package io.gravitee.policy.resourcefiltering;

import io.gravitee.common.http.HttpMethod;
import io.gravitee.common.util.Maps;
import io.gravitee.gateway.api.Request;
import io.gravitee.gateway.api.Response;
import io.gravitee.policy.api.PolicyChain;
import io.gravitee.policy.api.PolicyResult;
import io.gravitee.policy.api.annotations.OnRequest;
import io.gravitee.policy.resourcefiltering.configuration.Resource;
import io.gravitee.policy.resourcefiltering.configuration.ResourceFilteringPolicyConfiguration;
import java.util.List;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;

/* loaded from: input_file:io/gravitee/policy/resourcefiltering/ResourceFilteringPolicy.class */
public class ResourceFilteringPolicy {
    private ResourceFilteringPolicyConfiguration configuration;
    private static final String RESOURCE_FILTERING_FORBIDDEN = "RESOURCE_FILTERING_FORBIDDEN";
    private static final String RESOURCE_FILTERING_METHOD_NOT_ALLOWED = "RESOURCE_FILTERING_METHOD_NOT_ALLOWED";

    public ResourceFilteringPolicy(ResourceFilteringPolicyConfiguration resourceFilteringPolicyConfiguration) {
        this.configuration = resourceFilteringPolicyConfiguration;
    }

    @OnRequest
    public void onRequest(Request request, Response response, PolicyChain policyChain) {
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        if (!match(true, request.contextPath(), this.configuration.getWhitelist(), request.method(), antPathMatcher, request.path())) {
            if (methodMismatch(true, request.contextPath(), this.configuration.getWhitelist(), request.method(), antPathMatcher, request.path())) {
                failedOnMethod(request, policyChain);
                return;
            } else {
                failedOnPath(request, policyChain);
                return;
            }
        }
        if (!match(false, request.contextPath(), this.configuration.getBlacklist(), request.method(), antPathMatcher, request.path())) {
            policyChain.doNext(request, response);
        } else if (methodMismatch(false, request.contextPath(), this.configuration.getBlacklist(), request.method(), antPathMatcher, request.path())) {
            failedOnMethod(request, policyChain);
        } else {
            failedOnPath(request, policyChain);
        }
    }

    private void failedOnMethod(Request request, PolicyChain policyChain) {
        policyChain.failWith(PolicyResult.failure(RESOURCE_FILTERING_METHOD_NOT_ALLOWED, 405, "Method not allowed while accessing this resource", Maps.builder().put("path", request.path()).put("method", request.method()).build()));
    }

    private void failedOnPath(Request request, PolicyChain policyChain) {
        policyChain.failWith(PolicyResult.failure(RESOURCE_FILTERING_FORBIDDEN, 403, "You're not allowed to access this resource", Maps.builder().put("path", request.path()).put("method", request.method()).build()));
    }

    private boolean match(boolean z, String str, List<Resource> list, HttpMethod httpMethod, PathMatcher pathMatcher, String str2) {
        if (list == null || list.isEmpty()) {
            return z;
        }
        for (Resource resource : list) {
            if (resource.getMethods() == null || resource.getMethods().isEmpty() || resource.getMethods().contains(httpMethod)) {
                if (resource.getPattern() == null || pathMatcher.match(resource.getPattern(), str2) || pathMatcher.match(str + resource.getPattern(), str2)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean methodMismatch(boolean z, String str, List<Resource> list, HttpMethod httpMethod, PathMatcher pathMatcher, String str2) {
        if (list == null || list.isEmpty()) {
            return false;
        }
        for (Resource resource : list) {
            boolean z2 = resource.getPattern() == null || pathMatcher.match(resource.getPattern(), str2) || pathMatcher.match(str + resource.getPattern(), str2);
            if (z && z2 && resource.getMethods() != null && !resource.getMethods().contains(httpMethod)) {
                return true;
            }
            if (!z && z2 && resource.getMethods() != null && resource.getMethods().contains(httpMethod)) {
                return true;
            }
        }
        return false;
    }
}
