject;
    private static final Logger _log = LoggerFactory.getLogger(XrootdAuthenticationHandler.class);
    private static final ImmutableSet<Integer> WITHOUT_LOGIN = ImmutableSet.of((int) Integer.valueOf(XrootdProtocol.kXR_bind), 3007, 3006);
    private static final ImmutableSet<Integer> WITHOUT_AUTH = ImmutableSet.of(3000, (int) Integer.valueOf(XrootdProtocol.kXR_bind), 3007, 3011, 3006);
    private static final SecureRandom _random = new SecureRandom();
    private State _state = State.NO_LOGIN;
    private final byte[] _session = new byte[16];

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/dcache/xrootd/core/XrootdAuthenticationHandler$State.class */
    public enum State {
        NO_LOGIN,
        NO_AUTH,
        AUTH
    }

    public XrootdAuthenticationHandler(AuthenticationFactory authenticationFactory) {
        this._authenticationFactory = authenticationFactory;
    }

    @Override // org.jboss.netty.channel.SimpleChannelUpstreamHandler
    public void messageReceived(ChannelHandlerContext channelHandlerContext, MessageEvent messageEvent) {
        Object message = messageEvent.getMessage();
        if (!(message instanceof XrootdRequest)) {
            channelHandlerContext.sendUpstream(messageEvent);
            return;
        }
        XrootdRequest xrootdRequest = (XrootdRequest) message;
        int requestId = xrootdRequest.getRequestId();
        try {
            if (this._state == State.NO_LOGIN && !WITHOUT_LOGIN.contains(Integer.valueOf(requestId))) {
                throw new XrootdException(3010, "Login required");
            }
            if (this._state == State.NO_AUTH && !WITHOUT_AUTH.contains(Integer.valueOf(requestId))) {
                throw new XrootdException(3010, "Authentication required");
            }
            switch (requestId) {
                case 3000:
                    doOnAuthentication(channelHandlerContext, messageEvent, (AuthenticationRequest) xrootdRequest);
                    break;
                case 3007:
                    doOnLogin(channelHandlerContext, messageEvent, (LoginRequest) xrootdRequest);
                    break;
                default:
                    xrootdRequest.setSubject(this._subject);
                    channelHandlerContext.sendUpstream(messageEvent);
                    break;
            }
        } catch (RuntimeException e) {
            _log.error(String.format("Processing %s failed due to a bug", message), (Throwable) e);
            messageEvent.getChannel().write(new ErrorResponse(xrootdRequest, 3012, String.format("Internal server error (%s)", e.getMessage())));
        } catch (XrootdException e2) {
            messageEvent.getChannel().write(new ErrorResponse(xrootdRequest, e2.getError(), e2.getMessage()));
        }
    }

    private void doOnLogin(ChannelHandlerContext channelHandlerContext, MessageEvent messageEvent, LoginRequest loginRequest) throws XrootdException {
        try {
            this._state = State.NO_LOGIN;
            this._subject = null;
            _random.nextBytes(this._session);
            this._authenticationHandler = this._authenticationFactory.createHandler();
            LoginResponse loginResponse = new LoginResponse(loginRequest, this._session, this._authenticationHandler.getProtocol());
            if (this._authenticationHandler.isCompleted()) {
                authenticated(channelHandlerContext, this._authenticationHandler.getSubject());
            } else {
                this._state = State.NO_AUTH;
            }
            messageEvent.getChannel().write(loginResponse);
        } catch (InvalidHandlerConfigurationException e) {
            _log.error("Could not instantiate authentication handler: {}", (Throwable) e);
            throw new XrootdException(3012, "Internal server error");
        }
    }

    private void doOnAuthentication(ChannelHandlerContext channelHandlerContext, MessageEvent messageEvent, AuthenticationRequest authenticationRequest) throws XrootdException {
        AbstractResponseMessage authenticate = this._authenticationHandler.authenticate(authenticationRequest);
        if (this._authenticationHandler.isCompleted()) {
            this._state = State.NO_LOGIN;
            authenticated(channelHandlerContext, this._authenticationHandler.getSubject());
        }
        messageEvent.getChannel().write(authenticate);
    }

    private void authenticated(ChannelHandlerContext channelHandlerContext, Subject subject) throws XrootdException {
        this._subject = login(channelHandlerContext, subject);
        this._state = State.AUTH;
        this._authenticationHandler = null;
    }

    protected Subject login(ChannelHandlerContext channelHandlerContext, Subject subject) throws XrootdException {
        return subject;
    }
}
