package org.apache.sling.auth.core;

import com.adobe.xfa.ut.Resolver;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.cache.HeaderConstants;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sling/auth/core/AuthUtil.class */
public final class AuthUtil {
    private static final String X_REQUESTED_WITH = "X-Requested-With";
    private static final String XML_HTTP_REQUEST = "XMLHttpRequest";
    private static final String USER_AGENT = "User-Agent";
    private static final String BROWSER_CLASS_MOZILLA = "Mozilla";
    private static final String BROWSER_CLASS_OPERA = "Opera";

    private AuthUtil() {
    }

    public static String getAttributeOrParameter(HttpServletRequest httpServletRequest, String str, String str2) {
        String attributeString = getAttributeString(httpServletRequest, str);
        if (attributeString != null) {
            return attributeString;
        }
        String parameter = httpServletRequest.getParameter(str);
        return (parameter == null || parameter.length() <= 0) ? str2 : parameter;
    }

    public static String getLoginResource(HttpServletRequest httpServletRequest, String str) {
        return getAttributeOrParameter(httpServletRequest, "resource", str);
    }

    public static String setLoginResourceAttribute(HttpServletRequest httpServletRequest, String str) {
        String attributeString = getAttributeString(httpServletRequest, "resource");
        if (attributeString == null) {
            String parameter = httpServletRequest.getParameter("resource");
            attributeString = (parameter == null || parameter.length() <= 0) ? (str == null || str.length() <= 0) ? "/" : str : parameter;
            httpServletRequest.setAttribute("resource", attributeString);
        }
        return attributeString;
    }

    public static void sendRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Map<String, String> map) throws IOException {
        checkAndReset(httpServletResponse);
        StringBuilder sb = new StringBuilder();
        if (isRedirectValid(httpServletRequest, str)) {
            sb.append(str);
        } else if (httpServletRequest.getContextPath().length() == 0) {
            sb.append("/");
        } else {
            sb.append(httpServletRequest.getContextPath());
        }
        if (map == null) {
            map = new HashMap();
        }
        if (map.get("resource") == null) {
            String requestURI = httpServletRequest.getRequestURI();
            if (httpServletRequest.getQueryString() != null) {
                requestURI = requestURI + "?" + httpServletRequest.getQueryString();
            }
            map.put("resource", requestURI);
        }
        sb.append('?');
        Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, String> next = it.next();
            if (next.getKey() != null && next.getValue() != null) {
                try {
                    sb.append(next.getKey()).append('=').append(URLEncoder.encode(next.getValue(), "UTF-8"));
                    if (it.hasNext()) {
                        sb.append('&');
                    }
                } catch (UnsupportedEncodingException e) {
                    throw new InternalError("Unexpected UnsupportedEncodingException for UTF-8");
                }
            }
        }
        httpServletResponse.sendRedirect(sb.toString());
    }

    private static String getAttributeString(HttpServletRequest httpServletRequest, String str) {
        Object attribute = httpServletRequest.getAttribute(str);
        if (!(attribute instanceof String) || ((String) attribute).length() <= 0) {
            return null;
        }
        return (String) attribute;
    }

    public static boolean isValidateRequest(HttpServletRequest httpServletRequest) {
        return "true".equalsIgnoreCase(httpServletRequest.getParameter(AuthConstants.PAR_J_VALIDATE));
    }

    public static void sendValid(HttpServletResponse httpServletResponse) {
        checkAndReset(httpServletResponse);
        try {
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType("text/plain");
            httpServletResponse.setContentLength(0);
            httpServletResponse.setHeader("Pragma", HeaderConstants.CACHE_CONTROL_NO_CACHE);
            httpServletResponse.setHeader("Cache-Control", HeaderConstants.CACHE_CONTROL_NO_CACHE);
            httpServletResponse.addHeader("Cache-Control", HeaderConstants.CACHE_CONTROL_NO_STORE);
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            getLog().error("Failed to send 200/OK response", (Throwable) e);
        }
    }

