package org.dcache.xrootd.core;

import com.google.common.collect.Maps;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.util.ReferenceCountUtil;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.Subject;
import org.dcache.xrootd.plugins.AuthenticationFactory;
import org.dcache.xrootd.plugins.AuthenticationHandler;
import org.dcache.xrootd.plugins.InvalidHandlerConfigurationException;
import org.dcache.xrootd.protocol.XrootdProtocol;
import org.dcache.xrootd.protocol.messages.AuthenticationRequest;
import org.dcache.xrootd.protocol.messages.EndSessionRequest;
import org.dcache.xrootd.protocol.messages.ErrorResponse;
import org.dcache.xrootd.protocol.messages.LoginRequest;
import org.dcache.xrootd.protocol.messages.LoginResponse;
import org.dcache.xrootd.protocol.messages.OkResponse;
import org.dcache.xrootd.protocol.messages.XrootdRequest;
import org.dcache.xrootd.protocol.messages.XrootdResponse;
import org.dcache.xrootd.security.BufferDecrypter;
import org.dcache.xrootd.security.SigningPolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/xrootd/core/XrootdAuthenticationHandler.class */
public class XrootdAuthenticationHandler extends ChannelInboundHandlerAdapter {
    private static final Logger _log = LoggerFactory.getLogger(XrootdAuthenticationHandler.class);
    private static final ConcurrentMap<XrootdSessionIdentifier, XrootdSession> _sessions = Maps.newConcurrentMap();
    private final AuthenticationFactory _authenticationFactory;
    private SigningPolicy _signingPolicy;
    private AuthenticationHandler _authenticationHandler;
    private XrootdSession _session;
    private final AtomicBoolean _isInProgress = new AtomicBoolean(false);
    private final XrootdSessionIdentifier _sessionId = new XrootdSessionIdentifier();
    private volatile State _state = State.NO_LOGIN;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/dcache/xrootd/core/XrootdAuthenticationHandler$State.class */
    public enum State {
        NO_LOGIN,
        NO_AUTH,
        AUTH
    }

    public XrootdAuthenticationHandler(AuthenticationFactory authenticationFactory) {
        this._authenticationFactory = authenticationFactory;
    }

    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
        _sessions.remove(this._sessionId);
        super.channelInactive(channelHandlerContext);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:9:0x001d. Please report as an issue. */
    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (!(obj instanceof XrootdRequest)) {
            super.channelRead(channelHandlerContext, obj);
            return;
        }
        XrootdRequest xrootdRequest = (XrootdRequest) obj;
        try {
            switch (xrootdRequest.getRequestId()) {
                case 3000:
                    try {
                        if (!this._isInProgress.compareAndSet(false, true)) {
                            throw new XrootdException(3020, "Login in progress");
                        }
                        try {
                            switch (this._state) {
                                case NO_LOGIN:
                                    throw new XrootdException(3010, "Login required");
                                case AUTH:
                                    throw new XrootdException(3006, "Already authenticated");
                                default:
                                    xrootdRequest.setSession(this._session);
                                    doOnAuthentication(channelHandlerContext, (AuthenticationRequest) xrootdRequest);
                                    this._isInProgress.set(false);
                                    ReferenceCountUtil.release(xrootdRequest);
                                    break;
                            }
                            return;
                        } finally {
                        }
                    } finally {
                    }
                case 3006:
                case XrootdProtocol.kXR_bind /* 3024 */:
                    xrootdRequest.setSession(this._session);
                    super.channelRead(channelHandlerContext, obj);
                    return;
                case 3007:
                    try {
                        if (!this._isInProgress.compareAndSet(false, true)) {
                            throw new XrootdException(3020, "Login in progress");
                        }
                        try {
                            this._state = State.NO_LOGIN;
                            this._session = new XrootdSession(this._sessionId, channelHandlerContext.channel(), (LoginRequest) xrootdRequest);
                            xrootdRequest.setSession(this._session);
                            doOnLogin(channelHandlerContext, (LoginRequest) xrootdRequest);
                            _sessions.put(this._sessionId, this._session);
                            this._isInProgress.set(false);
                            ReferenceCountUtil.release(xrootdRequest);
                            return;
                        } finally {
                        }
                    } finally {
                    }
                case 3011:
                    if (this._state == State.NO_LOGIN) {
                        ReferenceCountUtil.release(xrootdRequest);
                        throw new XrootdException(3010, "Login required");
                    }
                    xrootdRequest.setSession(this._session);
                    super.channelRead(channelHandlerContext, obj);
                    return;
                case XrootdProtocol.kXR_endsess /* 3023 */:
                    try {
                        switch (this._state) {
                            case NO_LOGIN:
                                throw new XrootdException(3010, "Login required");
                            case NO_AUTH:
                                throw new XrootdException(3010, "Authentication required");
                            default:
                                xrootdRequest.setSession(this._session);
                                doOnEndSession(channelHandlerContext, (EndSessionRequest) xrootdRequest);
                                ReferenceCountUtil.release(xrootdRequest);
                                break;
                        }
                        return;
                    } finally {
                        ReferenceCountUtil.release(xrootdRequest);
                    }
                default:
                    switch (this._state) {
                        case NO_LOGIN:
                            ReferenceCountUtil.release(xrootdRequest);
                            throw new XrootdException(3010, "Login required");
                        case NO_AUTH:
                            ReferenceCountUtil.release(xrootdRequest);
                            throw new XrootdException(3010, "Authentication required");
                        default:
                            xrootdRequest.setSession(this._session);
                            super.channelRead(channelHandlerContext, obj);
                            break;
                    }
                    return;
            }
        } catch (RuntimeException e) {
            _log.error("xrootd server error while processing " + obj + " (please report this to support@dcache.org)", (Throwable) e);
            channelHandlerContext.writeAndFlush(new ErrorResponse(xrootdRequest, 3012, String.format("Internal server error (%s)", e.getMessage())));
        } catch (XrootdException e2) {
            channelHandlerContext.writeAndFlush(new ErrorResponse(xrootdRequest, e2.getError(), e2.getMessage()));
        }
    }

