package io.openliberty.grpc.internal.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authorization.util.RoleMethodAuthUtil;
import com.ibm.ws.security.authorization.util.UnauthenticatedException;
import io.grpc.Metadata;
import io.openliberty.grpc.internal.GrpcMessages;
import io.openliberty.grpc.internal.servlet.GrpcServletUtils;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:io/openliberty/grpc/internal/security/GrpcServerSecurity.class */
public class GrpcServerSecurity {
    static final long serialVersionUID = -5437531490470206046L;
    private static final TraceComponent tc = Tr.register(GrpcServerSecurity.class, GrpcMessages.GRPC_TRACE_NAME, GrpcMessages.GRPC_BUNDLE);
    private static final Map<String, Boolean> authMap = new ConcurrentHashMap();
    public static final String LIBERTY_AUTH_KEY_STRING = "libertyAuthCheck";
    public static final Metadata.Key<String> LIBERTY_AUTH_KEY = Metadata.Key.of(LIBERTY_AUTH_KEY_STRING, Metadata.ASCII_STRING_MARSHALLER);

    public static void addLibertyAuthHeader(List<byte[]> list, HttpServletRequest httpServletRequest, boolean z) {
        list.add(LIBERTY_AUTH_KEY.name().getBytes(StandardCharsets.US_ASCII));
        list.add(String.valueOf(httpServletRequest.hashCode()).getBytes(StandardCharsets.US_ASCII));
        authMap.put(String.valueOf(httpServletRequest.hashCode()), Boolean.valueOf(z));
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "adding {0} to authMap with value {1}", new Object[]{Integer.valueOf(httpServletRequest.hashCode()), Boolean.valueOf(z)});
        }
    }

    @FFDCIgnore({UnauthenticatedException.class, UnauthenticatedException.class, UnauthorizedException.class})
    public static boolean doServletAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        try {
            handleSecurity(httpServletRequest, str);
            return true;
        } catch (UnauthenticatedException e) {
            Tr.error(tc, "authentication.error", new Object[]{str, e.getMessage()});
            return false;
        } catch (UnauthorizedException e2) {
            Tr.error(tc, "authorization.error", new Object[]{str, e2.getMessage()});
            return false;
        }
    }

    private static void handleSecurity(HttpServletRequest httpServletRequest, String str) throws UnauthenticatedException, UnauthorizedException {
        Method targetMethod = GrpcServletUtils.getTargetMethod(str);
        if (targetMethod != null) {
            if (!RoleMethodAuthUtil.parseMethodSecurity(targetMethod, httpServletRequest.getUserPrincipal(), str2 -> {
                return httpServletRequest.isUserInRole(str2);
            })) {
                throw new UnauthorizedException("Unauthorized");
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "gRPC target service for this path {0} does not exist", new Object[]{str});
        }
    }

    public static boolean isAuthorized(String str) {
        if (str == null) {
            return false;
        }
        return Boolean.TRUE.equals(authMap.remove(str));
    }
}
