package org.cloudfoundry.identity.uaa.web;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.util.TimeService;
import org.cloudfoundry.identity.uaa.util.TimeServiceImpl;
import org.springframework.http.MediaType;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.30.0.jar:org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilter.class */
public class LimitedModeUaaFilter extends OncePerRequestFilter {
    public static final String ERROR_CODE = "uaa_unavailable";
    public static final String ERROR_MESSAGE = "UAA intentionally in limited mode, operation not permitted. Please try later.";
    public static final long STATUS_INTERVAL_MS = 5000;
    private static Log logger = LogFactory.getLog(LimitedModeUaaFilter.class);
    private Set<String> permittedEndpoints = Collections.emptySet();
    private Set<String> permittedMethods = Collections.emptySet();
    private List<AntPathRequestMatcher> endpoints = Collections.emptyList();
    private volatile boolean enabled = false;
    private File statusFile = null;
    private TimeService timeService = new TimeServiceImpl();
    private AtomicLong lastFileCheck = new AtomicLong(0);

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!isEnabled()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (isMethodAllowed(httpServletRequest) || isEndpointAllowed(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        logger.debug(String.format("Operation Not permitted in limited mode for URL:%s and method:%s", httpServletRequest.getRequestURI(), httpServletRequest.getMethod()));
        Map<String, String> errorData = getErrorData();
        if (!acceptsJson(httpServletRequest)) {
            httpServletResponse.sendError(503, errorData.get("description"));
            return;
        }
        httpServletResponse.setStatus(503);
        httpServletResponse.setHeader("Content-Type", "application/json");
        httpServletResponse.getWriter().write(JsonUtils.writeValueAsString(errorData));
        httpServletResponse.getWriter().flush();
        httpServletResponse.getWriter().close();
    }

    protected Map<String, String> getErrorData() {
        HashMap hashMap = new HashMap();
        hashMap.put("error", ERROR_CODE);
        hashMap.put(OAuth2Exception.DESCRIPTION, ERROR_MESSAGE);
        return hashMap;
    }

    protected boolean acceptsJson(HttpServletRequest httpServletRequest) {
        return MediaType.parseMediaTypes(httpServletRequest.getHeader("Accept")).stream().anyMatch(mediaType -> {
            return mediaType.isCompatibleWith(MediaType.APPLICATION_JSON);
        });
    }

    protected boolean isMethodAllowed(HttpServletRequest httpServletRequest) {
        return getPermittedMethods().contains(httpServletRequest.getMethod().toUpperCase());
    }

    public boolean isEndpointAllowed(HttpServletRequest httpServletRequest) {
        return this.endpoints.stream().anyMatch(antPathRequestMatcher -> {
            return antPathRequestMatcher.matches(httpServletRequest);
        });
    }

    public void setPermittedEndpoints(Set<String> set) {
        this.permittedEndpoints = set;
        if (set == null) {
            this.endpoints = Collections.emptyList();
        } else {
            this.endpoints = (List) set.stream().map(str -> {
                return new AntPathRequestMatcher(str);
            }).collect(Collectors.toList());
        }
    }

    public Set<String> getPermittedEndpoints() {
        return this.permittedEndpoints;
    }

    public Set<String> getPermittedMethods() {
        return this.permittedMethods;
    }

    public void setPermittedMethods(Set<String> set) {
        this.permittedMethods = (Set) Optional.ofNullable(set).orElse(Collections.emptySet());
    }

    public boolean isTimeToCheckFileSystem() {
        long j = this.lastFileCheck.get();
        long currentTimeMillis = this.timeService.getCurrentTimeMillis();
        return currentTimeMillis - j > 5000 && this.lastFileCheck.compareAndSet(j, currentTimeMillis);
    }

    public boolean isEnabled() {
        if (this.statusFile == null) {
            this.enabled = false;
        } else if (isTimeToCheckFileSystem()) {
            this.enabled = this.statusFile.exists();
        }
        return this.enabled;
    }

    public File getStatusFile() {
        return this.statusFile;
    }

    public void setStatusFile(File file) {
        this.statusFile = file;
        this.lastFileCheck.set(0L);
    }

    public void setTimeService(TimeService timeService) {
        this.timeService = timeService;
    }

    public long getLastFileSystemCheck() {
        return this.lastFileCheck.get();
    }
}
