package org.sonar.server.authentication;

import java.util.Optional;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.Strings;

/* loaded from: input_file:org/sonar/server/authentication/OAuth2Redirection.class */
public class OAuth2Redirection {
    private static final String REDIRECT_TO_COOKIE = "REDIRECT_TO";
    private static final String RETURN_TO_PARAMETER = "return_to";

    public void create(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Optional<String> sanitizeRedirectUrl = sanitizeRedirectUrl(httpServletRequest.getParameter(RETURN_TO_PARAMETER));
        if (sanitizeRedirectUrl.isPresent()) {
            httpServletResponse.addCookie(Cookies.newCookieBuilder(httpServletRequest).setName(REDIRECT_TO_COOKIE).setValue(sanitizeRedirectUrl.get()).setHttpOnly(true).setExpiry(-1).build());
        }
    }

    public Optional<String> getAndDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Optional<Cookie> findCookie = Cookies.findCookie(REDIRECT_TO_COOKIE, httpServletRequest);
        if (!findCookie.isPresent()) {
            return Optional.empty();
        }
        delete(httpServletRequest, httpServletResponse);
        String value = findCookie.get().getValue();
        return Strings.isNullOrEmpty(value) ? Optional.empty() : Optional.of(value);
    }

    public void delete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.addCookie(Cookies.newCookieBuilder(httpServletRequest).setName(REDIRECT_TO_COOKIE).setValue(null).setHttpOnly(true).setExpiry(0).build());
    }

    private static Optional<String> sanitizeRedirectUrl(@Nullable String str) {
        return Strings.isNullOrEmpty(str) ? Optional.empty() : (str.startsWith("//") || str.startsWith("/\\")) ? Optional.empty() : !str.startsWith("/") ? Optional.empty() : Optional.of(str);
    }
}
