package org.apache.linkis.common.utils;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.linkis.common.conf.CommonVars;
import org.apache.linkis.common.conf.CommonVars$;
import org.apache.linkis.common.exception.LinkisSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/linkis/common/utils/SecurityUtils.class */
public abstract class SecurityUtils {
    private static final String COMMA = ",";
    private static final String EQUAL_SIGN = "=";
    private static final String AND_SYMBOL = "&";
    private static final String QUESTION_MARK = "?";
    private static final Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
    public static final CommonVars<String> MYSQL_SENSITIVE_PARAMS = CommonVars$.MODULE$.apply("linkis.mysql.sensitive.params", "allowLoadLocalInfile,autoDeserialize,allowLocalInfile,allowUrlInLocalInfile,#");
    public static final CommonVars<String> MYSQL_FORCE_PARAMS = CommonVars$.MODULE$.apply("linkis.mysql.force.params", "allowLoadLocalInfile=false&autoDeserialize=false&allowLocalInfile=false&allowUrlInLocalInfile=false");
    public static final CommonVars<String> MYSQL_STRONG_SECURITY_ENABLE = CommonVars$.MODULE$.apply("linkis.mysql.strong.security.enable", "false");

    public static String appendMysqlForceParams(String str) {
        if (StringUtils.isBlank(str)) {
            return "";
        }
        String value = MYSQL_FORCE_PARAMS.getValue();
        return str.endsWith(QUESTION_MARK) ? str + value : str.lastIndexOf(QUESTION_MARK) < 0 ? str + QUESTION_MARK + value : str + AND_SYMBOL + value;
    }

    public static void appendMysqlForceParams(Map<String, Object> map) {
        map.putAll(parseMysqlUrlParamsToMap(MYSQL_FORCE_PARAMS.getValue()));
    }

    public static String checkJdbcSecurity(String str) {
        logger.info("checkJdbcSecurity origin url: {}", str);
        if (StringUtils.isBlank(str)) {
            throw new LinkisSecurityException(35000, "Invalid mysql connection cul, url is empty");
        }
        try {
            String decode = URLDecoder.decode(str, "UTF-8");
            if (decode.endsWith(QUESTION_MARK) || !decode.contains(QUESTION_MARK)) {
                logger.info("checkJdbcSecurity target url: {}", decode);
                return decode;
            }
            String[] split = decode.split("\\?");
            if (split.length != 2) {
                logger.warn("Invalid url: {}", decode);
                throw new LinkisSecurityException(35000, "Invalid mysql connection cul: " + decode);
            }
            String str2 = split[0] + QUESTION_MARK + parseParamsMapToMysqlParamUrl(checkJdbcSecurity(parseMysqlUrlParamsToMap(split[1])));
            logger.info("checkJdbcSecurity target url: {}", str2);
            return str2;
        } catch (UnsupportedEncodingException e) {
            throw new LinkisSecurityException(35000, "mysql connection cul decode error: " + e);
        }
    }

    public static Map<String, Object> checkJdbcSecurity(Map<String, Object> map) {
        if (map == null) {
            return new HashMap();
        }
        if (Boolean.valueOf(MYSQL_STRONG_SECURITY_ENABLE.getValue()).booleanValue()) {
            map.clear();
            return map;
        }
        try {
            Map<String, Object> parseMysqlUrlParamsToMap = parseMysqlUrlParamsToMap(URLDecoder.decode(parseParamsMapToMysqlParamUrl(map), "UTF-8"));
            map.clear();
            map.putAll(parseMysqlUrlParamsToMap);
            Iterator<Map.Entry<String, Object>> it = map.entrySet().iterator();
            while (it.hasNext()) {
                Map.Entry<String, Object> next = it.next();
                String key = next.getKey();
                Object value = next.getValue();
                if (StringUtils.isBlank(key) || value == null || StringUtils.isBlank(value.toString())) {
                    logger.warn("Invalid parameter key or value is blank.");
                    it.remove();
                } else if (isNotSecurity(key, value.toString())) {
                    logger.warn("Sensitive param : key={} and value={}", key, value);
                    throw new LinkisSecurityException(35000, "Invalid mysql connection parameters: " + parseParamsMapToMysqlParamUrl(map));
                }
            }
            return map;
        } catch (UnsupportedEncodingException e) {
            throw new LinkisSecurityException(35000, "mysql connection cul decode error: " + e);
        }
    }

    public static String parseParamsMapToMysqlParamUrl(Map<String, Object> map) {
        return map == null ? "" : (String) map.entrySet().stream().map(entry -> {
            return String.join(EQUAL_SIGN, (CharSequence) entry.getKey(), String.valueOf(entry.getValue()));
        }).collect(Collectors.joining(AND_SYMBOL));
    }

    private static Map<String, Object> parseMysqlUrlParamsToMap(String str) {
        String[] split = str.split(AND_SYMBOL);
        LinkedHashMap linkedHashMap = new LinkedHashMap(split.length);
        for (String str2 : split) {
            String[] split2 = str2.split(EQUAL_SIGN);
            if (split2.length != 2) {
                logger.warn("mysql force param {} error.", str2);
            } else {
                linkedHashMap.put(split2[0], split2[1]);
            }
        }
        return linkedHashMap;
    }

    private static boolean isNotSecurity(String str, String str2) {
        boolean z = true;
        String value = MYSQL_SENSITIVE_PARAMS.getValue();
        if (StringUtils.isBlank(value)) {
            return false;
        }
        String[] split = value.split(COMMA);
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (isNotSecurity(str, str2, split[i])) {
                z = false;
                break;
            }
            i++;
        }
        return !z;
    }

    private static boolean isNotSecurity(String str, String str2, String str3) {
        return str.toLowerCase().contains(str3.toLowerCase()) || str2.toLowerCase().contains(str3.toLowerCase());
    }
}
