package org.apache.linkis.common.utils;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.linkis.common.conf.CommonVars;
import org.apache.linkis.common.conf.CommonVars$;
import org.apache.linkis.common.exception.LinkisSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/linkis/common/utils/SecurityUtils.class */
public abstract class SecurityUtils {
    private static final String COMMA = ",";
    private static final String EQUAL_SIGN = "=";
    private static final String AND_SYMBOL = "&";
    private static final String QUESTION_MARK = "?";
    private static final String REGEX_QUESTION_MARK = "\\?";
    private static final int JDBC_URL_ITEM_COUNT = 2;
    private static final String JDBC_MYSQL_PROTOCOL = "jdbc:mysql";
    private static final Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
    private static final CommonVars<String> MYSQL_SENSITIVE_PARAMS = CommonVars$.MODULE$.apply("linkis.mysql.sensitive.params", "allowLoadLocalInfile,autoDeserialize,allowLocalInfile,allowUrlInLocalInfile,#");
    private static final CommonVars<String> MYSQL_FORCE_PARAMS = CommonVars$.MODULE$.apply("linkis.mysql.force.params", "allowLoadLocalInfile=false&autoDeserialize=false&allowLocalInfile=false&allowUrlInLocalInfile=false");
    private static final CommonVars<String> MYSQL_STRONG_SECURITY_ENABLE = CommonVars$.MODULE$.apply("linkis.mysql.strong.security.enable", "false");
    private static final CommonVars<String> MYSQL_SECURITY_CHECK_ENABLE = CommonVars$.MODULE$.apply("linkis.mysql.security.check.enable", "true");
    private static final CommonVars<String> MYSQL_CONNECT_URL = CommonVars.apply("linkis.security.mysql.url.template", "jdbc:mysql://%s:%s/%s");
    private static final CommonVars<String> JDBC_MATCH_REGEX = CommonVars$.MODULE$.apply("linkis.mysql.jdbc.match.regex", "(?i)jdbc:(?i)(mysql)://([^:]+)(:[0-9]+)?(/[a-zA-Z0-9_-]*[\\.\\-]?)?");

    public static void checkJdbcConnParams(String str, Integer num, String str2, String str3, String str4, Map<String, Object> map) {
        if (Boolean.valueOf(MYSQL_SECURITY_CHECK_ENABLE.getValue()).booleanValue()) {
            if (StringUtils.isAnyBlank(new CharSequence[]{str, str2})) {
                logger.error("Invalid mysql connection params: host: {}, username: {}, database: {}", new Object[]{str, str2, str4});
                throw new LinkisSecurityException(35000, "Invalid mysql connection params.");
            }
            checkUrl(String.format(MYSQL_CONNECT_URL.getValue(), str.trim(), num, str4.trim()));
            checkParams(map);
        }
    }

    public static void checkJdbcConnUrl(String str) {
        if (Boolean.valueOf(MYSQL_SECURITY_CHECK_ENABLE.getValue()).booleanValue()) {
            logger.info("jdbc url: {}", str);
            if (StringUtils.isBlank(str)) {
                throw new LinkisSecurityException(35000, "Invalid jdbc connection url.");
            }
            if (str.toLowerCase().startsWith(JDBC_MYSQL_PROTOCOL)) {
                String[] split = str.split(REGEX_QUESTION_MARK);
                if (split.length > JDBC_URL_ITEM_COUNT) {
                    throw new LinkisSecurityException(35000, "Invalid jdbc connection url.");
                }
                checkUrl(split[0]);
                if (split.length == JDBC_URL_ITEM_COUNT) {
                    checkParams(parseMysqlUrlParamsToMap(split[1]));
                }
            }
        }
    }

    public static String getJdbcUrl(String str) {
        if (!StringUtils.isBlank(str) && str.toLowerCase().startsWith(JDBC_MYSQL_PROTOCOL)) {
            String[] split = str.split(REGEX_QUESTION_MARK);
            String str2 = split[0];
            if (split.length == JDBC_URL_ITEM_COUNT) {
                Map<String, Object> parseMysqlUrlParamsToMap = parseMysqlUrlParamsToMap(split[1]);
                appendMysqlForceParams(parseMysqlUrlParamsToMap);
                str2 = str2 + QUESTION_MARK + parseParamsMapToMysqlParamUrl(parseMysqlUrlParamsToMap);
            }
            return str2;
        }
        return str;
    }

