package org.apache.pinot.controller.api.access;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import javax.inject.Inject;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.apache.pinot.controller.api.resources.Constants;
import org.glassfish.grizzly.http.server.Request;

@Provider
/* loaded from: input_file:org/apache/pinot/controller/api/access/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    private static final Set<String> UNPROTECTED_PATHS = new HashSet(Arrays.asList("", "help", "auth/info", "auth/verify", "health"));

    @Inject
    javax.inject.Provider<Request> _requestProvider;

    @Inject
    AccessControlFactory _accessControlFactory;

    @Context
    ResourceInfo _resourceInfo;

    @Context
    HttpHeaders _httpHeaders;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Method resourceMethod = this._resourceInfo.getResourceMethod();
        AccessControl create = this._accessControlFactory.create();
        String sb = ((Request) this._requestProvider.get()).getRequestURL().toString();
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (isBaseFile(uriInfo.getPath()) || UNPROTECTED_PATHS.contains(uriInfo.getPath())) {
            return;
        }
        if (!create.protectAnnotatedOnly() || resourceMethod.isAnnotationPresent(Authenticate.class)) {
            Optional<String> extractTableName = extractTableName(uriInfo.getPathParameters(), uriInfo.getQueryParameters());
            AccessType accessType = AccessType.READ;
            if (resourceMethod.isAnnotationPresent(Authenticate.class)) {
                accessType = ((Authenticate) resourceMethod.getAnnotation(Authenticate.class)).value();
            } else if (create.protectAnnotatedOnly()) {
                if (resourceMethod.getAnnotation(POST.class) != null) {
                    accessType = AccessType.CREATE;
                } else if (resourceMethod.getAnnotation(PUT.class) != null) {
                    accessType = AccessType.UPDATE;
                } else if (resourceMethod.getAnnotation(DELETE.class) != null) {
                    accessType = AccessType.DELETE;
                }
            }
            new AccessControlUtils().validatePermission(extractTableName, accessType, this._httpHeaders, sb, create);
        }
    }

    @VisibleForTesting
    Optional<String> extractTableName(MultivaluedMap<String, String> multivaluedMap, MultivaluedMap<String, String> multivaluedMap2) {
        Optional<String> extractTableName = extractTableName(multivaluedMap);
        return extractTableName.isPresent() ? extractTableName : extractTableName(multivaluedMap2);
    }

    private Optional<String> extractTableName(MultivaluedMap<String, String> multivaluedMap) {
        String str = (String) multivaluedMap.getFirst(Constants.TABLE_NAME);
        if (str == null) {
            str = (String) multivaluedMap.getFirst("tableNameWithType");
            if (str == null) {
                str = (String) multivaluedMap.getFirst("schemaName");
            }
        }
        return Optional.ofNullable(str);
    }

    private static boolean isBaseFile(String str) {
        return !str.contains("/") && str.contains(".");
    }
}
