package cn.aotcloud.safe.support.http.cross;

import cn.aotcloud.safe.HttpRequestMatcher;
import cn.aotcloud.safe.SafeHandler;
import cn.aotcloud.safe.autoconfigure.SafeProperties;
import com.google.common.collect.Sets;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.compress.utils.Lists;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: CrossOriginHttpRequestHeaderCheckerImpl.java */
/* loaded from: input_file:cn/aotcloud/safe/support/http/cross/II11iIiI.class */
public class II11iIiI implements CrossOriginHttpRequestHeaderChecker {
    private final Logger II11iIiI = LoggerFactory.getLogger(getClass());
    private final HttpRequestMatcher I111ii1I;
    private final SafeProperties i111IiI1;

    public II11iIiI(HttpRequestMatcher httpRequestMatcher, SafeProperties safeProperties) {
        this.I111ii1I = httpRequestMatcher;
        this.i111IiI1 = safeProperties;
    }

    @Override // cn.aotcloud.safe.support.http.HttpRequestHeaderChecker
    public void check(HttpServletRequest httpServletRequest) throws cn.aotcloud.safe.I111ii1I {
        II11iIiI(httpServletRequest);
        I111ii1I(httpServletRequest);
        i111IiI1(httpServletRequest);
        i1iI111I(httpServletRequest);
    }

    private List<String> II11iIiI() {
        List<String> referer = this.i111IiI1.getCrossOrigin().getReferer();
        List<String> allowed = this.i111IiI1.getHost().getAllowed();
        return (List) Stream.of((Object[]) new List[]{II11iIiI(referer), (List) ((List) Optional.ofNullable((List) this.i111IiI1.getHttpScheme().getAllowed().stream().map(httpScheme -> {
            return httpScheme.getValue();
        }).distinct().collect(Collectors.toList())).orElseGet(() -> {
            return new ArrayList();
        })).stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap(str -> {
            return ((List) Optional.ofNullable(allowed).orElseGet(() -> {
                return new ArrayList();
            })).stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(str -> {
                return II11iIiI(str, str);
            });
        }).collect(Collectors.toList())}).flatMap((v0) -> {
            return v0.stream();
        }).distinct().collect(Collectors.toList());
    }

    private List<String> II11iIiI(List<String> list) {
        HashSet newHashSet = Sets.newHashSet();
        for (String str : list) {
            if (StringUtils.isNotBlank(str)) {
                newHashSet.add(StringUtils.endsWith(str, "/") ? str + "**" : str);
            }
        }
        return new ArrayList(newHashSet);
    }

    private String II11iIiI(String str, String str2) {
        String str3 = null;
        if (StringUtils.isNoneBlank(new CharSequence[]{str}) && StringUtils.isNoneBlank(new CharSequence[]{str2})) {
            str3 = StringUtils.lowerCase(str + "://" + str2 + (str2.endsWith("/") ? "**" : "/**"));
        }
        return str3;
    }

    private void II11iIiI(HttpServletRequest httpServletRequest) throws cn.aotcloud.safe.I111ii1I {
        String lowerCase = StringUtils.lowerCase(httpServletRequest.getHeader(CrossOriginHttpRequestHeaderChecker.HEADER_REFERER));
        String lowerCase2 = StringUtils.lowerCase(httpServletRequest.getHeader(CrossOriginHttpRequestHeaderChecker.HEADER_ORIGIN));
        this.II11iIiI.debug("1、检查引用地址（referer）与来源（origin）。");
        this.II11iIiI.debug("引用地址（referer）：" + lowerCase);
        this.II11iIiI.debug("来源（origin）：" + lowerCase2);
        if (StringUtils.isNotBlank(lowerCase) && StringUtils.isNotBlank(lowerCase2) && !lowerCase.contains(lowerCase2)) {
            throw new cn.aotcloud.safe.I111ii1I((SafeHandler) null, String.format("引用（%s）中不包含来源（%s）。", lowerCase, lowerCase2));
        }
    }

