package jenkins.security;

import hudson.Extension;
import hudson.Functions;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.util.HttpServletFilter;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Extension
@Restricted({NoExternalUse.class})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.436-rc34441.d6f5c20409f0.jar:jenkins/security/ResourceDomainFilter.class */
public class ResourceDomainFilter implements HttpServletFilter {
    private static final Logger LOGGER = Logger.getLogger(ResourceDomainFilter.class.getName());
    private static final Set<String> ALLOWED_PATHS = new HashSet(Arrays.asList("/static-files", "/favicon.ico", "/favicon.svg", "/apple-touch-icon.png", "/mask-icon.svg", "/robots.txt", "/images/rage.svg"));
    public static final String ERROR_RESPONSE = "Jenkins serves only static files on this domain.";

    @Override // jenkins.util.HttpServletFilter
    public boolean handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (!ResourceDomainConfiguration.isResourceRequest(httpServletRequest)) {
            return false;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo.startsWith("/static-files/") || ALLOWED_PATHS.contains(pathInfo) || isAllowedPathWithResourcePrefix(pathInfo)) {
            LOGGER.finer(() -> {
                return "Accepting request to " + httpServletRequest.getRequestURL() + " from " + httpServletRequest.getRemoteAddr() + " on resource domain";
            });
            return false;
        }
        LOGGER.fine(() -> {
            return "Rejecting request to " + httpServletRequest.getRequestURL() + " from " + httpServletRequest.getRemoteAddr() + " on resource domain";
        });
        httpServletResponse.sendError(404, ERROR_RESPONSE);
        return true;
    }

    private static boolean isAllowedPathWithResourcePrefix(String str) {
        return str.startsWith(Functions.getResourcePath()) && ALLOWED_PATHS.contains(str.substring(Functions.getResourcePath().length()));
    }
}
