package org.apache.nifi.web.security.otp;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/apache/nifi/web/security/otp/OtpAuthenticationFilter.class */
public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(OtpAuthenticationFilter.class);
    private static final Pattern PROVENANCE_DOWNLOAD_PATTERN = Pattern.compile("/provenance-events/([0-9]+)/content/((?:input)|(?:output))");
    private static final Pattern QUEUE_DOWNLOAD_PATTERN = Pattern.compile("/flowfile-queues/([a-f0-9\\-]{36})/flowfiles/([a-f0-9\\-]{36})/content");
    private static final Pattern TEMPLATE_DOWNLOAD_PATTERN = Pattern.compile("/templates/[a-f0-9\\-]{36}/download");
    protected static final String ACCESS_TOKEN = "access_token";

    @Override // org.apache.nifi.web.security.NiFiAuthenticationFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest) {
        String parameter;
        if (!httpServletRequest.isSecure() || (parameter = httpServletRequest.getParameter(ACCESS_TOKEN)) == null) {
            return null;
        }
        if (!httpServletRequest.getContextPath().equals("/nifi-api")) {
            return new OtpAuthenticationRequestToken(parameter, false, httpServletRequest.getRemoteAddr());
        }
        if (isDownloadRequest(httpServletRequest.getPathInfo())) {
            return new OtpAuthenticationRequestToken(parameter, true, httpServletRequest.getRemoteAddr());
        }
        return null;
    }

    private boolean isDownloadRequest(String str) {
        return PROVENANCE_DOWNLOAD_PATTERN.matcher(str).matches() || QUEUE_DOWNLOAD_PATTERN.matcher(str).matches() || TEMPLATE_DOWNLOAD_PATTERN.matcher(str).matches();
    }
}