    private void I111ii1I(HttpServletRequest httpServletRequest) throws cn.aotcloud.safe.I111ii1I {
        this.II11iIiI.debug("2、检查引用地址。");
        String lowerCase = StringUtils.lowerCase(httpServletRequest.getRequestURL().toString());
        this.II11iIiI.debug("请求地址（url）：" + lowerCase);
        String header = httpServletRequest.getHeader(CrossOriginHttpRequestHeaderChecker.HEADER_REFERER);
        this.II11iIiI.debug("引用地址（referer）：" + header);
        if (StringUtils.isBlank(header)) {
            if (!iI1II1Ii(httpServletRequest)) {
                throw new cn.aotcloud.safe.I111ii1I((SafeHandler) null, String.format("来源不允许为空，请求地址（%s）。", lowerCase));
            }
            return;
        }
        boolean isPresent = II11iIiI().stream().filter(charSequence -> {
            return StringUtils.isNoneBlank(new CharSequence[]{charSequence});
        }).filter(str -> {
            return this.I111ii1I.getPathMatcher().match(str, header);
        }).findFirst().isPresent();
        this.II11iIiI.debug("是否允许跨域：" + isPresent);
        if (isPresent) {
            return;
        }
        this.II11iIiI.debug("检查请求地址与引用地址是否同域。");
        if (!I111ii1I(lowerCase, header)) {
            throw new cn.aotcloud.safe.I111ii1I((SafeHandler) null, String.format("请求地址（%s）与引用地址（%s）不属于同一个域。", lowerCase, header));
        }
    }

    private void i111IiI1(HttpServletRequest httpServletRequest) throws cn.aotcloud.safe.I111ii1I {
        this.II11iIiI.debug("3、检查来源。");
        String lowerCase = StringUtils.lowerCase(httpServletRequest.getRequestURL().toString());
        this.II11iIiI.debug("请求地址（url）：" + lowerCase);
        String header = httpServletRequest.getHeader(CrossOriginHttpRequestHeaderChecker.HEADER_ORIGIN);
        this.II11iIiI.debug("来源（origin）：" + header);
        if (StringUtils.isBlank(header) || II11iIiI().stream().filter((v0) -> {
            return StringUtils.isNotBlank(v0);
        }).filter(str -> {
            return this.I111ii1I.getPathMatcher().match(str, lowerCase);
        }).findFirst().isPresent()) {
            return;
        }
        this.II11iIiI.debug("检查请求地址与来源是否同域。");
        if (!I111ii1I(lowerCase, header)) {
            throw new cn.aotcloud.safe.I111ii1I((SafeHandler) null, String.format("请求地址（%s）与来源（%s）不属于同一个域。", lowerCase, header));
        }
    }

    private void i1iI111I(HttpServletRequest httpServletRequest) throws cn.aotcloud.safe.I111ii1I {
        List<String> context;
        this.II11iIiI.debug("4、检查上下文。");
        String contextPath = httpServletRequest.getContextPath();
        this.II11iIiI.debug("上下文（context）：" + contextPath);
        if (!StringUtils.isBlank(contextPath) && (context = this.i111IiI1.getCrossOrigin().getContext()) != null && !context.isEmpty() && !context.contains(contextPath)) {
            throw new cn.aotcloud.safe.I111ii1I((SafeHandler) null, String.format("上下文（%s）不允许。", contextPath));
        }
    }

    private boolean iI1II1Ii(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        ArrayList<String> newArrayList = Lists.newArrayList();
        newArrayList.addAll(this.i111IiI1.getCrossOrigin().getTrustUri());
        if (this.i111IiI1.getAuth().isEnabled()) {
            newArrayList.addAll(this.i111IiI1.getAuth().getStarWithUris());
        }
        for (String str : newArrayList) {
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
            if (this.I111ii1I.getPathMatcher().match(str + "/**", servletPath) || this.I111ii1I.getPathMatcher().match(str + "?**", servletPath)) {
                return true;
            }
        }
        return false;
    }

    private boolean I111ii1I(String str, String str2) {
        try {
            if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
                return false;
            }
            URL url = new URL(str);
            URL url2 = new URL(str2);
            if (StringUtils.equals(url.getProtocol(), url2.getProtocol()) && StringUtils.equals(url.getHost(), url2.getHost())) {
                if (url.getPort() == url2.getPort()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    public static void II11iIiI(String[] strArr) {
        System.out.println(new cn.aotcloud.safe.support.I111ii1I().getPathMatcher().match("/safeConf/**", "/safeConf/audit"));
    }
}
