package com.denimgroup.threadfix.framework.impl.spring;

import com.denimgroup.threadfix.CollectionUtils;
import com.denimgroup.threadfix.data.entities.AuthenticationRequired;
import com.denimgroup.threadfix.data.entities.ExplicitEndpointPathNode;
import com.denimgroup.threadfix.data.entities.ModelField;
import com.denimgroup.threadfix.data.entities.RouteParameter;
import com.denimgroup.threadfix.data.entities.RouteParameterType;
import com.denimgroup.threadfix.data.entities.WildcardEndpointPathNode;
import com.denimgroup.threadfix.data.enums.EndpointRelevanceStrictness;
import com.denimgroup.threadfix.data.interfaces.EndpointPathNode;
import com.denimgroup.threadfix.framework.engine.AbstractEndpoint;
import com.denimgroup.threadfix.framework.util.RegexUtils;
import com.denimgroup.threadfix.framework.util.java.EntityMappings;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;
import org.codehaus.jackson.annotate.JsonIgnore;

/* loaded from: input_file:com/denimgroup/threadfix/framework/impl/spring/SpringControllerEndpoint.class */
public class SpringControllerEndpoint extends AbstractEndpoint {

    @Nonnull
    private String filePath;

    @Nonnull
    private String urlPath;
    private Pattern urlPathPattern;

    @Nonnull
    private Map<String, RouteParameter> parameters;
    private int startLineNumber;
    private int endLineNumber;
    private String method;
    private AuthenticationRequired authenticationRequired;
    private String authorizationString;

    @Nullable
    @JsonIgnore
    private ModelField modelObject;

    @Nullable
    @JsonIgnore
    private SpringDataBinderParser dataBinderParser;
    private static Pattern AUTHORIZATION_PATTERN = Pattern.compile("hasRole\\('([^']+)'\\)");

    private SpringControllerEndpoint() {
        this.startLineNumber = -1;
        this.endLineNumber = -1;
        this.authenticationRequired = AuthenticationRequired.UNKNOWN;
        this.dataBinderParser = null;
    }

    public SpringControllerEndpoint(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull Map<String, RouteParameter> map, int i, int i2, @Nullable ModelField modelField) {
        this.startLineNumber = -1;
        this.endLineNumber = -1;
        this.authenticationRequired = AuthenticationRequired.UNKNOWN;
        this.dataBinderParser = null;
        this.filePath = str;
        this.urlPath = str2;
        this.startLineNumber = i;
        this.endLineNumber = i2;
        this.urlPath = this.urlPath.replaceAll("\\\\", "/").replaceAll("\\.html", "");
        this.modelObject = modelField;
        this.parameters = map;
        this.method = str3;
        this.urlPathPattern = Pattern.compile(str2.replaceAll("\\{[^\\}]+\\}", "[^\\/]+").replaceAll("\\.", "\\\\.").replaceAll("\\*\\*", ".*").replaceAll("([^\\.])\\*", "$1.*"));
    }

    public void expandParameters(@Nonnull EntityMappings entityMappings, @Nullable SpringDataBinderParser springDataBinderParser) {
        if (this.modelObject != null) {
            this.parameters.putAll(entityMappings.getPossibleParametersForModelType(this.modelObject).getPossibleParameters());
        }
        Set<String> set = null;
        if (this.dataBinderParser != null) {
            r8 = this.dataBinderParser.hasBlacklist ? this.dataBinderParser.parametersBlackList : null;
            if (this.dataBinderParser.hasWhitelist) {
                set = this.dataBinderParser.parametersWhiteList;
            }
        }
        if (springDataBinderParser != null) {
            if (springDataBinderParser.hasBlacklist && r8 != null) {
                r8 = springDataBinderParser.parametersBlackList;
            }
            if (springDataBinderParser.hasWhitelist && set == null) {
                set = springDataBinderParser.parametersWhiteList;
            }
        }
        if (r8 != null) {
            HashSet hashSet = new HashSet(r8);
            for (RouteParameter routeParameter : this.parameters.values()) {
                if (routeParameter.getParamType() == RouteParameterType.PARAMETRIC_ENDPOINT && hashSet.contains(routeParameter.getName())) {
                    hashSet.remove(routeParameter.getName());
                }
            }
            this.parameters.keySet().removeAll(hashSet);
        }
        if (set != null) {
            HashSet hashSet2 = new HashSet(set);
            for (RouteParameter routeParameter2 : this.parameters.values()) {
                if (routeParameter2.getParamType() == RouteParameterType.PARAMETRIC_ENDPOINT && !hashSet2.contains(routeParameter2.getName())) {
                    hashSet2.add(routeParameter2.getName());
                }
            }
            this.parameters.keySet().retainAll(hashSet2);
        }
    }

