package org.lognet.springboot.grpc.security;

import io.grpc.Context;
import io.grpc.Contexts;
import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.Ordered;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/lognet/springboot/grpc/security/SecurityInterceptor.class */
public class SecurityInterceptor extends AbstractSecurityInterceptor implements ServerInterceptor, Ordered {
    private static final Logger log = LoggerFactory.getLogger(SecurityInterceptor.class);
    private GrpcSecurityMetadataSource securedMethods;
    private AuthenticationSchemeSelector schemeSelector;

    public SecurityInterceptor(GrpcSecurityMetadataSource grpcSecurityMetadataSource, AuthenticationSchemeSelector authenticationSchemeSelector) {
        this.securedMethods = grpcSecurityMetadataSource;
        this.schemeSelector = authenticationSchemeSelector;
    }

    public int getOrder() {
        return Integer.MIN_VALUE;
    }

    public Class<?> getSecureObjectClass() {
        return MethodDescriptor.class;
    }

    /* renamed from: obtainSecurityMetadataSource, reason: merged with bridge method [inline-methods] */
    public GrpcSecurityMetadataSource m7obtainSecurityMetadataSource() {
        return this.securedMethods;
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        byte[] bArr = (byte[]) metadata.get(Metadata.Key.of("Authorization-bin", Metadata.BINARY_BYTE_MARSHALLER));
        Authentication orElseThrow = null == bArr ? null : this.schemeSelector.getAuthScheme(StandardCharsets.UTF_8.decode(ByteBuffer.wrap(bArr))).orElseThrow(() -> {
            return new RuntimeException("Can't get authentication from authorization header");
        });
        try {
            try {
                SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
                createEmptyContext.setAuthentication(orElseThrow);
                SecurityContextHolder.setContext(createEmptyContext);
                beforeInvocation(serverCall.getMethodDescriptor());
                ServerCall.Listener<ReqT> interceptCall = Contexts.interceptCall(Context.current().withValue(GrpcSecurity.AUTHENTICATION_CONTEXT_KEY, SecurityContextHolder.getContext().getAuthentication()), serverCall, metadata, serverCallHandler);
                SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                return interceptCall;
            } catch (Exception e) {
                serverCall.close(Status.UNAUTHENTICATED.withDescription(e.getMessage()), new Metadata());
                ServerCall.Listener<ReqT> listener = new ServerCall.Listener<ReqT>() { // from class: org.lognet.springboot.grpc.security.SecurityInterceptor.1
                };
                SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                return listener;
            }
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication((Authentication) null);
            throw th;
        }
    }
}
