package io.deephaven.auth;

import com.google.rpc.Code;
import io.deephaven.base.verify.Assert;
import io.deephaven.engine.context.ExecutionContext;
import io.deephaven.internal.log.LoggerFactory;
import io.deephaven.io.logger.Logger;
import io.deephaven.proto.util.Exceptions;
import io.deephaven.util.function.ThrowingRunnable;
import io.grpc.ForwardingServerCallListener;
import io.grpc.Metadata;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerMethodDefinition;
import io.grpc.ServerServiceDefinition;
import io.grpc.Status;
import io.grpc.StatusRuntimeException;

/* loaded from: input_file:io/deephaven/auth/ServiceAuthWiring.class */
public interface ServiceAuthWiring<ServiceImplBase> {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.deephaven.auth.ServiceAuthWiring$1, reason: invalid class name */
    /* loaded from: input_file:io/deephaven/auth/ServiceAuthWiring$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$grpc$Status$Code = new int[Status.Code.values().length];

        static {
            try {
                $SwitchMap$io$grpc$Status$Code[Status.Code.UNAUTHENTICATED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$grpc$Status$Code[Status.Code.PERMISSION_DENIED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$grpc$Status$Code[Status.Code.RESOURCE_EXHAUSTED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:io/deephaven/auth/ServiceAuthWiring$AuthorizingServerCallHandler.class */
    public static class AuthorizingServerCallHandler<ReqT, RespT> implements ServerCallHandler<ReqT, RespT> {
        private static final Logger log = LoggerFactory.getLogger(AuthorizingServerCallHandler.class);
        private final ServerCallHandler<ReqT, RespT> delegate;
        private final CallStartedCallback callStartedCallback;
        private final MessageReceivedCallback<ReqT> messageReceivedCallback;
        private final boolean mustHaveRequest;
        private final String fullMethodName;

        public AuthorizingServerCallHandler(ServerCallHandler<ReqT, RespT> serverCallHandler, ServerMethodDefinition<ReqT, RespT> serverMethodDefinition, CallStartedCallback callStartedCallback, MessageReceivedCallback<ReqT> messageReceivedCallback) {
            this.delegate = serverCallHandler;
            this.callStartedCallback = callStartedCallback;
            this.messageReceivedCallback = messageReceivedCallback;
            this.mustHaveRequest = serverMethodDefinition.getMethodDescriptor().getType().clientSendsOneMessage();
            this.fullMethodName = serverMethodDefinition.getMethodDescriptor().getFullMethodName();
            if (!this.mustHaveRequest) {
                Assert.neqNull(callStartedCallback, "callStartedCallback");
            }
            Assert.neqNull(messageReceivedCallback, "messageReceivedCallback");
        }

        public ServerCall.Listener<ReqT> startCall(final ServerCall<ReqT, RespT> serverCall, Metadata metadata) {
            final AuthContext authContext = ExecutionContext.getContext().getAuthContext();
            return (this.mustHaveRequest || validateAuth(serverCall, () -> {
                this.callStartedCallback.callStarted(authContext);
            })) ? new ForwardingServerCallListener.SimpleForwardingServerCallListener<ReqT>(this.delegate.startCall(serverCall, metadata)) { // from class: io.deephaven.auth.ServiceAuthWiring.AuthorizingServerCallHandler.2
                public void onMessage(ReqT reqt) {
                    AuthorizingServerCallHandler authorizingServerCallHandler = AuthorizingServerCallHandler.this;
                    ServerCall<ReqT, RespT> serverCall2 = serverCall;
                    AuthContext authContext2 = authContext;
                    if (authorizingServerCallHandler.validateAuth(serverCall2, () -> {
                        AuthorizingServerCallHandler.this.messageReceivedCallback.messageReceived(authContext2, reqt);
                    })) {
                        delegate().onMessage(reqt);
                    }
                }
            } : new ServerCall.Listener<ReqT>() { // from class: io.deephaven.auth.ServiceAuthWiring.AuthorizingServerCallHandler.1
            };
        }

        private boolean validateAuth(ServerCall<ReqT, RespT> serverCall, ThrowingRunnable<ReflectiveOperationException> throwingRunnable) {
            try {
                throwingRunnable.run();
                return true;
            } catch (ReflectiveOperationException | RuntimeException e) {
                Throwable th = e;
                if (!(th instanceof StatusRuntimeException) && th.getCause() != null) {
                    th = th.getCause();
                }
                if (!(th instanceof StatusRuntimeException)) {
                    log.error().append("Failed to invoke auth method: ").append(e).endl();
                    ServiceAuthWiring.quietlyCloseCall(serverCall, Status.UNAUTHENTICATED, new Metadata());
                    return false;
                }
                StatusRuntimeException statusRuntimeException = (StatusRuntimeException) th;
                switch (AnonymousClass1.$SwitchMap$io$grpc$Status$Code[statusRuntimeException.getStatus().getCode().ordinal()]) {
                    case 1:
                        log.info().append(this.fullMethodName).append(": request unauthenticated").endl();
                        break;
                    case 2:
                        log.info().append(this.fullMethodName).append(": request unauthorized").endl();
                        break;
                    case 3:
                        log.info().append(this.fullMethodName).append(": request throttled").endl();
                        break;
                    default:
                        log.error().append(this.fullMethodName).append(": authorization failed: ").append(th).endl();
                        break;
                }
                ServiceAuthWiring.quietlyCloseCall(serverCall, statusRuntimeException.getStatus(), statusRuntimeException.getTrailers());
                return false;
            }
        }
    }

    @FunctionalInterface
    /* loaded from: input_file:io/deephaven/auth/ServiceAuthWiring$CallStartedCallback.class */
    public interface CallStartedCallback {
        void callStarted(AuthContext authContext);
    }

    @FunctionalInterface
    /* loaded from: input_file:io/deephaven/auth/ServiceAuthWiring$MessageReceivedCallback.class */
    public interface MessageReceivedCallback<T> {
        void messageReceived(AuthContext authContext, T t);
    }

    static void operationNotAllowed() {
        operationNotAllowed("Operation not allowed");
    }

    static void operationNotAllowed(String str) {
        throw Exceptions.statusRuntimeException(Code.PERMISSION_DENIED, str);
    }

    ServerServiceDefinition intercept(ServiceImplBase serviceimplbase);

    private static <ReqT, RespT> void quietlyCloseCall(ServerCall<ReqT, RespT> serverCall, Status status, Metadata metadata) {
        try {
            serverCall.close(status, metadata);
        } catch (IllegalStateException e) {
        }
    }

    static <ReqT, RespT> ServerMethodDefinition<ReqT, RespT> intercept(ServerServiceDefinition serverServiceDefinition, String str, CallStartedCallback callStartedCallback, MessageReceivedCallback<ReqT> messageReceivedCallback) {
        String str2 = serverServiceDefinition.getServiceDescriptor().getName() + "/" + str;
        ServerMethodDefinition method = serverServiceDefinition.getMethod(str2);
        if (method == null) {
            throw new IllegalStateException("No method found for name: " + str2);
        }
        return method.withServerCallHandler(new AuthorizingServerCallHandler(method.getServerCallHandler(), method, callStartedCallback, messageReceivedCallback));
    }
}
