package com.composum.sling.clientlibs.service;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.annotation.Nonnull;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.SlingPostProcessor;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({SlingPostProcessor.class})
@Component(label = "Composum PostServlet Blocker", description = "A service that blocks the default SlingPostServlet for configurable paths, since that sometimes creates unwanted resources when deploying and the corresponding servlet is not present.", metatype = true)
/* loaded from: input_file:default/org.apache.sling.kickstart.far:com/composum/sling/core/composum-sling-core-commons/1.12.0/composum-sling-core-commons-1.12.0.jar:com/composum/sling/clientlibs/service/DenyPostServiceImpl.class */
public class DenyPostServiceImpl implements SlingPostProcessor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DenyPostServiceImpl.class);
    public static final String DENIED_PATHS = "deniedpaths";

    @Property(name = DENIED_PATHS, label = "Denied Paths", description = "Regular expressions the request path is compared to. If one of these matches the whole path, the operations called on the SlingPostServlet are rolled back.", value = {"/bin/.*"})
    protected String[] deniedpaths;

    @Nonnull
    protected volatile List<Pattern> deniedPathList = Collections.emptyList();

    @Override // org.apache.sling.servlets.post.SlingPostProcessor
    public void process(SlingHttpServletRequest slingHttpServletRequest, List<Modification> list) throws ResourceNotFoundException {
        if (this.deniedPathList.isEmpty()) {
            return;
        }
        Resource resource = slingHttpServletRequest.getResource();
        String path = resource != null ? resource.getPath() : null;
        if (path != null) {
            for (Pattern pattern : this.deniedPathList) {
                if (pattern.matcher(path).matches()) {
                    LOG.warn("POST to {} reached default SlingPostServlet, but is forbidden via pattern {}", path, pattern.pattern());
                    throw new IllegalArgumentException("POSTing to resource via default SlingPostServlet forbidden at this JCR path");
                }
            }
        }
    }

    @Modified
    @Activate
    protected void activate(ComponentContext componentContext) {
        this.deniedpaths = PropertiesUtil.toStringArray(componentContext.getProperties().get(DENIED_PATHS));
        ArrayList arrayList = new ArrayList();
        if (this.deniedpaths != null) {
            for (String str : this.deniedpaths) {
                try {
                    arrayList.add(Pattern.compile(str));
                } catch (PatternSyntaxException e) {
                    LOG.error("Pattern not parseable: {}", str, e);
                }
            }
        }
        this.deniedPathList = arrayList;
    }
}
