package com.appiancorp.ap2.listings;

import com.appian.logging.AppianLogger;
import com.appiancorp.ag.ServletScopesKeys;
import com.appiancorp.common.logging.ConfigureLog4j;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.AppServerConfiguration;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Set;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:com/appiancorp/ap2/listings/ListingsServletFilter.class */
public class ListingsServletFilter extends GenericFilterBean {
    private static final AppianLogger LOG = AppianLogger.getLogger(ListingsServletFilter.class);
    private static final Set<String> allowedFolders = Sets.newHashSet(new String[]{null, "", "perflogs", "data-metrics", "audit", "search-server", "data-server", "health-check", "portal-visitor-activity", "portal-server-log"});
    private static final String SHARED_LOGS_FOLDER = "/shared-logs/";
    private final String shortHostname;
    private final SuiteConfiguration suiteConfiguration;
    private final FeatureToggleConfiguration featureToggleConfiguration;
    private final AppServerConfiguration appServerConfiguration;
    private final Pattern validateForwardLocationPattern;
    private final Pattern directLogPathPattern;
    private final String logForwardPathPattern;
    private final String sharedLogsForwardPathPattern;

    ListingsServletFilter(SuiteConfiguration suiteConfiguration, FeatureToggleConfiguration featureToggleConfiguration, AppServerConfiguration appServerConfiguration, String str) {
        this.suiteConfiguration = (SuiteConfiguration) Preconditions.checkNotNull(suiteConfiguration);
        this.featureToggleConfiguration = (FeatureToggleConfiguration) Preconditions.checkNotNull(featureToggleConfiguration);
        this.appServerConfiguration = appServerConfiguration;
        this.shortHostname = str;
        String contextPath = suiteConfiguration.getContextPath();
        this.validateForwardLocationPattern = Pattern.compile("(/logs)?/shared-logs/([^/]+/([^/]*)(.*))?");
        this.directLogPathPattern = Pattern.compile("/" + contextPath + "/logs/(.+)");
        this.logForwardPathPattern = "^/" + contextPath + "/logs";
        this.sharedLogsForwardPathPattern = "^/" + contextPath + "/shared-logs/*";
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public ListingsServletFilter(com.appiancorp.suite.SuiteConfiguration r8, com.appiancorp.suite.cfg.FeatureToggleConfiguration r9, com.appiancorp.suite.cfg.AppServerConfiguration r10) throws java.lang.Exception {
        /*
            r7 = this;
            r0 = r7
            r1 = r8
            r2 = r9
            r3 = r10
            java.net.InetAddress r4 = java.net.InetAddress.getLocalHost()
            r5 = r4
            java.lang.Class r5 = r5.getClass()
            void r4 = r4::getHostName
            java.lang.String r4 = getShortHostname(r4)
            r0.<init>(r1, r2, r3, r4)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.appiancorp.ap2.listings.ListingsServletFilter.<init>(com.appiancorp.suite.SuiteConfiguration, com.appiancorp.suite.cfg.FeatureToggleConfiguration, com.appiancorp.suite.cfg.AppServerConfiguration):void");
    }

    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "The AE_LOGS_KEY property is not user input")
    public static String getShortHostname(Supplier<String> supplier) {
        Path path = Paths.get(System.getProperty(ConfigureLog4j.AE_LOGS_KEY) + "/internal/log-host", new String[0]);
        if (path.toFile().exists()) {
            try {
                return Files.readAllLines(path).get(0);
            } catch (Exception e) {
                throw new IllegalStateException("Expected log file at " + path + " could not be read", e);
            }
        }
        LOG.warn("Falling back to localhost hostname lookup, expected file at " + path + " was not present");
        try {
            return supplier.get().split("\\.")[0];
        } catch (Exception e2) {
            throw new IllegalStateException("Unexpected error looking up hostname via networking", e2);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.appServerConfiguration.shouldBlockLogsEndpoint()) {
            httpServletResponse.sendError(403);
            return;
        }
        boolean thisIsACloudSiteAndImADba = thisIsACloudSiteAndImADba(httpServletRequest.getSession());
        boolean thisIsACloudOrEngineeringSiteAndImADesigner = thisIsACloudOrEngineeringSiteAndImADesigner(httpServletRequest.getSession());
        boolean thisIsACloudOrEngineeringSiteAndImASysAdmin = thisIsACloudOrEngineeringSiteAndImASysAdmin(httpServletRequest.getSession());
        if (!thisIsACloudOrEngineeringSiteAndImADesigner && !thisIsACloudSiteAndImADba) {
            httpServletResponse.sendError(403);
            return;
        }
        String requestURI = httpServletRequest.getRequestURI();
        String dispatchPath = getDispatchPath(requestURI, httpServletRequest.getServletPath());
        if (isSuiteLogsDirectory(requestURI) && !thisIsACloudOrEngineeringSiteAndImADesigner) {
            dispatchPath = SHARED_LOGS_FOLDER;
        }
        if (isLogForDbasOnly(dispatchPath) && !thisIsACloudSiteAndImADba) {
            httpServletResponse.sendError(403);
            return;
        }
        if (!thisIsACloudOrEngineeringSiteAndImADesigner && !isSharedLogsRootDirectory(dispatchPath)) {
            if (isValidParentDirectoryForDbas(dispatchPath)) {
                dispatchPath = forwardToRdbmsDirectory(dispatchPath);
            } else if (!isLogForDbasOnly(dispatchPath)) {
                httpServletResponse.sendError(403);
                return;
            }
        }
        if (isLogHealthCheckLog(dispatchPath) && !thisIsACloudOrEngineeringSiteAndImASysAdmin) {
            httpServletResponse.sendError(403);
            return;
        }
        if (isIntegrationRequestResponseLogsDirectory(dispatchPath) && !thisIsACloudOrEngineeringSiteAndImASysAdmin) {
            httpServletResponse.sendError(403);
            return;
        }
        if (this.appServerConfiguration.redirectLogsToNodeLogs()) {
            Matcher matcher = this.directLogPathPattern.matcher(requestURI);
            if (matcher.matches()) {
                httpServletResponse.sendRedirect("/" + this.suiteConfiguration.getContextPath() + SHARED_LOGS_FOLDER + this.shortHostname + "/" + matcher.group(1));
                return;
            }
        }
        dispatchRequest(requestURI, dispatchPath, httpServletRequest, httpServletResponse);
    }

