package org.infinispan.server.resp;

import io.netty.channel.ChannelHandlerContext;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.concurrent.CompletionStage;
import javax.security.auth.Subject;
import javax.security.sasl.SaslException;
import org.infinispan.AdvancedCache;
import org.infinispan.commons.util.concurrent.CompletableFutures;
import org.infinispan.server.core.transport.ConnectionMetadata;
import org.infinispan.server.resp.authentication.RespAuthenticator;
import org.infinispan.server.resp.commands.AuthResp3Command;
import org.infinispan.server.resp.configuration.RespServerConfiguration;

/* loaded from: input_file:org/infinispan/server/resp/Resp3AuthHandler.class */
public class Resp3AuthHandler extends CacheRespRequestHandler {
    static final /* synthetic */ boolean $assertionsDisabled;

    public Resp3AuthHandler(RespServer respServer) {
        this(respServer, respServer.getCache());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Resp3AuthHandler(RespServer respServer, AdvancedCache<byte[], byte[]> advancedCache) {
        super(respServer, advancedCache);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.infinispan.server.resp.RespRequestHandler
    public CompletionStage<RespRequestHandler> actualHandleRequest(ChannelHandlerContext channelHandlerContext, RespCommand respCommand, List<byte[]> list) {
        if (respCommand instanceof AuthResp3Command) {
            return ((AuthResp3Command) respCommand).perform(this, channelHandlerContext, list);
        }
        if (isAuthorized()) {
            return super.actualHandleRequest(channelHandlerContext, respCommand, list);
        }
        handleUnauthorized(channelHandlerContext);
        return this.myStage;
    }

    public CompletionStage<Boolean> performAuth(ChannelHandlerContext channelHandlerContext, byte[] bArr, byte[] bArr2) {
        return performAuth(channelHandlerContext, new String(bArr, StandardCharsets.UTF_8), new String(bArr2, StandardCharsets.UTF_8));
    }

    public CompletionStage<Boolean> performAuth(ChannelHandlerContext channelHandlerContext) {
        return performAuth(channelHandlerContext, (String) null, (String) null);
    }

    private CompletionStage<Boolean> performAuth(ChannelHandlerContext channelHandlerContext, String str, String str2) {
        CompletionStage<Subject> usernamePasswordAuth;
        RespAuthenticator authenticator = ((RespServerConfiguration) this.respServer.getConfiguration()).m73authentication().authenticator();
        if (authenticator == null) {
            return CompletableFutures.booleanStage(handleAuthResponse(channelHandlerContext, null));
        }
        if (str == null && str2 == null) {
            try {
                usernamePasswordAuth = canUseCertAuth() ? authenticator.clientCertAuth(channelHandlerContext.channel()) : CompletableFutures.completedNull();
            } catch (SaslException e) {
                throw CompletableFutures.asCompletionException(e);
            }
        } else {
            usernamePasswordAuth = authenticator.usernamePasswordAuth(str, str2.toCharArray());
        }
        return usernamePasswordAuth.thenApplyAsync(subject -> {
            return Boolean.valueOf(handleAuthResponse(channelHandlerContext, subject));
        }, channelHandlerContext.channel().eventLoop()).exceptionally(th -> {
            return false;
        });
    }

    private boolean handleAuthResponse(ChannelHandlerContext channelHandlerContext, Subject subject) {
        if (!$assertionsDisabled && !channelHandlerContext.channel().eventLoop().inEventLoop()) {
            throw new AssertionError();
        }
        if (subject == null) {
            return false;
        }
        ConnectionMetadata.getInstance(channelHandlerContext.channel()).subject(subject);
        setCache(this.cache.withSubject(subject));
        return true;
    }

    private void handleUnauthorized(ChannelHandlerContext channelHandlerContext) {
        if (!$assertionsDisabled && !channelHandlerContext.channel().eventLoop().inEventLoop()) {
            throw new AssertionError();
        }
        writer().unauthorized();
    }

    public boolean isAuthorized() {
        return getClass() != Resp3AuthHandler.class;
    }

    public boolean canUseCertAuth() {
        RespAuthenticator authenticator = ((RespServerConfiguration) this.respServer.getConfiguration()).m73authentication().authenticator();
        return authenticator != null && authenticator.isClientCertAuthEnabled();
    }

    static {
        $assertionsDisabled = !Resp3AuthHandler.class.desiredAssertionStatus();
    }
}
