package com.orientechnologies.orient.server.network.protocol.http.command;

import com.orientechnologies.common.concur.lock.OLockException;
import com.orientechnologies.common.log.OLogManager;
import com.orientechnologies.orient.core.config.OGlobalConfiguration;
import com.orientechnologies.orient.core.db.ODatabaseDocumentInternal;
import com.orientechnologies.orient.core.db.ODatabaseRecordThreadLocal;
import com.orientechnologies.orient.core.db.document.ODatabaseDocument;
import com.orientechnologies.orient.core.exception.ODatabaseException;
import com.orientechnologies.orient.core.exception.OSecurityAccessException;
import com.orientechnologies.orient.core.id.ORID;
import com.orientechnologies.orient.core.id.ORecordId;
import com.orientechnologies.orient.core.metadata.security.OUser;
import com.orientechnologies.orient.core.record.impl.ODocument;
import com.orientechnologies.orient.core.serialization.serializer.OStringSerializerHelper;
import com.orientechnologies.orient.server.OTokenHandler;
import com.orientechnologies.orient.server.network.protocol.http.OHttpRequest;
import com.orientechnologies.orient.server.network.protocol.http.OHttpRequestException;
import com.orientechnologies.orient.server.network.protocol.http.OHttpResponse;
import com.orientechnologies.orient.server.network.protocol.http.OHttpSession;
import com.orientechnologies.orient.server.network.protocol.http.OHttpSessionManager;
import com.orientechnologies.orient.server.network.protocol.http.OHttpUtils;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.List;

/* loaded from: input_file:com/orientechnologies/orient/server/network/protocol/http/command/OServerCommandAuthenticatedDbAbstract.class */
public abstract class OServerCommandAuthenticatedDbAbstract extends OServerCommandAbstract {
    public static final char DBNAME_DIR_SEPARATOR = '$';
    public static final String SESSIONID_UNAUTHORIZED = "-";
    public static final String SESSIONID_LOGOUT = "!";
    private volatile OTokenHandler tokenHandler;

