package com.hivemq.mqtt.handler.auth;

import com.google.common.annotations.VisibleForTesting;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.extensions.handler.PluginAuthenticatorService;
import com.hivemq.mqtt.handler.connack.MqttConnacker;
import com.hivemq.mqtt.handler.disconnect.MqttServerDisconnector;
import com.hivemq.mqtt.message.auth.AUTH;
import com.hivemq.mqtt.message.mqtt5.Mqtt5UserProperties;
import com.hivemq.mqtt.message.reason.Mqtt5ConnAckReasonCode;
import com.hivemq.mqtt.message.reason.Mqtt5DisconnectReasonCode;
import com.hivemq.util.ChannelAttributes;
import com.hivemq.util.ReasonStrings;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
@ChannelHandler.Sharable
/* loaded from: input_file:com/hivemq/mqtt/handler/auth/AuthHandler.class */
public class AuthHandler extends SimpleChannelInboundHandler<AUTH> {

    @VisibleForTesting
    static final String SUCCESS_AUTH_RECEIVED_FROM_CLIENT = "MQTT AUTH packet from client with IP {} provided SUCCESS reason code. Disconnecting client.";

    @VisibleForTesting
    static final String REAUTHENTICATE_DURING_AUTH = "MQTT AUTH packet from client with IP {} provided REAUTHENTICATE reason code during ongoing auth. Disconnecting client.";

    @VisibleForTesting
    static final String REAUTHENTICATE_DURING_RE_AUTH = "MQTT AUTH packet from client with IP {} provided REAUTHENTICATE reason code during ongoing re-auth. Disconnecting client.";

    @NotNull
    private final MqttConnacker connacker;

    @NotNull
    private final MqttAuthSender authSender;

    @NotNull
    private final MqttServerDisconnector disconnector;

    @NotNull
    private final PluginAuthenticatorService authService;

    @Inject
    public AuthHandler(@NotNull MqttConnacker mqttConnacker, @NotNull MqttAuthSender mqttAuthSender, @NotNull MqttServerDisconnector mqttServerDisconnector, @NotNull PluginAuthenticatorService pluginAuthenticatorService) {
        this.connacker = mqttConnacker;
        this.authSender = mqttAuthSender;
        this.disconnector = mqttServerDisconnector;
        this.authService = pluginAuthenticatorService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void channelRead0(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull AUTH auth) {
        Channel channel = channelHandlerContext.channel();
        Boolean bool = (Boolean) channel.attr(ChannelAttributes.RE_AUTH_ONGOING).get();
        boolean z = bool != null && bool.booleanValue();
        Boolean bool2 = (Boolean) channel.attr(ChannelAttributes.AUTH_ONGOING).get();
        boolean z2 = bool2 != null && bool2.booleanValue();
        this.authSender.logAuth(channel, auth.getReasonCode(), true);
        switch (auth.getReasonCode()) {
            case SUCCESS:
                onReceivedSuccess(channelHandlerContext, auth, z);
                return;
            case CONTINUE_AUTHENTICATION:
                onReceivedContinue(channelHandlerContext, auth, z);
                return;
            case REAUTHENTICATE:
                onReceivedReAuthenticate(channelHandlerContext, auth, z2, z);
                return;
            default:
                return;
        }
    }

    private void onReceivedSuccess(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull AUTH auth, boolean z) {
        String format = String.format(ReasonStrings.DISCONNECT_PROTOCOL_ERROR_REASON_CODE, auth.getType().name());
        if (z) {
            this.disconnector.disconnect(channelHandlerContext.channel(), SUCCESS_AUTH_RECEIVED_FROM_CLIENT, "Success reason code set in AUTH", Mqtt5DisconnectReasonCode.PROTOCOL_ERROR, format, Mqtt5UserProperties.NO_USER_PROPERTIES, true, false);
        } else {
            this.connacker.connackError(channelHandlerContext.channel(), SUCCESS_AUTH_RECEIVED_FROM_CLIENT, "Success reason code set in AUTH", Mqtt5ConnAckReasonCode.PROTOCOL_ERROR, format, Mqtt5UserProperties.NO_USER_PROPERTIES, true);
        }
    }

    private void onReceivedContinue(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull AUTH auth, boolean z) {
        this.authService.authenticateAuth(channelHandlerContext, auth, z);
    }

    private void onReceivedReAuthenticate(@NotNull ChannelHandlerContext channelHandlerContext, @NotNull AUTH auth, boolean z, boolean z2) {
        if (!z2 && !z) {
            channelHandlerContext.channel().attr(ChannelAttributes.RE_AUTH_ONGOING).set(true);
            this.authService.authenticateReAuth(channelHandlerContext, auth);
            return;
        }
        String format = String.format(ReasonStrings.DISCONNECT_PROTOCOL_ERROR_REASON_CODE, auth.getType().name());
        if (z2) {
            this.disconnector.disconnect(channelHandlerContext.channel(), REAUTHENTICATE_DURING_RE_AUTH, "REAUTHENTICATE reason code set in AUTH during ongoing re-auth", Mqtt5DisconnectReasonCode.PROTOCOL_ERROR, format, Mqtt5UserProperties.NO_USER_PROPERTIES, true, false);
        } else {
            this.connacker.connackError(channelHandlerContext.channel(), REAUTHENTICATE_DURING_AUTH, "REAUTHENTICATE reason code set in AUTH during ongoing auth", Mqtt5ConnAckReasonCode.PROTOCOL_ERROR, format, Mqtt5UserProperties.NO_USER_PROPERTIES, true);
        }
    }
}
