package net.devh.boot.grpc.server.security.interceptors;

import io.grpc.Metadata;
import io.grpc.MethodDescriptor;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import java.util.Objects;
import net.devh.boot.grpc.common.util.InterceptorOrder;
import net.devh.boot.grpc.server.interceptor.GrpcGlobalServerInterceptor;
import net.devh.boot.grpc.server.security.check.GrpcSecurityMetadataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.core.AuthenticationException;

@GrpcGlobalServerInterceptor
@Order(InterceptorOrder.ORDER_SECURITY_AUTHORISATION)
/* loaded from: classes4.dex */
public class AuthorizationCheckingServerInterceptor extends AbstractSecurityInterceptor implements ServerInterceptor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthorizationCheckingServerInterceptor.class);
    private final GrpcSecurityMetadataSource securityMetadataSource;

    public AuthorizationCheckingServerInterceptor(AccessDecisionManager accessDecisionManager, GrpcSecurityMetadataSource grpcSecurityMetadataSource) {
        setAccessDecisionManager((AccessDecisionManager) Objects.requireNonNull(accessDecisionManager, "accessDecisionManager"));
        this.securityMetadataSource = (GrpcSecurityMetadataSource) Objects.requireNonNull(grpcSecurityMetadataSource, "securityMetadataSource");
    }

    public Class<?> getSecureObjectClass() {
        return MethodDescriptor.class;
    }

    @Override // io.grpc.ServerInterceptor
    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        try {
            InterceptorStatusToken beforeInvocation = beforeInvocation(serverCall.getMethodDescriptor());
            log.debug("Access granted");
            try {
                ServerCall.Listener<ReqT> startCall = serverCallHandler.startCall(serverCall, metadata);
                finallyInvocation(beforeInvocation);
                return (ServerCall.Listener) afterInvocation(beforeInvocation, startCall);
            } catch (Throwable th) {
                finallyInvocation(beforeInvocation);
                throw th;
            }
        } catch (AccessDeniedException | AuthenticationException e) {
            log.debug(ExceptionTranslatingServerInterceptor.ACCESS_DENIED_DESCRIPTION);
            throw e;
        }
    }

    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return this.securityMetadataSource;
    }
}