    @Override // com.orientechnologies.orient.server.network.protocol.http.command.OServerCommandAbstract, com.orientechnologies.orient.server.network.protocol.http.command.OServerCommand
    public boolean beforeExecute(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse) throws IOException {
        OHttpSession oHttpSession;
        super.beforeExecute(oHttpRequest, oHttpResponse);
        init();
        String[] split = oHttpRequest.url.substring(1).split(OHttpUtils.URL_SEPARATOR);
        if (split.length < 2) {
            throw new OHttpRequestException("Syntax error in URL. Expected is: <command>/<database>[/...]");
        }
        oHttpRequest.databaseName = URLDecoder.decode(split[1], "UTF-8");
        if (oHttpRequest.bearerTokenRaw != null) {
            try {
                oHttpRequest.bearerToken = this.tokenHandler.parseWebToken(oHttpRequest.bearerTokenRaw.getBytes());
            } catch (Exception e) {
                OLogManager.instance().warn(this, "Bearer token parsing failed", e, new Object[0]);
            }
            if (oHttpRequest.bearerToken == null || !oHttpRequest.bearerToken.getIsVerified()) {
                sendAuthorizationRequest(oHttpRequest, oHttpResponse, oHttpRequest.databaseName);
                return false;
            }
            this.tokenHandler.validateToken(oHttpRequest.bearerToken, split[0], split[1]);
            if (oHttpRequest.bearerToken.getIsValid()) {
                return oHttpRequest.bearerToken.getIsValid();
            }
            OLogManager.instance().warn(this, "Token '%s' is not valid for database '%s'", new Object[]{oHttpRequest.bearerTokenRaw, oHttpRequest.databaseName});
            sendAuthorizationRequest(oHttpRequest, oHttpResponse, oHttpRequest.databaseName);
            return false;
        }
        List<String> split2 = oHttpRequest.authorization != null ? OStringSerializerHelper.split(oHttpRequest.authorization, ':', new char[0]) : null;
        if (oHttpRequest.sessionId == null || oHttpRequest.sessionId.length() <= 1) {
            oHttpSession = null;
        } else {
            oHttpSession = OHttpSessionManager.getInstance().getSession(oHttpRequest.sessionId);
            if (oHttpSession != null && split2 != null && !oHttpSession.getUserName().equals(split2.get(0))) {
                oHttpSession = null;
            }
        }
        if (oHttpSession == null) {
            if (oHttpRequest.authorization != null && !SESSIONID_LOGOUT.equals(oHttpRequest.sessionId)) {
                return authenticate(oHttpRequest, oHttpResponse, split2, oHttpRequest.databaseName);
            }
            oHttpResponse.setSessionId(SESSIONID_UNAUTHORIZED);
            sendAuthorizationRequest(oHttpRequest, oHttpResponse, oHttpRequest.databaseName);
            return false;
        }
        if (!oHttpSession.getDatabaseName().equals(oHttpRequest.databaseName)) {
            OLogManager.instance().warn(this, "Session %s is trying to access to the database '%s', but has been authenticated against the database '%s'", new Object[]{oHttpRequest.sessionId, oHttpRequest.databaseName, oHttpSession.getDatabaseName()});
            OHttpSessionManager.getInstance().removeSession(oHttpRequest.sessionId);
            sendAuthorizationRequest(oHttpRequest, oHttpResponse, oHttpRequest.databaseName);
            return false;
        }
        if (split2 == null || oHttpSession.getUserName().equals(split2.get(0))) {
            return true;
        }
        OLogManager.instance().warn(this, "Session %s is trying to access to the database '%s' with user '%s', but has been authenticated with user '%s'", new Object[]{oHttpRequest.sessionId, oHttpRequest.databaseName, split2.get(0), oHttpSession.getUserName()});
        OHttpSessionManager.getInstance().removeSession(oHttpRequest.sessionId);
        sendAuthorizationRequest(oHttpRequest, oHttpResponse, oHttpRequest.databaseName);
        return false;
    }

    @Override // com.orientechnologies.orient.server.network.protocol.http.command.OServerCommandAbstract, com.orientechnologies.orient.server.network.protocol.http.command.OServerCommand
    public boolean afterExecute(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse) throws IOException {
        ODatabaseRecordThreadLocal.INSTANCE.remove();
        return true;
    }

    protected boolean authenticate(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse, List<String> list, String str) throws IOException {
        ODatabaseDocument oDatabaseDocument = null;
        try {
            try {
                oDatabaseDocument = this.server.openDatabase(str, list.get(0), list.get(1));
                oHttpRequest.data.currentUserId = oDatabaseDocument.getUser() == null ? "<server user>" : oDatabaseDocument.getUser().getIdentity().toString();
                oHttpRequest.sessionId = OHttpSessionManager.getInstance().createSession(str, list.get(0), list.get(1));
                oHttpResponse.sessionId = oHttpRequest.sessionId;
                if (oDatabaseDocument == null) {
                    sendAuthorizationRequest(oHttpRequest, oHttpResponse, str);
                } else {
                    oDatabaseDocument.close();
                }
                return true;
            } catch (OLockException e) {
                OLogManager.instance().error(this, "Cannot access to the database '" + str + "'", new Object[]{ODatabaseException.class, e});
                if (oDatabaseDocument == null) {
                    sendAuthorizationRequest(oHttpRequest, oHttpResponse, str);
                    return false;
                }
                oDatabaseDocument.close();
                return false;
            } catch (OSecurityAccessException e2) {
                if (oDatabaseDocument == null) {
                    sendAuthorizationRequest(oHttpRequest, oHttpResponse, str);
                    return false;
                }
                oDatabaseDocument.close();
                return false;
            }
        } catch (Throwable th) {
            if (oDatabaseDocument == null) {
                sendAuthorizationRequest(oHttpRequest, oHttpResponse, str);
            } else {
                oDatabaseDocument.close();
            }
            throw th;
        }
    }

