package org.apache.pinot.controller.api.access;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.inject.Inject;
import javax.ws.rs.DELETE;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.apache.pinot.common.auth.AuthProviderUtils;
import org.apache.pinot.common.utils.DatabaseUtils;
import org.apache.pinot.core.auth.FineGrainedAuthUtils;
import org.apache.pinot.core.auth.ManualAuthorization;
import org.glassfish.grizzly.http.server.Request;

@Provider
/* loaded from: input_file:org/apache/pinot/controller/api/access/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    private static final Set<String> UNPROTECTED_PATHS = new HashSet(Arrays.asList("", "help", "auth/info", "auth/verify", "health"));
    private static final String KEY_TABLE_NAME = "tableName";
    private static final String KEY_TABLE_NAME_WITH_TYPE = "tableNameWithType";
    private static final String KEY_SCHEMA_NAME = "schemaName";

    @Inject
    javax.inject.Provider<Request> _requestProvider;

    @Inject
    AccessControlFactory _accessControlFactory;

    @Context
    ResourceInfo _resourceInfo;

    @Context
    HttpHeaders _httpHeaders;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Request request = (Request) this._requestProvider.get();
        Method resourceMethod = this._resourceInfo.getResourceMethod();
        AccessControl create = this._accessControlFactory.create();
        String substring = request.getRequestURI().substring(request.getContextPath().length());
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (isBaseFile(AuthProviderUtils.stripMatrixParams(uriInfo.getPath())) || UNPROTECTED_PATHS.contains(AuthProviderUtils.stripMatrixParams(uriInfo.getPath()))) {
            return;
        }
        if ((!create.protectAnnotatedOnly() || resourceMethod.isAnnotationPresent(Authenticate.class)) && !resourceMethod.isAnnotationPresent(ManualAuthorization.class)) {
            String extractTableName = extractTableName(uriInfo.getPathParameters(), uriInfo.getQueryParameters());
            if (extractTableName != null) {
                extractTableName = DatabaseUtils.translateTableName(extractTableName, this._httpHeaders);
            }
            AccessControlUtils.validatePermission(extractTableName, extractAccessType(resourceMethod), this._httpHeaders, substring, create);
            FineGrainedAuthUtils.validateFineGrainedAuth(resourceMethod, uriInfo, this._httpHeaders, create);
        }
    }

    @VisibleForTesting
    AccessType extractAccessType(Method method) {
        return method.isAnnotationPresent(Authenticate.class) ? ((Authenticate) method.getAnnotation(Authenticate.class)).value() : method.getAnnotation(POST.class) != null ? AccessType.CREATE : method.getAnnotation(PUT.class) != null ? AccessType.UPDATE : method.getAnnotation(DELETE.class) != null ? AccessType.DELETE : AccessType.READ;
    }

    @VisibleForTesting
    static String extractTableName(MultivaluedMap<String, String> multivaluedMap, MultivaluedMap<String, String> multivaluedMap2) {
        String extractTableName = extractTableName(multivaluedMap);
        return extractTableName != null ? extractTableName : extractTableName(multivaluedMap2);
    }

    private static String extractTableName(MultivaluedMap<String, String> multivaluedMap) {
        if (multivaluedMap.containsKey("tableName")) {
            return (String) multivaluedMap.getFirst("tableName");
        }
        if (multivaluedMap.containsKey(KEY_TABLE_NAME_WITH_TYPE)) {
            return (String) multivaluedMap.getFirst(KEY_TABLE_NAME_WITH_TYPE);
        }
        if (multivaluedMap.containsKey(KEY_SCHEMA_NAME)) {
            return (String) multivaluedMap.getFirst(KEY_SCHEMA_NAME);
        }
        return null;
    }

    private static boolean isBaseFile(String str) {
        return !str.contains("/") && str.contains(".");
    }
}
