package com.netflix.zuul.netty.server.push;

import com.google.common.base.Strings;
import com.netflix.zuul.message.http.Cookies;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpUtil;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ChannelHandler.Sharable
/* loaded from: input_file:com/netflix/zuul/netty/server/push/PushAuthHandler.class */
public abstract class PushAuthHandler extends SimpleChannelInboundHandler<FullHttpRequest> {
    private final String pushConnectionPath;
    private final String originDomain;
    public static final String NAME = "push_auth_handler";
    private static Logger logger = LoggerFactory.getLogger(PushAuthHandler.class);

    public PushAuthHandler(String str, String str2) {
        this.pushConnectionPath = str;
        this.originDomain = str2;
    }

    public final void sendHttpResponse(HttpRequest httpRequest, ChannelHandlerContext channelHandlerContext, HttpResponseStatus httpResponseStatus) {
        DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, httpResponseStatus);
        defaultFullHttpResponse.headers().add("Content-Length", "0");
        boolean z = (httpResponseStatus == HttpResponseStatus.OK && HttpUtil.isKeepAlive(httpRequest)) ? false : true;
        if (z) {
            defaultFullHttpResponse.headers().add(HttpHeaderNames.CONNECTION, "Close");
        }
        ChannelFuture writeAndFlush = channelHandlerContext.channel().writeAndFlush(defaultFullHttpResponse);
        if (z) {
            writeAndFlush.addListener(ChannelFutureListener.CLOSE);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void channelRead0(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest) throws Exception {
        if (fullHttpRequest.method() != HttpMethod.GET) {
            sendHttpResponse(fullHttpRequest, channelHandlerContext, HttpResponseStatus.METHOD_NOT_ALLOWED);
            return;
        }
        String uri = fullHttpRequest.uri();
        if ("/healthcheck".equals(uri)) {
            sendHttpResponse(fullHttpRequest, channelHandlerContext, HttpResponseStatus.OK);
            return;
        }
        if (!this.pushConnectionPath.equals(uri)) {
            sendHttpResponse(fullHttpRequest, channelHandlerContext, HttpResponseStatus.NOT_FOUND);
            return;
        }
        if (isInvalidOrigin(fullHttpRequest)) {
            sendHttpResponse(fullHttpRequest, channelHandlerContext, HttpResponseStatus.BAD_REQUEST);
            return;
        }
        if (isDelayedAuth(fullHttpRequest, channelHandlerContext)) {
            channelHandlerContext.fireChannelRead(fullHttpRequest.retain());
            return;
        }
        PushUserAuth doAuth = doAuth(fullHttpRequest);
        if (doAuth.isSuccess()) {
            channelHandlerContext.fireChannelRead(fullHttpRequest.retain());
            channelHandlerContext.fireUserEventTriggered(doAuth);
        } else {
            logger.warn("Auth failed: {}", Integer.valueOf(doAuth.statusCode()));
            sendHttpResponse(fullHttpRequest, channelHandlerContext, HttpResponseStatus.valueOf(doAuth.statusCode()));
        }
    }

    protected boolean isInvalidOrigin(FullHttpRequest fullHttpRequest) {
        String str = fullHttpRequest.headers().get(HttpHeaderNames.ORIGIN);
        if (str != null && str.toLowerCase().endsWith(this.originDomain)) {
            return false;
        }
        logger.error("Invalid Origin header {} in WebSocket upgrade request", str);
        return true;
    }

    protected final Cookies parseCookies(FullHttpRequest fullHttpRequest) {
        Cookies cookies = new Cookies();
        String str = fullHttpRequest.headers().get(HttpHeaderNames.COOKIE);
        if (!Strings.isNullOrEmpty(str)) {
            List decodeAll = ServerCookieDecoder.LAX.decodeAll(str);
            Objects.requireNonNull(cookies);
            decodeAll.forEach(cookies::add);
        }
        return cookies;
    }

    protected abstract boolean isDelayedAuth(FullHttpRequest fullHttpRequest, ChannelHandlerContext channelHandlerContext);

    protected abstract PushUserAuth doAuth(FullHttpRequest fullHttpRequest);
}