    private String getDispatchPath(String str, String str2) {
        if (!str2.startsWith("/logs")) {
            return str.replaceFirst(this.sharedLogsForwardPathPattern, SHARED_LOGS_FOLDER);
        }
        if (this.appServerConfiguration.showAllLogsDirectories() && (("/" + this.suiteConfiguration.getContextPath() + "/logs").equals(str) || ("/" + this.suiteConfiguration.getContextPath() + "/logs/").equals(str))) {
            return SHARED_LOGS_FOLDER;
        }
        String str3 = SHARED_LOGS_FOLDER + this.shortHostname;
        if (("/" + this.suiteConfiguration.getContextPath() + "/logs").equals(str)) {
            str3 = str3 + "/";
        }
        return str.replaceFirst(this.logForwardPathPattern, str3);
    }

    private boolean thisIsACloudOrEngineeringSiteAndImASysAdmin(HttpSession httpSession) {
        return ((Boolean) httpSession.getAttribute(ServletScopesKeys.IS_SYSTEM_ADMIN_KEY)).booleanValue() && (this.suiteConfiguration.isCloudSite() || this.featureToggleConfiguration.enableAppianEngineeringFeatures());
    }

    private boolean thisIsACloudOrEngineeringSiteAndImADesigner(HttpSession httpSession) {
        return ((Boolean) httpSession.getAttribute("designer")).booleanValue() && (this.suiteConfiguration.isCloudSite() || this.featureToggleConfiguration.enableAppianEngineeringFeatures());
    }

    private boolean thisIsACloudSiteAndImADba(HttpSession httpSession) {
        return ((Boolean) httpSession.getAttribute(ServletScopesKeys.KEY_DATABASE_ADMIN)).booleanValue() && this.suiteConfiguration.isCloudSite();
    }

    private void dispatchRequest(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            if (isValidURI(str2)) {
                httpServletRequest.getRequestDispatcher(str2).forward(httpServletRequest, httpServletResponse);
            } else {
                LOG.error("Invalid path requested for log listing. Request URI = " + str + " Dispatch URI = " + str2);
                httpServletResponse.sendError(403);
            }
        } catch (Exception e) {
            LOG.error("Dispatch failed for bad Request URI = " + str + " Dispatch URI = " + str2);
            httpServletResponse.sendError(403);
        }
    }

    private boolean isValidURI(String str) {
        Matcher matcher = this.validateForwardLocationPattern.matcher(str);
        if (!matcher.matches()) {
            return false;
        }
        String group = matcher.group(4);
        return Strings.isNullOrEmpty(group) || !group.startsWith("/") || (group.startsWith("/") && allowedFolders.contains(matcher.group(3)));
    }

    private String forwardToRdbmsDirectory(String str) {
        if (!str.endsWith("/")) {
            str = str + "/";
        }
        Matcher matcher = this.validateForwardLocationPattern.matcher(str);
        matcher.matches();
        return Strings.isNullOrEmpty(matcher.group(3)) ? str + "audit/rdbms/" : str + "rdbms/";
    }

    private boolean isValidParentDirectoryForDbas(String str) {
        Matcher matcher = this.validateForwardLocationPattern.matcher(str);
        if (matcher.matches()) {
            return Strings.isNullOrEmpty(matcher.group(3)) || (matcher.group(3).equals("audit") && (Strings.isNullOrEmpty(matcher.group(4)) || matcher.group(4).equals("/")));
        }
        return false;
    }

    private boolean isLogForDbasOnly(String str) {
        Matcher matcher = this.validateForwardLocationPattern.matcher(str);
        return matcher.matches() && !Strings.isNullOrEmpty(matcher.group(2)) && matcher.group(3).equals("audit") && matcher.group(4).startsWith("/rdbms");
    }

    private boolean isLogHealthCheckLog(String str) {
        Matcher matcher = this.validateForwardLocationPattern.matcher(str);
        return matcher.matches() && !Strings.isNullOrEmpty(matcher.group(2)) && matcher.group(3).equals("health-check");
    }

    private boolean isSharedLogsRootDirectory(String str) {
        Matcher matcher = this.validateForwardLocationPattern.matcher(str);
        if (matcher.matches()) {
            return Strings.isNullOrEmpty(matcher.group(2));
        }
        return false;
    }

    private boolean isSuiteLogsDirectory(String str) {
        return str.endsWith("/logs") || str.endsWith("/logs/");
    }

    private boolean isIntegrationRequestResponseLogsDirectory(String str) {
        Matcher matcher = this.validateForwardLocationPattern.matcher(str);
        return matcher.matches() && !Strings.isNullOrEmpty(matcher.group(2)) && matcher.group(3).equals("perflogs") && matcher.group(4).startsWith("/http-requests-and-responses");
    }
}
