package com.huawei.es.security.author.server;

import com.huawei.es.security.auth.common.HttpHelper;
import com.huawei.es.security.auth.server.KerberosHttpServerTransport;
import com.huawei.es.security.author.bean.AuthorizationException;
import com.huawei.es.security.author.handler.HandlerManager;
import com.huawei.es.security.author.handler.IndexChecker;
import com.huawei.es.security.author.parsers.BasicAuthoritySubHandler;
import com.huawei.es.security.author.tool.Alias2IndexTurner;
import com.huawei.es.security.author.tool.AuthorityConstants;
import com.huawei.es.security.cluster.ClusterStateManager;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.io.IOException;
import org.apache.logging.log4j.Logger;
import org.apache.solr.common.cloud.SolrZkClient;
import org.elasticsearch.common.breaker.CircuitBreakingException;
import org.elasticsearch.common.logging.Loggers;

/* loaded from: input_file:com/huawei/es/security/author/server/AuthorityLeaderHandler.class */
public class AuthorityLeaderHandler {
    private static final Logger LOGGER = Loggers.getLogger(AuthorityLeaderHandler.class, new String[]{"AuthorityLeaderHandler"});
    private KerberosHttpServerTransport transport;
    private HandlerManager handlerManager;
    private SolrZkClient solrZkClient;
    private IndexChecker indexChecker;
    protected String superUser;
    private ClusterStateManager clusterStateManager;

    public AuthorityLeaderHandler(KerberosHttpServerTransport kerberosHttpServerTransport, SolrZkClient solrZkClient, ClusterStateManager clusterStateManager) {
        this.transport = kerberosHttpServerTransport;
        this.solrZkClient = solrZkClient;
        this.clusterStateManager = clusterStateManager;
        this.handlerManager = new HandlerManager(clusterStateManager);
        init();
    }

    public SolrZkClient getZkClient() {
        return this.solrZkClient;
    }

    public void setZkClient(SolrZkClient solrZkClient) {
        this.solrZkClient = solrZkClient;
    }

    public boolean doAuthorize(FullHttpRequest fullHttpRequest, FullHttpResponse fullHttpResponse) {
        BasicAuthoritySubHandler handler = this.handlerManager.getHandler(fullHttpRequest);
        Exception exc = null;
        if (handler == null) {
            LOGGER.error("Failed to get one handler.");
            HttpHelper.reBuildResponse(fullHttpResponse, HttpResponseStatus.FORBIDDEN, "Failed to get one handler.");
            return false;
        }
        try {
            handler.doAuthorise(fullHttpRequest, fullHttpResponse);
        } catch (AuthorizationException | IOException | CircuitBreakingException e) {
            exc = e;
        }
        if (exc == null) {
            return true;
        }
        LOGGER.warn("Failed to do authorize for user [" + fullHttpResponse.headers().get(AuthorityConstants.CUSTOMISED_HTTP_RESPONSE_HEAD_NAME_FOR_USERNAME) + "] because : " + exc.getMessage());
        if ((exc instanceof IOException) || (exc instanceof CircuitBreakingException)) {
            HttpHelper.reBuildResponse(fullHttpResponse, HttpResponseStatus.BAD_REQUEST, exc.getMessage());
            return false;
        }
        HttpHelper.reBuildResponse(fullHttpResponse, HttpResponseStatus.FORBIDDEN, exc.getMessage());
        return false;
    }

    private void init() {
        this.superUser = AuthorityConstants.SUPER_USER;
        this.handlerManager.init();
        Alias2IndexTurner.init();
        if (Alias2IndexTurner.getRpcClient().settings().getAsBoolean("elasticsearch_indexcheck_enable", true).booleanValue()) {
            LOGGER.info("ElasticsearchIndexcheckEnable is true, will check index.");
            this.indexChecker = new IndexChecker(this.solrZkClient, Alias2IndexTurner.getRpcClient(), this.clusterStateManager);
            this.indexChecker.start();
        } else {
            LOGGER.info("ElasticsearchIndexcheckEnable is false, will not check index.");
        }
        LOGGER.info("Init authorization handler success.");
    }
}
