package org.apache.servicecomb.authentication.provider;

import com.netflix.config.ConcurrentCompositeConfiguration;
import com.netflix.config.DynamicPropertyFactory;
import java.beans.PropertyDescriptor;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.servicecomb.registry.api.registry.Microservice;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/servicecomb/authentication/provider/AccessController.class */
public class AccessController {
    private static final Logger LOG = LoggerFactory.getLogger(AccessController.class);
    private static final String KEY_WHITE_LIST_PREFIX = "servicecomb.publicKey.accessControl.white";
    private static final String KEY_BLACK_LIST_PREFIX = "servicecomb.publicKey.accessControl.black";
    private static final String KEY_PROPERTY_NAME = "%s.%s.propertyName";
    private static final String KEY_CATEGORY = "%s.%s.category";
    private static final String KEY_RULE_POSTFIX = ".rule";
    private Map<String, ConfigurationItem> whiteList = new HashMap();
    private Map<String, ConfigurationItem> blackList = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/servicecomb/authentication/provider/AccessController$ConfigurationItem.class */
    public class ConfigurationItem {
        static final String CATEGORY_PROPERTY = "property";
        String category;
        String propertyName;
        String rule;

        ConfigurationItem() {
        }
    }

    public AccessController() {
        loadConfigurations(KEY_BLACK_LIST_PREFIX);
        loadConfigurations(KEY_WHITE_LIST_PREFIX);
    }

    public boolean isAllowed(Microservice microservice) {
        return whiteAllowed(microservice) && !blackDenied(microservice);
    }

    private boolean whiteAllowed(Microservice microservice) {
        if (this.whiteList.isEmpty()) {
            return true;
        }
        return matchFound(microservice, this.whiteList);
    }

    private boolean blackDenied(Microservice microservice) {
        if (this.blackList.isEmpty()) {
            return false;
        }
        return matchFound(microservice, this.blackList);
    }

    private boolean matchFound(Microservice microservice, Map<String, ConfigurationItem> map) {
        for (ConfigurationItem configurationItem : map.values()) {
            if ("property".equals(configurationItem.category) && (matchMicroserviceField(microservice, configurationItem) || matchMicroserviceProperties(microservice, configurationItem))) {
                return true;
            }
        }
        return false;
    }

    private boolean matchMicroserviceProperties(Microservice microservice, ConfigurationItem configurationItem) {
        for (Map.Entry entry : microservice.getProperties().entrySet()) {
            if (((String) entry.getKey()).equals(configurationItem.propertyName)) {
                return isPatternMatch((String) entry.getValue(), configurationItem.rule);
            }
        }
        return false;
    }

    private boolean matchMicroserviceField(Microservice microservice, ConfigurationItem configurationItem) {
        try {
            Object invoke = new PropertyDescriptor(configurationItem.propertyName, Microservice.class).getReadMethod().invoke(microservice, new Object[0]);
            if (invoke.getClass().getName().equals(String.class.getName())) {
                return isPatternMatch((String) invoke, configurationItem.rule);
            }
            return false;
        } catch (Exception e) {
            if (DynamicPropertyFactory.getInstance().getBooleanProperty("servicecomb.error.printSensitiveErrorMessage", false).get()) {
                LOG.warn("can't find propertyname: {} in microservice field, will search in microservice properties.", configurationItem.propertyName, e);
                return false;
            }
            LOG.warn("can't find propertyname: {} in microservice field, will search in microservice properties.", configurationItem.propertyName);
            return false;
        }
    }

    private boolean isPatternMatch(String str, String str2) {
        return str2.startsWith("*") ? str.endsWith(str2.substring(1)) : str2.endsWith("*") ? str.startsWith(str2.substring(0, str2.length() - 1)) : str.equals(str2);
    }

    private void loadConfigurations(String str) {
        ConcurrentCompositeConfiguration concurrentCompositeConfiguration = (ConcurrentCompositeConfiguration) DynamicPropertyFactory.getBackingConfigurationSource();
        loadConfigurations(concurrentCompositeConfiguration, str);
        concurrentCompositeConfiguration.addConfigurationListener(configurationEvent -> {
            if (configurationEvent.getPropertyName().startsWith(str)) {
                LOG.info("Access rule have been changed. Reload configurations. Event=" + configurationEvent.getType());
                loadConfigurations(concurrentCompositeConfiguration, str);
            }
        });
    }

    private void loadConfigurations(ConcurrentCompositeConfiguration concurrentCompositeConfiguration, String str) {
        HashMap hashMap = new HashMap();
        Iterator keys = concurrentCompositeConfiguration.getKeys(str);
        while (keys.hasNext()) {
            String str2 = (String) keys.next();
            if (str2.endsWith(KEY_RULE_POSTFIX)) {
                ConfigurationItem configurationItem = new ConfigurationItem();
                String str3 = DynamicPropertyFactory.getInstance().getStringProperty(str2, (String) null).get();
                if (!StringUtils.isEmpty(str3)) {
                    configurationItem.rule = str3;
                    String substring = str2.substring(str.length() + 1, str2.length() - KEY_RULE_POSTFIX.length());
                    configurationItem.propertyName = DynamicPropertyFactory.getInstance().getStringProperty(String.format(KEY_PROPERTY_NAME, str, substring), (String) null).get();
                    if (!StringUtils.isEmpty(configurationItem.propertyName)) {
                        configurationItem.category = DynamicPropertyFactory.getInstance().getStringProperty(String.format(KEY_CATEGORY, str, substring), (String) null).get();
                        if (!StringUtils.isEmpty(configurationItem.category)) {
                            hashMap.put(substring, configurationItem);
                        }
                    }
                }
            }
        }
        if (KEY_WHITE_LIST_PREFIX.equals(str)) {
            this.whiteList = hashMap;
            logConfigurations(hashMap, true);
        } else {
            this.blackList = hashMap;
            logConfigurations(hashMap, false);
        }
    }

    private void logConfigurations(Map<String, ConfigurationItem> map, boolean z) {
        map.entrySet().forEach(entry -> {
            ConfigurationItem configurationItem = (ConfigurationItem) entry.getValue();
            LOG.info((z ? "White list " : "Black list ") + "config item: key=" + ((String) entry.getKey()) + ";category=" + configurationItem.category + ";propertyName=" + configurationItem.propertyName + ";rule=" + configurationItem.rule);
        });
    }
}
