package com.atlassian.seraph.config;

import com.atlassian.seraph.util.RedirectUtils;
import java.net.IDN;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/atlassian/seraph/config/DefaultRedirectPolicy.class */
public class DefaultRedirectPolicy implements RedirectPolicy {
    private static final String HTTP = "http://";
    private static final String HTTPS = "https://";
    private static final Pattern MORE_THAN_2_LEADING_SLASHES = Pattern.compile("^///+");
    private static final Pattern HTTP_PATTERN = Pattern.compile("^https?:");
    private boolean allowAnyUrl = false;

    @Override // com.atlassian.seraph.Initable
    public void init(Map<String, String> map, SecurityConfig securityConfig) {
        if (map == null) {
            throw new IllegalArgumentException("params is not allowed to be null");
        }
        this.allowAnyUrl = "true".equals(map.get("allow.any.redirect.url"));
    }

    public boolean isAllowAnyUrl() {
        return this.allowAnyUrl;
    }

    @Override // com.atlassian.seraph.config.RedirectPolicy
    public boolean allowedRedirectDestination(String str, HttpServletRequest httpServletRequest) {
        if (this.allowAnyUrl) {
            return true;
        }
        String foldLeadingSlashes = foldLeadingSlashes(str, httpServletRequest.getScheme());
        try {
            return new URI(prepareHostStringIfPossible(foldLeadingSlashes)).getHost() == null || RedirectUtils.sameContext(foldLeadingSlashes, httpServletRequest);
        } catch (IllegalArgumentException e) {
            return false;
        } catch (URISyntaxException e2) {
            return false;
        }
    }

    private String prepareHostStringIfPossible(String str) {
        return str.startsWith(HTTP) ? decodeHostPart(str, HTTP) : str.startsWith(HTTPS) ? decodeHostPart(str, HTTPS) : str;
    }

    private String decodeHostPart(String str, String str2) {
        String replaceAll = str.substring(str2.length()).replaceAll("^/*", "");
        if (replaceAll.contains("/")) {
            replaceAll = replaceAll.substring(0, replaceAll.indexOf("/"));
        }
        if (!replaceAll.contains(":")) {
            return str2 + IDN.toASCII(replaceAll);
        }
        int indexOf = replaceAll.indexOf(":");
        return str2 + IDN.toASCII(replaceAll.substring(0, indexOf)) + replaceAll.substring(indexOf);
    }

    private String foldLeadingSlashes(String str, String str2) {
        Matcher matcher = HTTP_PATTERN.matcher(str);
        return matcher.find() ? matcher.group() + tryRemoveExcessSlashes(str.substring(matcher.end()), "") : tryRemoveExcessSlashes(str, str2);
    }

    private String tryRemoveExcessSlashes(String str, String str2) {
        Matcher matcher = MORE_THAN_2_LEADING_SLASHES.matcher(str);
        return matcher.find() ? appendSchemeIfRequired(str2, matcher.replaceFirst("//")) : appendSchemeIfRequired(str2, str);
    }

    private String appendSchemeIfRequired(String str, String str2) {
        return str.length() == 0 ? str2 : str2.startsWith(":") ? str + str2 : str + ":" + str2;
    }
}
