package com.taobao.arthas.core.shell.term.impl.http;

import com.alibaba.arthas.deps.org.slf4j.Logger;
import com.alibaba.arthas.deps.org.slf4j.LoggerFactory;
import com.taobao.arthas.common.ArthasConstants;
import com.taobao.arthas.core.env.SystemPropertyUtils;
import com.taobao.arthas.core.security.AuthUtils;
import com.taobao.arthas.core.security.BasicPrincipal;
import com.taobao.arthas.core.security.SecurityAuthenticator;
import com.taobao.arthas.core.server.ArthasBootstrap;
import com.taobao.arthas.core.shell.term.impl.http.session.HttpSession;
import com.taobao.arthas.core.shell.term.impl.http.session.HttpSessionManager;
import com.taobao.arthas.core.util.StringUtils;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPromise;
import io.netty.handler.codec.base64.Base64;
import io.netty.handler.codec.http.DefaultHttpResponse;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.QueryStringDecoder;
import java.nio.charset.Charset;
import java.security.Principal;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import shaded.com.taobao.middleware.cli.UsageMessageFormatter;
import shaded.org.fife.ui.rsyntaxtextarea.SyntaxConstants;

/* loaded from: input_file:com/taobao/arthas/core/shell/term/impl/http/BasicHttpAuthenticatorHandler.class */
public final class BasicHttpAuthenticatorHandler extends ChannelDuplexHandler {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) BasicHttpAuthenticatorHandler.class);
    private HttpSessionManager httpSessionManager;
    private SecurityAuthenticator securityAuthenticator = ArthasBootstrap.getInstance().getSecurityAuthenticator();

    public BasicHttpAuthenticatorHandler(HttpSessionManager httpSessionManager) {
        this.httpSessionManager = httpSessionManager;
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
        if (!this.securityAuthenticator.needLogin()) {
            channelHandlerContext.fireChannelRead(obj);
            return;
        }
        boolean z = false;
        if (obj instanceof HttpRequest) {
            HttpRequest httpRequest = (HttpRequest) obj;
            HttpSession orCreateHttpSession = this.httpSessionManager.getOrCreateHttpSession(channelHandlerContext, httpRequest);
            if (orCreateHttpSession != null && orCreateHttpSession.getAttribute(ArthasConstants.SUBJECT_KEY) != null) {
                z = true;
            }
            Principal principal = null;
            if (!z) {
                principal = extractBasicAuthSubject(httpRequest);
                if (principal == null) {
                    principal = extractBasicAuthSubjectFromUrl(httpRequest);
                }
            }
            if (!z && principal == null) {
                principal = AuthUtils.localPrincipal(channelHandlerContext);
            }
            Subject login = this.securityAuthenticator.login(principal);
            if (login != null) {
                z = true;
                if (orCreateHttpSession != null) {
                    orCreateHttpSession.setAttribute(ArthasConstants.SUBJECT_KEY, login);
                }
            }
            if (!z) {
                DefaultHttpResponse defaultHttpResponse = new DefaultHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED);
                defaultHttpResponse.headers().set(HttpHeaderNames.WWW_AUTHENTICATE, "Basic realm=\"arthas webconsole\"");
                defaultHttpResponse.headers().set(HttpHeaderNames.CONTENT_TYPE, SyntaxConstants.SYNTAX_STYLE_NONE);
                defaultHttpResponse.headers().set(HttpHeaderNames.CONTENT_LENGTH, 0);
                channelHandlerContext.writeAndFlush(defaultHttpResponse);
                channelHandlerContext.channel().close();
                return;
            }
        }
        channelHandlerContext.fireChannelRead(obj);
    }

    public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
        if (obj instanceof HttpResponse) {
            HttpResponse httpResponse = (HttpResponse) obj;
            HttpSession httpSession = (HttpSession) channelHandlerContext.channel().attr(HttpSessionManager.SESSION_KEY).get();
            if (httpSession != null) {
                HttpSessionManager.setSessionCookie(httpResponse, httpSession);
            }
        }
        super.write(channelHandlerContext, obj, channelPromise);
    }

    protected static BasicPrincipal extractBasicAuthSubjectFromUrl(HttpRequest httpRequest) {
        Map parameters = new QueryStringDecoder(httpRequest.uri()).parameters();
        List list = (List) parameters.get(ArthasConstants.PASSWORD_KEY);
        if (list == null || list.size() == 0) {
            return null;
        }
        String str = (String) list.get(0);
        String str2 = ArthasConstants.DEFAULT_USERNAME;
        List list2 = (List) parameters.get(ArthasConstants.USERNAME_KEY);
        if (list2 != null && !list2.isEmpty()) {
            str2 = (String) list2.get(0);
        }
        BasicPrincipal basicPrincipal = new BasicPrincipal(str2, str);
        logger.debug("Extracted Basic Auth principal from url: {}", basicPrincipal);
        return basicPrincipal;
    }

    protected static BasicPrincipal extractBasicAuthSubject(HttpRequest httpRequest) {
        String before;
        String str = httpRequest.headers().get(HttpHeaderNames.AUTHORIZATION);
        if (str == null || (before = StringUtils.before(str, UsageMessageFormatter.DEFAULT_LONG_OPT_SEPARATOR)) == null || !"Basic".equalsIgnoreCase(before.trim())) {
            return null;
        }
        String after = StringUtils.after(str, UsageMessageFormatter.DEFAULT_LONG_OPT_SEPARATOR);
        if (after == null) {
            logger.error("Extracted Basic Auth principal failed, bad auth String: {}", str);
            return null;
        }
        String byteBuf = Base64.decode(Unpooled.wrappedBuffer(after.getBytes())).toString(Charset.defaultCharset());
        BasicPrincipal basicPrincipal = new BasicPrincipal(StringUtils.before(byteBuf, SystemPropertyUtils.VALUE_SEPARATOR), StringUtils.after(byteBuf, SystemPropertyUtils.VALUE_SEPARATOR));
        logger.debug("Extracted Basic Auth principal from HTTP header: {}", basicPrincipal);
        return basicPrincipal;
    }
}
