package org.jenkinsci.plugins.saml;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import hudson.Util;
import java.time.Duration;
import java.util.UUID;
import java.util.logging.Logger;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.util.generator.ValueGenerator;

@Restricted({NoExternalUse.class})
/* loaded from: input_file:org/jenkinsci/plugins/saml/RefererStateGenerator.class */
class RefererStateGenerator implements ValueGenerator {
    private static final Logger LOGGER = Logger.getLogger(RefererStateGenerator.class.getName());
    public static final Cache<String, String> CACHE = Caffeine.newBuilder().maximumSize(10000).expireAfterWrite(Duration.ofMinutes(30)).build();

    public String generateValue(CallContext callContext) {
        WebContext webContext = callContext.webContext();
        String str = (String) webContext.getRequestHeader("Referer").orElse(null);
        String str2 = (String) webContext.getRequestParameter("from").orElse(null);
        String uuid = UUID.randomUUID().toString();
        CACHE.put(uuid, calculateSafeRedirect(str2, str));
        return uuid;
    }

    private static String calculateSafeRedirect(String str, String str2) {
        String baseUrl = SamlSecurityRealm.baseUrl();
        String str3 = (str == null || !Util.isSafeToRedirectTo(str)) ? (str2 == null || !(str2.startsWith(baseUrl) || Util.isSafeToRedirectTo(str2))) ? baseUrl : str2 : str;
        LOGGER.fine("Safe URL redirection: " + str3);
        return str3;
    }
}
