package org.apache.submarine.server.security.common;

import java.lang.annotation.Annotation;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HEAD;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.PATCH;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import org.apache.commons.lang3.StringUtils;
import org.apache.submarine.server.rest.workbench.annotation.NoneAuth;
import org.reflections.Reflections;
import org.reflections.scanners.Scanner;
import org.reflections.scanners.Scanners;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/submarine/server/security/common/CommonFilter.class */
public class CommonFilter {
    private static final Logger LOG = LoggerFactory.getLogger(CommonFilter.class);
    protected final Set<Class<? extends Annotation>> SUPPORT_HTTP_METHODS = new HashSet<Class<? extends Annotation>>() { // from class: org.apache.submarine.server.security.common.CommonFilter.1
        {
            add(GET.class);
            add(PUT.class);
            add(POST.class);
            add(DELETE.class);
            add(PATCH.class);
            add(OPTIONS.class);
            add(HEAD.class);
        }
    };
    protected final Set<String> REST_API_PATHS = new HashSet(16);
    protected final Set<String> REST_REGREX_API_PATHS = new HashSet(16);

    public void init(FilterConfig filterConfig) throws ServletException {
        for (Class cls : new Reflections("org.apache.submarine.server.rest", new Scanner[0]).get(Scanners.SubTypes.of(Scanners.TypesAnnotated.with(new AnnotatedElement[]{Path.class})).asClass(new ClassLoader[0]))) {
            String value = cls.getAnnotation(Path.class).value();
            if (value.startsWith("/")) {
                value = value.substring(1);
            }
            if (value.endsWith("/")) {
                value = value.substring(0, value.length() - 1);
            }
            for (Method method : cls.getDeclaredMethods()) {
                addSupportedApiPath(value, method);
            }
        }
        LOG.info("Get security filter rest api path = {} and regrex api path = {}", this.REST_API_PATHS, this.REST_REGREX_API_PATHS);
    }

    private void addSupportedApiPath(String str, Method method) {
        if (Arrays.stream(method.getAnnotations()).anyMatch(annotation -> {
            return this.SUPPORT_HTTP_METHODS.contains(annotation.annotationType());
        }) && method.getAnnotation(NoneAuth.class) == null) {
            Path annotation2 = method.getAnnotation(Path.class);
            String value = annotation2 == null ? "" : annotation2.value();
            if ("".equals(value) || "/".equals(value)) {
                this.REST_API_PATHS.add(String.format("/api/%s", str));
                return;
            }
            if (value.startsWith("/")) {
                value = value.substring(1);
            }
            if (value.endsWith("/")) {
                value = value.substring(0, value.length() - 1);
            }
            String format = String.format("/api/%s/%s", str, value);
            if (format.matches("(.*)\\{\\w+\\}(.*)")) {
                this.REST_REGREX_API_PATHS.add(format.replaceAll("\\{\\w+\\}", "((?!\\/).)*"));
            } else {
                this.REST_API_PATHS.add(format);
            }
        }
    }

    private boolean isSupportedRest(String str) {
        if (this.REST_API_PATHS.contains(str)) {
            return true;
        }
        Iterator<String> it = this.REST_REGREX_API_PATHS.iterator();
        while (it.hasNext()) {
            if (Pattern.matches(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isProtectedApi(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(CommonConfig.AGENT_HEADER);
        if (StringUtils.isNoneBlank(new CharSequence[]{header}) && header.matches(CommonConfig.PYTHON_USER_AGENT_REGREX)) {
            return false;
        }
        return isSupportedRest(httpServletRequest.getRequestURI());
    }
}
