package org.yamcs.http;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.cookie.Cookie;
import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
import java.util.Base64;
import java.util.concurrent.ExecutionException;
import org.yamcs.YamcsServer;
import org.yamcs.http.auth.TokenStore;
import org.yamcs.logging.Log;
import org.yamcs.security.AbstractHttpRequestAuthModule;
import org.yamcs.security.AuthenticationException;
import org.yamcs.security.AuthenticationInfo;
import org.yamcs.security.SecurityStore;
import org.yamcs.security.User;
import org.yamcs.security.UsernamePasswordToken;
import org.yamcs.utils.Mimetypes;

/* loaded from: input_file:org/yamcs/http/HttpHandler.class */
public abstract class HttpHandler {
    protected static final Mimetypes MIME = Mimetypes.getInstance();
    private static final String AUTH_TYPE_BASIC = "Basic ";
    private static final String AUTH_TYPE_BEARER = "Bearer ";
    protected final Log log = new Log(getClass());

    public abstract boolean requireAuth();

    public abstract void handle(HandlerContext handlerContext);

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void handle(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) {
        User user = null;
        if (requireAuth()) {
            user = authorizeUser(channelHandlerContext, httpRequest);
            channelHandlerContext.channel().attr(HttpRequestHandler.CTX_USERNAME).set(user.getName());
        }
        doHandle(channelHandlerContext, httpRequest, user);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doHandle(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, User user) {
        try {
            handle(new HandlerContext((String) channelHandlerContext.channel().attr(HttpRequestHandler.CTX_CONTEXT_PATH).get(), channelHandlerContext, httpRequest, user));
        } catch (Throwable th) {
            th = th;
            if (!(th instanceof HttpException)) {
                th = new InternalServerErrorException(th);
            }
            HttpException httpException = (HttpException) th;
            if (httpException.isServerError()) {
                this.log.error("Responding '{}': {}", httpException.getStatus(), httpException.getMessage(), httpException);
            } else {
                this.log.warn("Responding '{}': {}", httpException.getStatus(), httpException.getMessage());
            }
            HttpRequestHandler.sendPlainTextError(channelHandlerContext, httpRequest, httpException.getStatus());
        }
    }

    private User authorizeUser(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws HttpException {
        SecurityStore securityStore = YamcsServer.getServer().getSecurityStore();
        if (securityStore.isEnabled()) {
            if (httpRequest.headers().contains(HttpHeaderNames.AUTHORIZATION)) {
                String str = httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION);
                if (str.startsWith(AUTH_TYPE_BASIC)) {
                    return handleBasicAuth(channelHandlerContext, httpRequest);
                }
                if (str.startsWith(AUTH_TYPE_BEARER)) {
                    return handleBearerAuth(channelHandlerContext, httpRequest);
                }
                throw new BadRequestException("Unsupported Authorization header '" + str + "'");
            }
            if (securityStore.getAuthModules().stream().anyMatch(authModule -> {
                return (authModule instanceof AbstractHttpRequestAuthModule) && ((AbstractHttpRequestAuthModule) authModule).handles(channelHandlerContext, httpRequest);
            })) {
                try {
                    return securityStore.getUserFromCache(securityStore.login(new AbstractHttpRequestAuthModule.HttpRequestToken(channelHandlerContext, httpRequest)).get().getUsername());
                } catch (InterruptedException e) {
                    Thread.currentThread().interrupt();
                    return null;
                } catch (ExecutionException e2) {
                    if (e2.getCause() instanceof AuthenticationException) {
                        throw new UnauthorizedException(e2.getCause().getMessage());
                    }
                    throw new InternalServerErrorException(e2.getCause());
                }
            }
            String accessTokenFromCookie = getAccessTokenFromCookie(httpRequest);
            if (accessTokenFromCookie != null) {
                return handleAccessToken(channelHandlerContext, httpRequest, accessTokenFromCookie);
            }
        }
        if (securityStore.getGuestUser().isActive()) {
            return securityStore.getGuestUser();
        }
        throw new UnauthorizedException("Missing authentication");
    }

    public static String getAccessTokenFromCookie(HttpRequest httpRequest) {
        HttpHeaders headers = httpRequest.headers();
        if (!headers.contains(HttpHeaderNames.COOKIE)) {
            return null;
        }
        for (Cookie cookie : ServerCookieDecoder.STRICT.decode(headers.get(HttpHeaderNames.COOKIE))) {
            if ("access_token".equalsIgnoreCase(cookie.name())) {
                return cookie.value();
            }
        }
        return null;
    }

    private User handleBasicAuth(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws HttpException {
        try {
            String[] split = new String(Base64.getDecoder().decode(httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION).substring(AUTH_TYPE_BASIC.length()))).split(":", 2);
            if (split.length < 2) {
                throw new BadRequestException("Malformed username/password (Not separated by colon?)");
            }
            try {
                SecurityStore securityStore = YamcsServer.getServer().getSecurityStore();
                return securityStore.getUserFromCache(securityStore.login(new UsernamePasswordToken(split[0], split[1].toCharArray())).get().getUsername());
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                return null;
            } catch (ExecutionException e2) {
                if (e2.getCause() instanceof AuthenticationException) {
                    throw new UnauthorizedException(e2.getCause().getMessage());
                }
                throw new InternalServerErrorException(e2.getCause());
            }
        } catch (IllegalArgumentException e3) {
            throw new BadRequestException("Could not decode Base64-encoded credentials");
        }
    }

    private User handleBearerAuth(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest) throws UnauthorizedException {
        return handleAccessToken(channelHandlerContext, httpRequest, httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION).substring(AUTH_TYPE_BEARER.length()));
    }

    private User handleAccessToken(ChannelHandlerContext channelHandlerContext, HttpRequest httpRequest, String str) throws UnauthorizedException {
        TokenStore tokenStore = ((HttpServer) YamcsServer.getServer().getGlobalService(HttpServer.class)).getTokenStore();
        AuthenticationInfo verifyAccessToken = tokenStore.verifyAccessToken(str);
        SecurityStore securityStore = YamcsServer.getServer().getSecurityStore();
        if (securityStore.verifyValidity(verifyAccessToken)) {
            return securityStore.getUserFromCache(verifyAccessToken.getUsername());
        }
        tokenStore.revokeAccessToken(str);
        throw new UnauthorizedException("Could not verify token");
    }
}
