package org.apache.solr.security;

import com.google.common.annotations.VisibleForTesting;
import java.lang.invoke.MethodHandles;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.cloud.ClusterState;
import org.apache.solr.core.NodeConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/security/AllowListUrlChecker.class */
public class AllowListUrlChecker {
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    public static final String URL_ALLOW_LIST = "allowUrls";
    public static final String DISABLE_URL_ALLOW_LIST = "solr.disable.allowUrls";
    public static final String SET_SOLR_DISABLE_URL_ALLOW_LIST_CLUE = "Set -Dsolr.disable.allowUrls=true to disable URL allow-list checks.";
    public static final AllowListUrlChecker ALLOW_ALL;
    private static final Pattern PROTOCOL_PATTERN;
    private final Set<String> hostAllowList;

    public AllowListUrlChecker(List<String> list) throws MalformedURLException {
        this.hostAllowList = parseHostPorts(list);
    }

    public static AllowListUrlChecker create(NodeConfig nodeConfig) {
        if (Boolean.getBoolean(DISABLE_URL_ALLOW_LIST)) {
            return ALLOW_ALL;
        }
        if (System.getProperty("solr.disable.shardsWhitelist") != null) {
            log.warn("Property 'solr.disable.shardsWhitelist' is deprecated, please use '{}' instead.", DISABLE_URL_ALLOW_LIST);
        }
        try {
            return new AllowListUrlChecker(nodeConfig.getAllowUrls());
        } catch (MalformedURLException e) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Invalid URL syntax in 'allowUrls' configuration: " + nodeConfig.getAllowUrls(), e);
        }
    }

    public void checkAllowList(List<String> list) throws MalformedURLException {
        checkAllowList(list, null);
    }

    public void checkAllowList(List<String> list, ClusterState clusterState) throws MalformedURLException {
        Set emptySet = clusterState == null ? Collections.emptySet() : clusterState.getHostAllowList();
        for (String str : list) {
            String parseHostPort = parseHostPort(str);
            if (!emptySet.contains(parseHostPort) && !this.hostAllowList.contains(parseHostPort)) {
                throw new SolrException(SolrException.ErrorCode.FORBIDDEN, "URL " + str + " is neither a live node of the cluster nor in the configured 'allowUrls' " + this.hostAllowList);
            }
        }
    }

    public boolean hasExplicitAllowList() {
        return !this.hostAllowList.isEmpty();
    }

    public boolean isEnabled() {
        return true;
    }

    @VisibleForTesting
    public Set<String> getHostAllowList() {
        if (this.hostAllowList == null) {
            return null;
        }
        return Collections.unmodifiableSet(this.hostAllowList);
    }

    public String toString() {
        return getClass().getSimpleName() + " [allowList=" + this.hostAllowList + "]";
    }

    @VisibleForTesting
    static Set<String> parseHostPorts(List<String> list) throws MalformedURLException {
        if (list == null || list.isEmpty()) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(parseHostPort(it.next()));
        }
        return hashSet;
    }

    private static String parseHostPort(String str) throws MalformedURLException {
        URL url;
        String trim = str.trim();
        Matcher matcher = PROTOCOL_PATTERN.matcher(trim);
        if (matcher.matches()) {
            if (!matcher.group(1).startsWith("http")) {
                trim = "http" + matcher.group(2);
            }
            url = new URL(trim);
        } else {
            url = new URL("http://" + trim);
        }
        if (url.getHost() == null || url.getPort() < 0) {
            throw new MalformedURLException("Invalid host or port in '" + trim + "'");
        }
        return url.getHost() + ":" + url.getPort();
    }

    static {
        try {
            ALLOW_ALL = new AllowListUrlChecker(Collections.emptyList()) { // from class: org.apache.solr.security.AllowListUrlChecker.1
                @Override // org.apache.solr.security.AllowListUrlChecker
                public void checkAllowList(List<String> list, ClusterState clusterState) {
                }

                @Override // org.apache.solr.security.AllowListUrlChecker
                public boolean isEnabled() {
                    return false;
                }

                @Override // org.apache.solr.security.AllowListUrlChecker
                public String toString() {
                    return getClass().getSimpleName() + " [allow all]";
                }
            };
            PROTOCOL_PATTERN = Pattern.compile("(\\w+)(://.*)");
        } catch (MalformedURLException e) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
        }
    }
}
