package org.apache.tinkerpop.gremlin.server.handler;

import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.util.Attribute;
import io.netty.util.AttributeKey;
import org.apache.tinkerpop.gremlin.driver.message.RequestMessage;
import org.apache.tinkerpop.gremlin.driver.message.ResponseMessage;
import org.apache.tinkerpop.gremlin.driver.message.ResponseStatusCode;
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.apache.tinkerpop.gremlin.server.auth.Authenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ChannelHandler.Sharable
/* loaded from: input_file:org/apache/tinkerpop/gremlin/server/handler/SaslAuthenticationHandler.class */
public class SaslAuthenticationHandler extends ChannelInboundHandlerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(SaslAuthenticationHandler.class);
    private static final AttributeKey<Authenticator.SaslNegotiator> negotiatorKey = AttributeKey.valueOf("negotiator");
    private static final AttributeKey<RequestMessage> requestKey = AttributeKey.valueOf("request");
    private final Authenticator authenticator;

    public SaslAuthenticationHandler(Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (!(obj instanceof RequestMessage)) {
            logger.warn("{} only processes RequestMessage instances - received {} - channel closing", getClass().getSimpleName(), obj.getClass());
            channelHandlerContext.close();
            return;
        }
        RequestMessage requestMessage = (RequestMessage) obj;
        Attribute attr = channelHandlerContext.attr(negotiatorKey);
        Attribute attr2 = channelHandlerContext.attr(requestKey);
        if (attr.get() == null) {
            attr.set(this.authenticator.newSaslNegotiator());
            attr2.set(requestMessage);
            channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).code(ResponseStatusCode.AUTHENTICATE).create());
        } else {
            if (!requestMessage.getOp().equals("authentication") || !requestMessage.getArgs().containsKey("sasl")) {
                channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).statusMessage("Failed to authenticate").code(ResponseStatusCode.UNAUTHORIZED).create());
                return;
            }
            try {
                byte[] evaluateResponse = ((Authenticator.SaslNegotiator) attr.get()).evaluateResponse((byte[]) requestMessage.getArgs().get("sasl"));
                if (((Authenticator.SaslNegotiator) attr.get()).isComplete()) {
                    ((Authenticator.SaslNegotiator) attr.get()).getAuthenticatedUser();
                    channelHandlerContext.pipeline().remove(this);
                    channelHandlerContext.fireChannelRead((RequestMessage) attr2.get());
                } else {
                    channelHandlerContext.writeAndFlush(ResponseMessage.build(requestMessage).code(ResponseStatusCode.AUTHENTICATE).result(evaluateResponse).create());
                }
            } catch (AuthenticationException e) {
                channelHandlerContext.writeAndFlush(ResponseMessage.build((RequestMessage) attr2.get()).statusMessage(e.getMessage()).code(ResponseStatusCode.UNAUTHORIZED).create());
            }
        }
    }
}
