package org.dcache.xrootd.core;

import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import java.security.GeneralSecurityException;
import org.dcache.xrootd.plugins.AuthorizationFactory;
import org.dcache.xrootd.protocol.XrootdProtocol;
import org.dcache.xrootd.protocol.messages.CloseRequest;
import org.dcache.xrootd.protocol.messages.DirListRequest;
import org.dcache.xrootd.protocol.messages.LocateRequest;
import org.dcache.xrootd.protocol.messages.MkDirRequest;
import org.dcache.xrootd.protocol.messages.MvRequest;
import org.dcache.xrootd.protocol.messages.OpenRequest;
import org.dcache.xrootd.protocol.messages.PathRequest;
import org.dcache.xrootd.protocol.messages.PrepareRequest;
import org.dcache.xrootd.protocol.messages.ProtocolRequest;
import org.dcache.xrootd.protocol.messages.QueryRequest;
import org.dcache.xrootd.protocol.messages.ReadRequest;
import org.dcache.xrootd.protocol.messages.ReadVRequest;
import org.dcache.xrootd.protocol.messages.RmDirRequest;
import org.dcache.xrootd.protocol.messages.RmRequest;
import org.dcache.xrootd.protocol.messages.SetRequest;
import org.dcache.xrootd.protocol.messages.StatRequest;
import org.dcache.xrootd.protocol.messages.StatxRequest;
import org.dcache.xrootd.protocol.messages.SyncRequest;
import org.dcache.xrootd.protocol.messages.WriteRequest;
import org.dcache.xrootd.protocol.messages.XrootdRequest;
import org.dcache.xrootd.util.OpaqueStringParser;
import org.dcache.xrootd.util.ParseException;
import org.slf4j.Marker;

@ChannelHandler.Sharable
/* loaded from: input_file:org/dcache/xrootd/core/XrootdAuthorizationHandler.class */
public class XrootdAuthorizationHandler extends XrootdRequestHandler {
    private final AuthorizationFactory _authorizationFactory;