    @Override // com.denimgroup.threadfix.framework.engine.AbstractEndpoint
    public int compareRelevance(String str) {
        if (getUrlPath().equalsIgnoreCase(str)) {
            return 100;
        }
        if (this.urlPathPattern.matcher(str).find()) {
            return this.urlPath.length();
        }
        return -1;
    }

    public boolean isRelevant(String str, EndpointRelevanceStrictness endpointRelevanceStrictness) {
        if (getUrlPath().equalsIgnoreCase(str)) {
            return true;
        }
        return endpointRelevanceStrictness == EndpointRelevanceStrictness.LOOSE ? this.urlPathPattern.matcher(str).find() : str.replaceFirst(this.urlPathPattern.pattern(), "").length() == 0;
    }

    @Nonnull
    public Map<String, RouteParameter> getParameters() {
        return this.parameters;
    }

    public void setDataBinderParser(@Nullable SpringDataBinderParser springDataBinderParser) {
        this.dataBinderParser = springDataBinderParser;
    }

    public boolean matchesLineNumber(int i) {
        return i <= this.endLineNumber && i >= this.startLineNumber;
    }

    @Override // com.denimgroup.threadfix.framework.engine.AbstractEndpoint
    @Nonnull
    protected List<String> getLintLine() {
        List<String> list = CollectionUtils.list(new String[]{"Permissions:"});
        list.addAll(getRequiredPermissions());
        return list;
    }

    @Override // com.denimgroup.threadfix.framework.engine.AbstractEndpoint
    @Nonnull
    public String toString() {
        return "[" + this.filePath + ":" + this.startLineNumber + "-" + this.endLineNumber + " -> " + getHttpMethod() + " " + this.urlPath + " " + getParameters() + "]";
    }

    @Nonnull
    public String getHttpMethod() {
        return this.method;
    }

    @Nonnull
    public String getUrlPath() {
        String str = this.urlPath;
        return str != null ? str : "";
    }

    @Nonnull
    public List<EndpointPathNode> getUrlPathNodes() {
        ArrayList arrayList = new ArrayList();
        for (String str : StringUtils.split(getUrlPath(), '/')) {
            if (str.contains("{")) {
                arrayList.add(new WildcardEndpointPathNode((String) null));
            } else {
                arrayList.add(new ExplicitEndpointPathNode(str));
            }
        }
        return arrayList;
    }

    @Nonnull
    public String getFilePath() {
        return this.filePath;
    }

    public int getStartingLineNumber() {
        return this.startLineNumber;
    }

    public int getEndingLineNumber() {
        return this.endLineNumber;
    }

    public int getLineNumberForParameter(String str) {
        return this.startLineNumber;
    }

    public String getAuthorizationString() {
        return this.authorizationString;
    }

    public void setAuthorizationString(String str) {
        this.authorizationString = str;
    }

    @Override // com.denimgroup.threadfix.framework.engine.AbstractEndpoint
    @Nonnull
    public List<String> getRequiredPermissions() {
        List<String> list = CollectionUtils.list(new String[0]);
        if (this.authorizationString != null) {
            list.addAll(RegexUtils.getRegexResults(this.authorizationString, AUTHORIZATION_PATTERN));
        }
        return list;
    }

    @Override // com.denimgroup.threadfix.framework.engine.AbstractEndpoint
    @Nonnull
    public AuthenticationRequired getAuthenticationRequired() {
        return this.authenticationRequired;
    }

    public void setAuthenticationRequired(AuthenticationRequired authenticationRequired) {
        this.authenticationRequired = authenticationRequired;
    }
}