    public void setSigningPolicy(SigningPolicy signingPolicy) {
        this._signingPolicy = signingPolicy;
    }

    private void doOnLogin(ChannelHandlerContext channelHandlerContext, LoginRequest loginRequest) throws XrootdException {
        try {
            this._authenticationHandler = this._authenticationFactory.createHandler();
            LoginResponse loginResponse = new LoginResponse(loginRequest, this._sessionId, this._authenticationHandler.getProtocol());
            if (this._authenticationHandler.isCompleted()) {
                authenticated(channelHandlerContext, this._authenticationHandler.getSubject());
            } else {
                this._state = State.NO_AUTH;
            }
            channelHandlerContext.writeAndFlush(loginResponse);
        } catch (InvalidHandlerConfigurationException e) {
            _log.error("Could not instantiate authentication handler: {}", (Throwable) e);
            throw new XrootdException(3012, "Internal server error");
        }
    }

    private void doOnAuthentication(ChannelHandlerContext channelHandlerContext, AuthenticationRequest authenticationRequest) throws XrootdException {
        XrootdResponse<AuthenticationRequest> authenticate = this._authenticationHandler.authenticate(authenticationRequest);
        if (this._authenticationHandler.isCompleted()) {
            this._state = State.NO_LOGIN;
            authenticated(channelHandlerContext, this._authenticationHandler.getSubject());
        }
        channelHandlerContext.writeAndFlush(authenticate);
    }

    private void doOnEndSession(ChannelHandlerContext channelHandlerContext, EndSessionRequest endSessionRequest) throws XrootdException {
        XrootdSession xrootdSession = _sessions.get(endSessionRequest.getSessionId());
        if (xrootdSession == null) {
            throw new XrootdException(3011, "session not found");
        }
        if (!xrootdSession.hasOwner(this._session.getSubject())) {
            throw new XrootdException(3010, "not session owner");
        }
        xrootdSession.getChannel().close();
        channelHandlerContext.writeAndFlush(new OkResponse(endSessionRequest));
    }

    private void authenticated(ChannelHandlerContext channelHandlerContext, Subject subject) throws XrootdException {
        this._session.setSubject(login(channelHandlerContext, subject));
        this._state = State.AUTH;
        if (this._signingPolicy.isSigningOn()) {
            BufferDecrypter decrypter = this._authenticationHandler.getDecrypter();
            channelHandlerContext.pipeline().addAfter("decoder", "sigverDecoder", new XrootdSigverDecoder(this._signingPolicy, decrypter));
            channelHandlerContext.pipeline().remove("decoder");
            _log.trace("switched decoder to sigverDecoder, decrypter {}.", decrypter);
        }
        this._authenticationHandler = null;
    }

    protected Subject login(ChannelHandlerContext channelHandlerContext, Subject subject) throws XrootdException {
        return subject;
    }
}