    public static void sendInvalid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        checkAndReset(httpServletResponse);
        try {
            httpServletResponse.setStatus(403);
            Object attribute = httpServletRequest.getAttribute(AuthenticationHandler.FAILURE_REASON);
            Object attribute2 = httpServletRequest.getAttribute(AuthenticationHandler.FAILURE_REASON_CODE);
            if (attribute != null) {
                httpServletResponse.setHeader(AuthConstants.X_REASON, attribute.toString());
                if (attribute2 != null) {
                    httpServletResponse.setHeader(AuthConstants.X_REASON_CODE, attribute2.toString());
                }
                httpServletResponse.setContentType("text/plain");
                httpServletResponse.setCharacterEncoding("UTF-8");
                httpServletResponse.getWriter().println(attribute);
            }
            httpServletResponse.flushBuffer();
        } catch (IOException e) {
            getLog().error("Failed to send 403/Forbidden response", (Throwable) e);
        }
    }

    public static boolean checkReferer(HttpServletRequest httpServletRequest, String str) {
        String header;
        if (!"POST".equals(httpServletRequest.getMethod()) || (header = httpServletRequest.getHeader("Referer")) == null) {
            return true;
        }
        try {
            return String.format("%s%s", httpServletRequest.getContextPath(), str).equals(new URL(header).getPath());
        } catch (MalformedURLException e) {
            getLog().debug("Failed to parse the referer value for the login form " + str, (Throwable) e);
            return true;
        }
    }

    public static boolean isRedirectValid(HttpServletRequest httpServletRequest, String str) {
        if (str == null || str.length() == 0) {
            getLog().warn("isRedirectValid: Redirect target must not be empty or null");
            return false;
        }
        try {
            new URI(str);
            if (str.contains(Resolver.gsServerIndicator)) {
                getLog().warn("isRedirectValid: Redirect target '{}' must not be an URL", str);
                return false;
            }
            if (str.contains("//") || str.contains("/../") || str.contains("/./") || str.endsWith("/.") || str.endsWith("/..")) {
                getLog().warn("isRedirectValid: Redirect target '{}' is not normalized", str);
                return false;
            }
            String contextPath = getContextPath(httpServletRequest);
            if (contextPath.length() > 0 && !str.startsWith(contextPath)) {
                getLog().warn("isRedirectValid: Redirect target '{}' does not start with servlet context path '{}'", str, contextPath);
                return false;
            }
            if (contextPath.length() == str.length()) {
                return true;
            }
            String substring = str.substring(contextPath.length());
            if (!substring.startsWith("/")) {
                getLog().warn("isRedirectValid: Redirect target '{}' without servlet context path '{}' must be an absolute path", str, contextPath);
                return false;
            }
            int indexOf = substring.indexOf(63);
            String substring2 = indexOf > 0 ? substring.substring(0, indexOf) : substring;
            ResourceResolver resourceResolver = getResourceResolver(httpServletRequest);
            if ((resourceResolver != null && !ResourceUtil.isNonExistingResource(resourceResolver.resolve(httpServletRequest, substring2))) || !Pattern.compile("[<>'\"]").matcher(substring2).find()) {
                return true;
            }
            getLog().warn("isRedirectValid: Redirect target '{}' must not contain any of <>'\"", str);
            return false;
        } catch (URISyntaxException e) {
            getLog().warn("isRedirectValid: Redirect target '{}' contains illegal characters", str);
            return false;
        }
    }

    private static String getContextPath(HttpServletRequest httpServletRequest) {
        return httpServletRequest != null ? httpServletRequest.getContextPath() : "";
    }

    private static ResourceResolver getResourceResolver(HttpServletRequest httpServletRequest) {
        if (httpServletRequest != null) {
            return (ResourceResolver) httpServletRequest.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
        }
        return null;
    }

    public static boolean isBrowserRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("User-Agent");
        if (header != null) {
            return header.contains(BROWSER_CLASS_MOZILLA) || header.contains(BROWSER_CLASS_OPERA);
        }
        return false;
    }

    public static boolean isAjaxRequest(HttpServletRequest httpServletRequest) {
        return XML_HTTP_REQUEST.equals(httpServletRequest.getHeader("X-Requested-With"));
    }

    private static void checkAndReset(HttpServletResponse httpServletResponse) {
        if (httpServletResponse.isCommitted()) {
            throw new IllegalStateException("Response is already committed");
        }
        httpServletResponse.resetBuffer();
    }

    private static Logger getLog() {
        return LoggerFactory.getLogger("org.apache.sling.auth.core.AuthUtil");
    }
}
