package org.apache.wicket.protocol.http;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.protocol.http.IResourceIsolationPolicy;
import org.apache.wicket.request.component.IRequestablePage;
import org.apache.wicket.util.lang.Checks;
import org.apache.wicket.util.string.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/wicket/protocol/http/OriginResourceIsolationPolicy.class */
public class OriginResourceIsolationPolicy implements IResourceIsolationPolicy {
    private static final Logger log = LoggerFactory.getLogger(OriginResourceIsolationPolicy.class);
    private Collection<String> acceptedOrigins = new ArrayList();

    public OriginResourceIsolationPolicy addAcceptedOrigin(String str) {
        Checks.notNull(str, "acceptedOrigin", new Object[0]);
        int length = str.length();
        int i = 0;
        while (i < length && str.charAt(i) == '.') {
            i++;
        }
        this.acceptedOrigins.add(str.substring(i));
        return this;
    }

    @Override // org.apache.wicket.protocol.http.IResourceIsolationPolicy
    public IResourceIsolationPolicy.ResourceIsolationOutcome isRequestAllowed(HttpServletRequest httpServletRequest, IRequestablePage iRequestablePage) {
        String sourceUri = getSourceUri(httpServletRequest);
        if (sourceUri == null || sourceUri.isEmpty()) {
            log.debug("Source URI not present in request to {}", httpServletRequest.getPathInfo());
            return IResourceIsolationPolicy.ResourceIsolationOutcome.UNKNOWN;
        }
        String lowerCase = sourceUri.toLowerCase(Locale.ROOT);
        if (!isWhitelistedHost(lowerCase) && !isLocalOrigin(httpServletRequest, lowerCase)) {
            log.debug("Source URI conflicts with request origin");
            return IResourceIsolationPolicy.ResourceIsolationOutcome.DISALLOWED;
        }
        return IResourceIsolationPolicy.ResourceIsolationOutcome.ALLOWED;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isLocalOrigin(HttpServletRequest httpServletRequest, String str) {
        String targetUriFromRequest;
        String normalizeUri = normalizeUri(str);
        if (normalizeUri == null || (targetUriFromRequest = getTargetUriFromRequest(httpServletRequest)) == null) {
            return false;
        }
        return normalizeUri.equalsIgnoreCase(targetUriFromRequest);
    }

    protected final String getTargetUriFromRequest(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        String scheme = httpServletRequest.getScheme();
        if (scheme == null) {
            return null;
        }
        String lowerCase = scheme.toLowerCase(Locale.ROOT);
        sb.append(lowerCase);
        sb.append("://");
        String serverName = httpServletRequest.getServerName();
        if (serverName == null) {
            return null;
        }
        sb.append(serverName);
        int serverPort = httpServletRequest.getServerPort();
        if (("http".equals(lowerCase) && serverPort != 80) || ("https".equals(lowerCase) && serverPort != 443)) {
            sb.append(':');
            sb.append(serverPort);
        }
        return sb.toString();
    }

    private String getSourceUri(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Origin");
        if (Strings.isEmpty(header)) {
            header = httpServletRequest.getHeader("Referer");
        }
        return normalizeUri(header);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String normalizeUri(String str) {
        if (Strings.isEmpty(str) || "null".equals(str)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        try {
            URI uri = new URI(str);
            String scheme = uri.getScheme();
            if (scheme == null) {
                return null;
            }
            String lowerCase = scheme.toLowerCase(Locale.ROOT);
            sb.append(lowerCase);
            sb.append("://");
            String host = uri.getHost();
            if (host == null) {
                return null;
            }
            sb.append(host);
            int port = uri.getPort();
            boolean z = port != -1;
            boolean z2 = "http".equals(lowerCase) && port != 80;
            boolean z3 = "https".equals(lowerCase) && port != 443;
            if (z && (z2 || z3)) {
                sb.append(':');
                sb.append(port);
            }
            return sb.toString();
        } catch (URISyntaxException e) {
            log.debug("Invalid URI provided: {}, marked conflicting", str);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isWhitelistedHost(String str) {
        try {
            String host = new URI(str).getHost();
            if (Strings.isEmpty(host)) {
                return false;
            }
            for (String str2 : this.acceptedOrigins) {
                if (host.equalsIgnoreCase(str2) || host.endsWith("." + str2)) {
                    log.trace("Origin {} matched whitelisted origin {}, request accepted", str, str2);
                    return true;
                }
            }
            return false;
        } catch (URISyntaxException e) {
            log.debug("Origin: {} not parseable as an URI. Whitelisted-origin check skipped.", str);
            return false;
        }
    }
}
