package com.microsoft.azure.kusto.data.auth.endpoints;

import com.microsoft.azure.kusto.data.Ensure;
import com.microsoft.azure.kusto.data.UriUtils;
import com.microsoft.azure.kusto.data.auth.CloudInfo;
import com.microsoft.azure.kusto.data.exceptions.DataServiceException;
import com.microsoft.azure.kusto.data.exceptions.KustoClientInvalidConnectionStringException;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.function.Predicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.netty.Metrics;

/* loaded from: input_file:META-INF/bundled-dependencies/kusto-data-5.0.4.jar:com/microsoft/azure/kusto/data/auth/endpoints/KustoTrustedEndpoints.class */
public class KustoTrustedEndpoints {
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    public static boolean enableWellKnownKustoEndpointsValidation = true;
    private static final Map<String, FastSuffixMatcher> matchers = new TreeMap(String.CASE_INSENSITIVE_ORDER);
    private static FastSuffixMatcher additionalMatcher;
    private static Predicate<String> overrideMatcher;

    public static void setOverridePolicy(Predicate<String> predicate) {
        overrideMatcher = predicate;
    }

    public static void validateTrustedEndpoint(String str, String str2) throws KustoClientInvalidConnectionStringException {
        try {
            validateTrustedEndpoint(new URI(str), str2);
        } catch (URISyntaxException e) {
            throw new KustoClientInvalidConnectionStringException(e);
        }
    }

    public static void validateTrustedEndpoint(String str) throws KustoClientInvalidConnectionStringException {
        try {
            validateTrustedEndpoint(new URI(str), CloudInfo.retrieveCloudInfoForCluster(str).getLoginEndpoint());
        } catch (DataServiceException | URISyntaxException e) {
            throw new KustoClientInvalidConnectionStringException(e);
        }
    }

    public static void validateTrustedEndpoint(URI uri, String str) throws KustoClientInvalidConnectionStringException {
        Ensure.argIsNotNull(uri, Metrics.URI);
        String host = uri.getHost();
        validateHostnameIsTrusted(host != null ? host : uri.toString(), str);
    }

    public static void addTrustedHosts(List<MatchRule> list, boolean z) {
        if (list != null && !list.isEmpty()) {
            additionalMatcher = FastSuffixMatcher.create(z ? null : additionalMatcher, list);
        } else if (z) {
            additionalMatcher = null;
        }
    }

    private static void validateHostnameIsTrusted(String str, String str2) throws KustoClientInvalidConnectionStringException {
        if (UriUtils.isLocalAddress(str)) {
            return;
        }
        Predicate<String> predicate = overrideMatcher;
        if (predicate == null) {
            FastSuffixMatcher fastSuffixMatcher = matchers.get(str2);
            if (fastSuffixMatcher != null && fastSuffixMatcher.isMatch(str).booleanValue()) {
                return;
            }
        } else if (predicate.test(str)) {
            return;
        }
        FastSuffixMatcher fastSuffixMatcher2 = additionalMatcher;
        if (fastSuffixMatcher2 == null || !fastSuffixMatcher2.isMatch(str).booleanValue()) {
            if (enableWellKnownKustoEndpointsValidation) {
                throw new KustoClientInvalidConnectionStringException(String.format("$$ALERT[ValidateHostnameIsTrusted]: Can't communicate with '%s' as this hostname is currently not trusted; please see https://aka.ms/kustotrustedendpoints", str));
            }
            log.warn("Can't communicate with '{}' as this hostname is currently not trusted; please see https://aka.ms/kustotrustedendpoints.", str);
        }
    }

    static {
        WellKnownKustoEndpointsData.getInstance().AllowedEndpointsByLogin.forEach((str, allowedEndpoints) -> {
            ArrayList arrayList = new ArrayList();
            allowedEndpoints.AllowedKustoSuffixes.forEach(str -> {
                arrayList.add(new MatchRule(str, false));
            });
            allowedEndpoints.AllowedKustoHostnames.forEach(str2 -> {
                arrayList.add(new MatchRule(str2, true));
            });
            matchers.put(str, FastSuffixMatcher.create(arrayList));
        });
        additionalMatcher = null;
        overrideMatcher = null;
    }
}