    public static String appendMysqlForceParams(String str) {
        if (StringUtils.isBlank(str)) {
            return "";
        }
        if (!Boolean.valueOf(MYSQL_STRONG_SECURITY_ENABLE.getValue()).booleanValue()) {
            return str;
        }
        String value = MYSQL_FORCE_PARAMS.getValue();
        return str.endsWith(QUESTION_MARK) ? str + value : str.lastIndexOf(QUESTION_MARK) < 0 ? str + QUESTION_MARK + value : str + AND_SYMBOL + value;
    }

    public static void appendMysqlForceParams(Map<String, Object> map) {
        if (Boolean.valueOf(MYSQL_STRONG_SECURITY_ENABLE.getValue()).booleanValue()) {
            map.putAll(parseMysqlUrlParamsToMap(MYSQL_FORCE_PARAMS.getValue()));
        }
    }

    public static String parseParamsMapToMysqlParamUrl(Map<String, Object> map) {
        return (map == null || map.isEmpty()) ? "" : (String) map.entrySet().stream().map(entry -> {
            return String.join(EQUAL_SIGN, (CharSequence) entry.getKey(), String.valueOf(entry.getValue()));
        }).collect(Collectors.joining(AND_SYMBOL));
    }

    public static void checkUrl(String str) {
        if ((str == null || str.toLowerCase().startsWith(JDBC_MYSQL_PROTOCOL)) && !Pattern.compile(JDBC_MATCH_REGEX.getValue()).matcher(str).matches()) {
            logger.info("Invalid mysql connection url: {}", str);
            throw new LinkisSecurityException(35000, "Invalid mysql connection url.");
        }
    }

    private static void checkParams(Map<String, Object> map) {
        if (map == null || map.isEmpty()) {
            return;
        }
        try {
            Map<String, Object> parseMysqlUrlParamsToMap = parseMysqlUrlParamsToMap(URLDecoder.decode(parseParamsMapToMysqlParamUrl(map), "UTF-8"));
            map.clear();
            map.putAll(parseMysqlUrlParamsToMap);
            Iterator<Map.Entry<String, Object>> it = map.entrySet().iterator();
            while (it.hasNext()) {
                Map.Entry<String, Object> next = it.next();
                String key = next.getKey();
                Object value = next.getValue();
                if (StringUtils.isBlank(key) || value == null || StringUtils.isBlank(value.toString())) {
                    logger.warn("Invalid parameter key or value is blank.");
                    it.remove();
                } else if (isNotSecurity(key, value.toString())) {
                    logger.warn("Sensitive param : key={} and value={}", key, value);
                    throw new LinkisSecurityException(35000, "Invalid mysql connection parameters: " + parseParamsMapToMysqlParamUrl(map));
                }
            }
        } catch (UnsupportedEncodingException e) {
            throw new LinkisSecurityException(35000, "mysql connection cul decode error: " + e);
        }
    }

    private static Map<String, Object> parseMysqlUrlParamsToMap(String str) {
        if (StringUtils.isBlank(str)) {
            return new LinkedHashMap();
        }
        String[] split = str.split(AND_SYMBOL);
        LinkedHashMap linkedHashMap = new LinkedHashMap(split.length);
        for (String str2 : split) {
            String[] split2 = str2.split(EQUAL_SIGN);
            if (split2.length != JDBC_URL_ITEM_COUNT) {
                logger.warn("mysql force param {} error.", str2);
            } else {
                linkedHashMap.put(split2[0], split2[1]);
            }
        }
        return linkedHashMap;
    }

    private static boolean isNotSecurity(String str, String str2) {
        boolean z = true;
        String value = MYSQL_SENSITIVE_PARAMS.getValue();
        if (StringUtils.isBlank(value)) {
            return false;
        }
        String[] split = value.split(COMMA);
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (isNotSecurity(str, str2, split[i])) {
                z = false;
                break;
            }
            i++;
        }
        return !z;
    }

    private static boolean isNotSecurity(String str, String str2, String str3) {
        return str.toLowerCase().contains(str3.toLowerCase()) || str2.toLowerCase().contains(str3.toLowerCase());
    }
}
