package com.atlassian.plugins.authentication.sso.util;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.plugin.spring.scanner.annotation.imports.ComponentImport;
import com.atlassian.plugins.authentication.sso.ui.logout.LogoutPageServlet;
import com.atlassian.plugins.authentication.sso.web.oidc.InitiateLoginServlet;
import com.atlassian.plugins.authentication.sso.web.saml.SamlConsumerServlet;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.core.UriBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:com/atlassian/plugins/authentication/sso/util/TargetUrlNormalizer.class */
public class TargetUrlNormalizer {
    private static final Logger log = LoggerFactory.getLogger(TargetUrlNormalizer.class);
    private static final Set<String> ILLEGAL_DESTINATION_URLS = ImmutableSet.of(SamlConsumerServlet.URL, LogoutPageServlet.URL, InitiateLoginServlet.URL);
    protected final ApplicationProperties applicationProperties;

    @VisibleForTesting
    protected static final String PATH_PREFIX = "/a345/b342/c5462/";

    @Inject
    public TargetUrlNormalizer(@ComponentImport ApplicationProperties applicationProperties) {
        this.applicationProperties = applicationProperties;
    }

    public URI getRelativeTargetUrl(String str) {
        if (str == null) {
            return null;
        }
        try {
            URI relativizeUriIfNeeded = relativizeUriIfNeeded(new URI(str.replace(" ", "+")).normalize());
            String path = relativizeUriIfNeeded.getPath();
            validatePathTraversal(str, path);
            if (!ILLEGAL_DESTINATION_URLS.contains(path)) {
                return relativizeUriIfNeeded;
            }
            log.debug("Requested destination url {} is not an allowed destination url, continuing without a destination url ", str);
            return null;
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Error parsing provided url " + str + ", aborting", e);
        }
    }

    public URI removeContextPathFromUriIfNeeded(URI uri) {
        String baseUrl = this.applicationProperties.getBaseUrl(UrlMode.RELATIVE);
        String uri2 = uri.toString();
        return uri2.startsWith(baseUrl) ? UriBuilder.fromUri(uri2.substring(baseUrl.length(), uri2.length())).build(new Object[0]) : uri;
    }

    private URI relativizeUriIfNeeded(URI uri) throws URISyntaxException {
        return (!uri.isAbsolute() && Strings.emptyToNull(uri.getHost()) == null && uri.getPort() == -1 && Strings.emptyToNull(uri.getUserInfo()) == null && Strings.emptyToNull(uri.getAuthority()) == null) ? uri : removeContextPathFromUriIfNeeded(UriBuilder.fromUri("").replacePath(uri.getPath()).replaceQuery(uri.getRawQuery()).fragment(uri.getFragment()).build(new Object[0]));
    }

    private void validatePathTraversal(String str, String str2) {
        Preconditions.checkArgument(UriBuilder.fromPath(PATH_PREFIX).path(str2).build(new Object[0]).normalize().getPath().startsWith(PATH_PREFIX), "Requested path traversal outside the context path " + str + ", aborting");
    }
}
