package org.apache.druid.data.input.impl;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.base.Preconditions;
import java.io.File;
import java.net.URI;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.annotation.Nullable;
import org.apache.druid.java.util.common.StringUtils;

/* loaded from: input_file:org/apache/druid/data/input/impl/InputSourceSecurityConfig.class */
public class InputSourceSecurityConfig {
    public static final InputSourceSecurityConfig ALLOW_ALL = new InputSourceSecurityConfig(null, null);

    @JsonProperty
    private final List<URI> allowPrefixList;

    @JsonProperty
    private final List<URI> denyPrefixList;

    @JsonCreator
    public InputSourceSecurityConfig(@JsonProperty("allowPrefixList") @Nullable List<URI> list, @JsonProperty("denyPrefixList") @Nullable List<URI> list2) {
        this.allowPrefixList = list;
        this.denyPrefixList = list2;
        Preconditions.checkArgument(this.denyPrefixList == null || this.allowPrefixList == null, "Can only use one of allowList or blackList");
    }

    public List<URI> getallowPrefixList() {
        return this.allowPrefixList;
    }

    public List<URI> getdenyPrefixList() {
        return this.denyPrefixList;
    }

    private static boolean matchesAny(List<URI> list, URI uri) {
        URI normalize = uri.normalize();
        Iterator<URI> it = list.iterator();
        while (it.hasNext()) {
            if (normalize.toString().startsWith(it.next().toString())) {
                return true;
            }
        }
        return false;
    }

    public void validateURIAccess(@Nullable Collection<URI> collection) {
        if (collection == null) {
            return;
        }
        collection.forEach(this::validateURIAccess);
    }

    public void validateURIAccess(@Nullable URI uri) {
        if (uri == null) {
            return;
        }
        Preconditions.checkArgument(isURIAllowed(uri), StringUtils.format("Access to [%s] DENIED!", uri));
    }

    public void validateFileAccess(@Nullable File file) {
        if (file == null) {
            return;
        }
        validateURIAccess(file.toURI());
    }

    public void validateFileAccess(@Nullable Collection<File> collection) {
        if (collection == null) {
            return;
        }
        collection.forEach(this::validateFileAccess);
    }

    private void validateCloudLocationAccess(@Nullable CloudObjectLocation cloudObjectLocation, String str) {
        if (cloudObjectLocation == null) {
            return;
        }
        validateURIAccess(cloudObjectLocation.toUri(str));
    }

    public void validateCloudLocationAccess(@Nullable Collection<CloudObjectLocation> collection, String str) {
        if (collection == null) {
            return;
        }
        collection.forEach(cloudObjectLocation -> {
            validateCloudLocationAccess(cloudObjectLocation, str);
        });
    }

    public boolean isURIAllowed(URI uri) {
        return this.allowPrefixList != null ? matchesAny(this.allowPrefixList, uri) : this.denyPrefixList == null || !matchesAny(this.denyPrefixList, uri);
    }

    public String toString() {
        return "InputSourceSecurityConfig{allowPrefixList=" + this.allowPrefixList + ", denyPrefixList=" + this.denyPrefixList + '}';
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        InputSourceSecurityConfig inputSourceSecurityConfig = (InputSourceSecurityConfig) obj;
        return Objects.equals(this.allowPrefixList, inputSourceSecurityConfig.allowPrefixList) && Objects.equals(this.denyPrefixList, inputSourceSecurityConfig.denyPrefixList);
    }

    public int hashCode() {
        return Objects.hash(this.allowPrefixList, this.denyPrefixList);
    }
}
