package com.linkedin.venice.listener;

import com.linkedin.venice.acl.DynamicAccessController;
import com.linkedin.venice.acl.handler.StoreAclHandler;
import com.linkedin.venice.authentication.AuthenticationService;
import com.linkedin.venice.authorization.AuthorizerService;
import com.linkedin.venice.exceptions.VeniceException;
import com.linkedin.venice.meta.ReadOnlyStoreRepository;
import com.linkedin.venice.meta.Version;
import com.linkedin.venice.utils.SslUtils;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.ReferenceCountUtil;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: input_file:com/linkedin/venice/listener/ServerStoreAclHandler.class */
public class ServerStoreAclHandler extends StoreAclHandler {
    public ServerStoreAclHandler(Optional<DynamicAccessController> optional, Optional<AuthenticationService> optional2, Optional<AuthorizerService> optional3, ReadOnlyStoreRepository readOnlyStoreRepository) {
        super(optional, optional2, optional3, readOnlyStoreRepository);
    }

    @Override // com.linkedin.venice.acl.handler.StoreAclHandler
    protected String extractStoreName(String str) {
        return Version.parseStoreFromKafkaTopicName(str);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.linkedin.venice.acl.handler.StoreAclHandler, io.netty.channel.SimpleChannelInboundHandler
    public void channelRead0(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws SSLPeerUnverifiedException {
        if (!checkWhetherAccessHasAlreadyApproved(channelHandlerContext)) {
            super.channelRead0(channelHandlerContext, httpRequest);
        } else {
            ReferenceCountUtil.retain(httpRequest);
            channelHandlerContext.fireChannelRead((Object) httpRequest);
        }
    }

    @Override // com.linkedin.venice.acl.handler.StoreAclHandler
    protected X509Certificate extractClientCert(ChannelHandlerContext channelHandlerContext) throws SSLPeerUnverifiedException {
        Optional<SslHandler> extractSslHandler = ServerHandlerUtils.extractSslHandler(channelHandlerContext);
        if (extractSslHandler.isPresent()) {
            return SslUtils.getX509Certificate(extractSslHandler.get().engine().getSession().getPeerCertificates()[0]);
        }
        throw new VeniceException("Failed to extract client cert from the incoming request");
    }

    protected static boolean checkWhetherAccessHasAlreadyApproved(ChannelHandlerContext channelHandlerContext) {
        return Boolean.TRUE.equals(channelHandlerContext.channel().attr(ServerAclHandler.SERVER_ACL_APPROVED_ATTRIBUTE_KEY).get());
    }
}