    public XrootdAuthorizationHandler(AuthorizationFactory authorizationFactory) {
        this._authorizationFactory = authorizationFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnStat(ChannelHandlerContext channelHandlerContext, StatRequest statRequest) throws XrootdException {
        authorize(channelHandlerContext, statRequest, XrootdProtocol.FilePerm.READ);
        channelHandlerContext.fireChannelRead((Object) statRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnStatx(ChannelHandlerContext channelHandlerContext, StatxRequest statxRequest) throws XrootdException {
        if (statxRequest.getPaths().length == 0) {
            throw new XrootdException(3001, "no paths specified");
        }
        String[] paths = statxRequest.getPaths();
        String[] opaques = statxRequest.getOpaques();
        for (int i = 0; i < paths.length; i++) {
            paths[i] = authorize(channelHandlerContext, statxRequest, XrootdProtocol.FilePerm.READ, paths[i], opaques[i]);
        }
        statxRequest.setPaths(paths);
        channelHandlerContext.fireChannelRead((Object) statxRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnRm(ChannelHandlerContext channelHandlerContext, RmRequest rmRequest) throws XrootdException {
        if (rmRequest.getPath().isEmpty()) {
            throw new XrootdException(3001, "no path specified");
        }
        authorize(channelHandlerContext, rmRequest, XrootdProtocol.FilePerm.DELETE);
        channelHandlerContext.fireChannelRead((Object) rmRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnRmDir(ChannelHandlerContext channelHandlerContext, RmDirRequest rmDirRequest) throws XrootdException {
        if (rmDirRequest.getPath().isEmpty()) {
            throw new XrootdException(3001, "no path specified");
        }
        authorize(channelHandlerContext, rmDirRequest, XrootdProtocol.FilePerm.DELETE);
        channelHandlerContext.fireChannelRead((Object) rmDirRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnMkDir(ChannelHandlerContext channelHandlerContext, MkDirRequest mkDirRequest) throws XrootdException {
        if (mkDirRequest.getPath().isEmpty()) {
            throw new XrootdException(3001, "no path specified");
        }
        authorize(channelHandlerContext, mkDirRequest, XrootdProtocol.FilePerm.WRITE);
        channelHandlerContext.fireChannelRead((Object) mkDirRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnMv(ChannelHandlerContext channelHandlerContext, MvRequest mvRequest) throws XrootdException {
        if (mvRequest.getSourcePath().isEmpty()) {
            throw new XrootdException(3001, "No source path specified");
        }
        if (mvRequest.getTargetPath().isEmpty()) {
            throw new XrootdException(3001, "No target path specified");
        }
        mvRequest.setSourcePath(authorize(channelHandlerContext, mvRequest, XrootdProtocol.FilePerm.DELETE, mvRequest.getSourcePath(), mvRequest.getSourceOpaque()));
        mvRequest.setTargetPath(authorize(channelHandlerContext, mvRequest, XrootdProtocol.FilePerm.WRITE, mvRequest.getTargetPath(), mvRequest.getTargetOpaque()));
        channelHandlerContext.fireChannelRead((Object) mvRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnDirList(ChannelHandlerContext channelHandlerContext, DirListRequest dirListRequest) throws XrootdException {
        if (dirListRequest.getPath().isEmpty()) {
            throw new XrootdException(3001, "no source path specified");
        }
        authorize(channelHandlerContext, dirListRequest, XrootdProtocol.FilePerm.READ);
        channelHandlerContext.fireChannelRead((Object) dirListRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnPrepare(ChannelHandlerContext channelHandlerContext, PrepareRequest prepareRequest) {
        channelHandlerContext.fireChannelRead((Object) prepareRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnLocate(ChannelHandlerContext channelHandlerContext, LocateRequest locateRequest) throws XrootdException {
        String path = locateRequest.getPath();
        if (!path.startsWith(Marker.ANY_MARKER)) {
            path = authorize(channelHandlerContext, locateRequest, XrootdProtocol.FilePerm.READ, path, locateRequest.getOpaque());
        } else if (!path.equals(Marker.ANY_MARKER)) {
            path = authorize(channelHandlerContext, locateRequest, XrootdProtocol.FilePerm.READ, path.substring(1), locateRequest.getOpaque());
        }
        locateRequest.setPath(path);
        channelHandlerContext.fireChannelRead((Object) locateRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnOpen(ChannelHandlerContext channelHandlerContext, OpenRequest openRequest) throws XrootdException {
        authorize(channelHandlerContext, openRequest, openRequest.getRequiredPermission());
        channelHandlerContext.fireChannelRead((Object) openRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnRead(ChannelHandlerContext channelHandlerContext, ReadRequest readRequest) throws XrootdException {
        channelHandlerContext.fireChannelRead((Object) readRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnReadV(ChannelHandlerContext channelHandlerContext, ReadVRequest readVRequest) throws XrootdException {
        channelHandlerContext.fireChannelRead((Object) readVRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnWrite(ChannelHandlerContext channelHandlerContext, WriteRequest writeRequest) throws XrootdException {
        channelHandlerContext.fireChannelRead((Object) writeRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnSync(ChannelHandlerContext channelHandlerContext, SyncRequest syncRequest) throws XrootdException {
        channelHandlerContext.fireChannelRead((Object) syncRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnClose(ChannelHandlerContext channelHandlerContext, CloseRequest closeRequest) throws XrootdException {
        channelHandlerContext.fireChannelRead((Object) closeRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnProtocolRequest(ChannelHandlerContext channelHandlerContext, ProtocolRequest protocolRequest) throws XrootdException {
        channelHandlerContext.fireChannelRead((Object) protocolRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnQuery(ChannelHandlerContext channelHandlerContext, QueryRequest queryRequest) throws XrootdException {
        switch (queryRequest.getReqcode()) {
            case 3:
            case 4:
                queryRequest.setPath(authorize(channelHandlerContext, queryRequest, XrootdProtocol.FilePerm.READ, queryRequest.getPath(), queryRequest.getOpaque()));
                break;
        }
        channelHandlerContext.fireChannelRead((Object) queryRequest);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.dcache.xrootd.core.XrootdRequestHandler
    public Void doOnSet(ChannelHandlerContext channelHandlerContext, SetRequest setRequest) throws XrootdException {
        channelHandlerContext.fireChannelRead((Object) setRequest);
        return null;
    }

    private void authorize(ChannelHandlerContext channelHandlerContext, PathRequest pathRequest, XrootdProtocol.FilePerm filePerm) throws XrootdException {
        pathRequest.setPath(authorize(channelHandlerContext, pathRequest, filePerm, pathRequest.getPath(), pathRequest.getOpaque()));
    }

    private String authorize(ChannelHandlerContext channelHandlerContext, XrootdRequest xrootdRequest, XrootdProtocol.FilePerm filePerm, String str, String str2) throws XrootdException {
        try {
            return this._authorizationFactory.createHandler().authorize(xrootdRequest.getSubject(), getDestinationAddress(), getSourceAddress(), str, OpaqueStringParser.getOpaqueMap(str2), xrootdRequest.getRequestId(), filePerm);
        } catch (SecurityException e) {
            throw new XrootdException(3010, "Permission denied: " + e.getMessage());
        } catch (GeneralSecurityException e2) {
            throw new XrootdException(3012, "Authorization check failed: " + e2.getMessage());
        } catch (ParseException e3) {
            throw new XrootdException(3010, "Invalid opaque data: " + e3.getMessage() + " (opaque=" + str2 + ")");
        }
    }
}
