package io.openliberty.grpc.internal.servlet;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.http2.GrpcServletServices;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authorization.util.RoleMethodAuthUtil;
import com.ibm.ws.security.authorization.util.UnauthenticatedException;
import io.grpc.BindableService;
import io.grpc.Metadata;
import io.grpc.ServerInterceptor;
import io.grpc.ServerInterceptors;
import io.grpc.servlet.ServletServerBuilder;
import io.openliberty.grpc.internal.GrpcMessages;
import io.openliberty.grpc.internal.config.GrpcServiceConfigHolder;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.nio.file.AccessDeniedException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:io/openliberty/grpc/internal/servlet/GrpcServletUtils.class */
public class GrpcServletUtils {
    static final long serialVersionUID = -3172251466230442567L;
    private static final TraceComponent tc = Tr.register(GrpcServletUtils.class, GrpcMessages.GRPC_TRACE_NAME, GrpcMessages.GRPC_BUNDLE);
    private static final Map<String, Boolean> authMap = new ConcurrentHashMap();
    public static final String LIBERTY_AUTH_KEY_STRING = "libertyAuthCheck";
    public static final Metadata.Key<String> LIBERTY_AUTH_KEY = Metadata.Key.of(LIBERTY_AUTH_KEY_STRING, Metadata.ASCII_STRING_MARSHALLER);
    private static final LibertyAuthorizationInterceptor authInterceptor = new LibertyAuthorizationInterceptor();

    public static void addLibertyAuthHeader(List<byte[]> list, HttpServletRequest httpServletRequest, boolean z) {
        list.add(LIBERTY_AUTH_KEY.name().getBytes(StandardCharsets.US_ASCII));
        list.add(String.valueOf(httpServletRequest.hashCode()).getBytes(StandardCharsets.US_ASCII));
        authMap.put(String.valueOf(httpServletRequest.hashCode()), Boolean.valueOf(z));
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "adding {0} to authMap with value {1}", new Object[]{Integer.valueOf(httpServletRequest.hashCode()), Boolean.valueOf(z)});
        }
    }

    public static String translateLibertyPath(String str) {
        if (str.length() - str.replace("/", "").length() == 2) {
            str = str.substring(str.indexOf(47) + 1);
        }
        return str;
    }

    public static Method getTargetMethod(String str) {
        GrpcServletServices.ServiceInformation serviceInformation;
        Class serviceClass;
        String substring = str.substring(0, str.indexOf(47));
        Map servletGrpcServices = GrpcServletServices.getServletGrpcServices();
        if (servletGrpcServices == null || (serviceInformation = (GrpcServletServices.ServiceInformation) servletGrpcServices.get(substring)) == null || (serviceClass = serviceInformation.getServiceClass()) == null) {
            return null;
        }
        char[] charArray = str.substring(str.indexOf(47) + 1).toCharArray();
        charArray[0] = Character.toLowerCase(charArray[0]);
        String str2 = new String(charArray);
        for (Method method : serviceClass.getMethods()) {
            if (method.getName().equals(str2)) {
                return method;
            }
        }
        return null;
    }

    @FFDCIgnore({UnauthenticatedException.class, UnauthenticatedException.class, AccessDeniedException.class})
    public static boolean doServletAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        try {
            handleMessage(httpServletRequest, str);
            return true;
        } catch (UnauthenticatedException e) {
            try {
                if (!authenticate(httpServletRequest, httpServletResponse)) {
                    return false;
                }
                handleMessage(httpServletRequest, str);
                return true;
            } catch (UnauthenticatedException | AccessDeniedException e2) {
                return false;
            }
        } catch (AccessDeniedException e3) {
            return false;
        }
    }

    private static boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return httpServletRequest.authenticate(httpServletResponse);
        } catch (IOException | ServletException e) {
            FFDCFilter.processException(e, "io.openliberty.grpc.internal.servlet.GrpcServletUtils", "162", (Object) null, new Object[]{httpServletRequest, httpServletResponse});
            return false;
        }
    }

    private static void handleMessage(HttpServletRequest httpServletRequest, String str) throws UnauthenticatedException, AccessDeniedException {
        Method targetMethod = getTargetMethod(str);
        if (targetMethod != null && !RoleMethodAuthUtil.parseMethodSecurity(targetMethod, httpServletRequest.getUserPrincipal(), str2 -> {
            return httpServletRequest.isUserInRole(str2);
        })) {
            throw new AccessDeniedException("Unauthorized");
        }
    }

    public static boolean isAuthorized(String str) {
        if (str == null) {
            return false;
        }
        return Boolean.TRUE.equals(authMap.remove(str));
    }

    public static List<ServerInterceptor> getUserInterceptors(String str) {
        LinkedList linkedList = new LinkedList();
        String serviceInterceptors = GrpcServiceConfigHolder.getServiceInterceptors(str);
        if (serviceInterceptors != null) {
            List asList = Arrays.asList(serviceInterceptors.split("\\s*,\\s*"));
            if (!asList.isEmpty()) {
                Iterator it = asList.iterator();
                while (it.hasNext()) {
                    try {
                        linkedList.add((ServerInterceptor) Class.forName((String) it.next(), true, Thread.currentThread().getContextClassLoader()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
                    } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                        FFDCFilter.processException(e, "io.openliberty.grpc.internal.servlet.GrpcServletUtils", "216", (Object) null, new Object[]{str});
                        Tr.warning(tc, "invalid.serverinterceptor", new Object[]{e.getMessage()});
                    }
                }
            }
        }
        return linkedList;
    }

    public static void addServices(List<? extends BindableService> list, ServletServerBuilder servletServerBuilder) {
        for (BindableService bindableService : list) {
            String name = bindableService.bindService().getServiceDescriptor().getName();
            List<ServerInterceptor> userInterceptors = getUserInterceptors(name);
            userInterceptors.add(authInterceptor);
            servletServerBuilder.addService(ServerInterceptors.intercept(bindableService, userInterceptors));
            int maxInboundMessageSize = GrpcServiceConfigHolder.getMaxInboundMessageSize(name);
            if (maxInboundMessageSize != -1) {
                servletServerBuilder.m5maxInboundMessageSize(maxInboundMessageSize);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "gRPC service {0} has been registered", new Object[]{name});
            }
        }
    }
}
