package org.apache.pinot.broker.broker;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.apache.pinot.broker.api.AccessControl;
import org.apache.pinot.broker.api.HttpRequesterIdentity;
import org.apache.pinot.core.auth.ManualAuthorization;
import org.glassfish.grizzly.http.server.Request;

@Provider
/* loaded from: input_file:org/apache/pinot/broker/broker/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    private static final Set<String> UNPROTECTED_PATHS = new HashSet(Arrays.asList("", "help", "health", "help#"));

    @Inject
    javax.inject.Provider<Request> _requestProvider;

    @Inject
    AccessControlFactory _accessControlFactory;

    @Context
    ResourceInfo _resourceInfo;

    @Context
    HttpHeaders _httpHeaders;

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Request request = this._requestProvider.get();
        Method resourceMethod = this._resourceInfo.getResourceMethod();
        AccessControl create = this._accessControlFactory.create();
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (isBaseFile(uriInfo.getPath()) || UNPROTECTED_PATHS.contains(uriInfo.getPath()) || resourceMethod.isAnnotationPresent(ManualAuthorization.class)) {
            return;
        }
        HttpRequesterIdentity fromRequest = HttpRequesterIdentity.fromRequest(request);
        if (!create.hasAccess(fromRequest)) {
            throw new WebApplicationException("Failed access check for " + fromRequest.getEndpointUrl(), Response.Status.FORBIDDEN);
        }
    }

    private static boolean isBaseFile(String str) {
        return !str.contains("/") && str.contains(".");
    }
}
