package net.devh.boot.grpc.server.security.interceptors;

import io.grpc.Context;
import io.grpc.ForwardingServerCallListener;
import io.grpc.Metadata;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import java.util.Objects;
import net.devh.boot.grpc.server.interceptor.GrpcGlobalServerInterceptor;
import net.devh.boot.grpc.server.security.authentication.GrpcAuthenticationReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

@GrpcGlobalServerInterceptor
/* loaded from: input_file:net/devh/boot/grpc/server/security/interceptors/AuthenticatingServerInterceptor.class */
public class AuthenticatingServerInterceptor implements ServerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(AuthenticatingServerInterceptor.class);
    public static final Context.Key<Authentication> AUTHENTICATION_CONTEXT_KEY = Context.key("authentication");
    private final AuthenticationManager authenticationManager;
    private final GrpcAuthenticationReader grpcAuthenticationReader;

    /* loaded from: input_file:net/devh/boot/grpc/server/security/interceptors/AuthenticatingServerInterceptor$AuthenticatingServerCallListener.class */
    private class AuthenticatingServerCallListener<ReqT> extends ForwardingServerCallListener.SimpleForwardingServerCallListener<ReqT> {
        private final Authentication authentication;
        private final Context context;

        public AuthenticatingServerCallListener(ServerCall.Listener<ReqT> listener, Authentication authentication, Context context) {
            super(listener);
            this.authentication = authentication;
            this.context = context;
        }

        public void onMessage(ReqT reqt) {
            Context attach = this.context.attach();
            try {
                SecurityContextHolder.getContext().setAuthentication(this.authentication);
                AuthenticatingServerInterceptor.log.debug("onMessage - Authentication set");
                super.onMessage(reqt);
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
                AuthenticatingServerInterceptor.log.debug("onMessage - Authentication cleared");
            } catch (Throwable th) {
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
                AuthenticatingServerInterceptor.log.debug("onMessage - Authentication cleared");
                throw th;
            }
        }

        public void onHalfClose() {
            Context attach = this.context.attach();
            try {
                try {
                    SecurityContextHolder.getContext().setAuthentication(this.authentication);
                    AuthenticatingServerInterceptor.log.debug("onHalfClose - Authentication set");
                    super.onHalfClose();
                    SecurityContextHolder.clearContext();
                    this.context.detach(attach);
                    AuthenticatingServerInterceptor.log.debug("onHalfClose - Authentication cleared");
                } catch (AccessDeniedException e) {
                    if (!(this.authentication instanceof AnonymousAuthenticationToken)) {
                        throw e;
                    }
                    throw new BadCredentialsException("No credentials found in the request", e);
                }
            } catch (Throwable th) {
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
                AuthenticatingServerInterceptor.log.debug("onHalfClose - Authentication cleared");
                throw th;
            }
        }

        public void onCancel() {
            Context attach = this.context.attach();
            try {
                AuthenticatingServerInterceptor.log.debug("onCancel - Authentication set");
                SecurityContextHolder.getContext().setAuthentication(this.authentication);
                super.onCancel();
                AuthenticatingServerInterceptor.log.debug("onCancel - Authentication cleared");
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
            } catch (Throwable th) {
                AuthenticatingServerInterceptor.log.debug("onCancel - Authentication cleared");
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
                throw th;
            }
        }

        public void onComplete() {
            Context attach = this.context.attach();
            try {
                AuthenticatingServerInterceptor.log.debug("onComplete - Authentication set");
                SecurityContextHolder.getContext().setAuthentication(this.authentication);
                super.onComplete();
                AuthenticatingServerInterceptor.log.debug("onComplete - Authentication cleared");
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
            } catch (Throwable th) {
                AuthenticatingServerInterceptor.log.debug("onComplete - Authentication cleared");
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
                throw th;
            }
        }

        public void onReady() {
            Context attach = this.context.attach();
            try {
                AuthenticatingServerInterceptor.log.debug("onReady - Authentication set");
                SecurityContextHolder.getContext().setAuthentication(this.authentication);
                super.onReady();
                AuthenticatingServerInterceptor.log.debug("onReady - Authentication cleared");
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
            } catch (Throwable th) {
                AuthenticatingServerInterceptor.log.debug("onReady - Authentication cleared");
                SecurityContextHolder.clearContext();
                this.context.detach(attach);
                throw th;
            }
        }
    }

    @Autowired
    public AuthenticatingServerInterceptor(AuthenticationManager authenticationManager, GrpcAuthenticationReader grpcAuthenticationReader) {
        this.authenticationManager = (AuthenticationManager) Objects.requireNonNull(authenticationManager, "authenticationManager");
        this.grpcAuthenticationReader = grpcAuthenticationReader;
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        AbstractAuthenticationToken readAuthentication = this.grpcAuthenticationReader.readAuthentication(serverCall, metadata);
        if (readAuthentication == null) {
            log.debug("No credentials found: Continuing unauthenticated");
            try {
                return serverCallHandler.startCall(serverCall, metadata);
            } catch (AccessDeniedException e) {
                throw new BadCredentialsException("No credentials found in the request", e);
            }
        }
        if (readAuthentication.getDetails() == null && (readAuthentication instanceof AbstractAuthenticationToken)) {
            readAuthentication.setDetails(serverCall.getAttributes());
        }
        log.debug("Credentials found: Authenticating...");
        Authentication authenticate = this.authenticationManager.authenticate(readAuthentication);
        Context withValue = Context.current().withValue(AUTHENTICATION_CONTEXT_KEY, authenticate);
        Context attach = withValue.attach();
        SecurityContextHolder.getContext().setAuthentication(authenticate);
        log.debug("Authentication successful: Continuing as {} ({})", authenticate.getName(), authenticate.getAuthorities());
        try {
            try {
                AuthenticatingServerCallListener authenticatingServerCallListener = new AuthenticatingServerCallListener(serverCallHandler.startCall(serverCall, metadata), authenticate, withValue);
                SecurityContextHolder.clearContext();
                withValue.detach(attach);
                log.debug("startCall - Authentication cleared");
                return authenticatingServerCallListener;
            } catch (AccessDeniedException e2) {
                if (authenticate instanceof AnonymousAuthenticationToken) {
                    throw new BadCredentialsException("No credentials found in the request", e2);
                }
                throw e2;
            }
        } catch (Throwable th) {
            SecurityContextHolder.clearContext();
            withValue.detach(attach);
            log.debug("startCall - Authentication cleared");
            throw th;
        }
    }
}