    protected void sendAuthorizationRequest(OHttpRequest oHttpRequest, OHttpResponse oHttpResponse, String str) throws IOException {
        oHttpRequest.sessionId = SESSIONID_UNAUTHORIZED;
        String authenticationHeader = this.server.getSecurity().getAuthenticationHeader(str);
        if (isJsonResponse(oHttpResponse)) {
            sendJsonError(oHttpResponse, OHttpUtils.STATUS_AUTH_CODE, OHttpUtils.STATUS_AUTH_DESCRIPTION, OHttpUtils.CONTENT_TEXT_PLAIN, "401 Unauthorized.", authenticationHeader);
        } else {
            oHttpResponse.send(OHttpUtils.STATUS_AUTH_CODE, OHttpUtils.STATUS_AUTH_DESCRIPTION, OHttpUtils.CONTENT_TEXT_PLAIN, "401 Unauthorized.", authenticationHeader);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ODatabaseDocumentInternal getProfiledDatabaseInstance(OHttpRequest oHttpRequest) throws InterruptedException {
        return oHttpRequest.bearerToken != null ? getProfiledDatabaseInstanceToken(oHttpRequest) : getProfiledDatabaseInstanceBasic(oHttpRequest);
    }

    protected ODatabaseDocumentInternal getProfiledDatabaseInstanceToken(OHttpRequest oHttpRequest) throws InterruptedException {
        ODatabaseDocumentInternal ifDefined = ODatabaseRecordThreadLocal.INSTANCE.getIfDefined();
        if (ifDefined == null) {
            ifDefined = this.server.openDatabase(oHttpRequest.databaseName, oHttpRequest.bearerToken);
        } else {
            ORID userId = oHttpRequest.bearerToken.getUserId();
            if (userId != null && ifDefined != null && ifDefined.getUser() != null && !userId.equals(ifDefined.getUser().getDocument().getIdentity())) {
                ifDefined.setUser(new OUser((ODocument) ifDefined.load(userId)));
            }
        }
        oHttpRequest.data.lastDatabase = ifDefined.getName();
        oHttpRequest.data.lastUser = ifDefined.getUser() != null ? ifDefined.getUser().getName() : null;
        return ifDefined.getDatabaseOwner();
    }

    protected ODatabaseDocumentInternal getProfiledDatabaseInstanceBasic(OHttpRequest oHttpRequest) throws InterruptedException {
        OHttpSession session = OHttpSessionManager.getInstance().getSession(oHttpRequest.sessionId);
        if (session == null) {
            throw new OSecurityAccessException(oHttpRequest.databaseName, "No session active");
        }
        ODatabaseDocumentInternal ifDefined = ODatabaseRecordThreadLocal.INSTANCE.getIfDefined();
        if (ifDefined == null) {
            ifDefined = this.server.openDatabase(oHttpRequest.databaseName, session.getUserName(), session.getUserPassword());
        } else {
            String str = oHttpRequest.data.currentUserId;
            if (str != null && str.length() > 0 && ifDefined != null && ifDefined.getUser() != null && !str.equals(ifDefined.getUser().getIdentity().toString())) {
                ifDefined.setUser(new OUser((ODocument) ifDefined.load(new ORecordId(str))));
            }
        }
        oHttpRequest.data.lastDatabase = ifDefined.getName();
        oHttpRequest.data.lastUser = ifDefined.getUser() != null ? ifDefined.getUser().getName() : null;
        return ifDefined.getDatabaseOwner();
    }

    private void init() {
        if (this.tokenHandler == null && this.server.getContextConfiguration().getValueAsBoolean(OGlobalConfiguration.NETWORK_HTTP_USE_TOKEN)) {
            this.tokenHandler = this.server.getTokenHandler();
        }
    }
}
