package com.appiancorp.security.cors;

import com.appiancorp.ap2.LoginPageServlet;
import com.appiancorp.km.ServletScopesKeys;
import com.appiancorp.security.auth.saml.SamlSpServiceUrlGenerator;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.google.common.base.Strings;
import com.google.common.net.HostAndPort;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/appiancorp/security/cors/CorsUtil.class */
public final class CorsUtil {
    public static final String HEADER_ORIGIN = "Origin";
    public static final String HEADER_REFERER = "Referer";
    public static final String CORS_WC_ENDPOINT_URI = "/cors/wc";
    public static final String CORS_ENDPOINT_PATH = "CORS_ENDPOINT_PATH";
    public static final String EMBEDDED_ORIGIN_PARAMETER = "embeddedOrigin";
    public static final String EMBEDDED_QUERY_STRING_PARAMETER = "embeddedQueryString";
    private static final String WEBCONTENT_ENDPOINT_URL = "/rest/a/content/latest/webcontent/";
    private static final String REPLACE_BACKSLASH = "\\\\";

    private CorsUtil() {
    }

    static String getProtocol(String str) {
        int indexOf = str.indexOf("//") - 1;
        return indexOf <= 0 ? "http" : str.substring(0, indexOf).toLowerCase();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String extractDomain(String str) {
        try {
            String replaceAll = str.replaceAll(REPLACE_BACKSLASH, "/");
            URI uri = new URI(replaceAll);
            if (null != uri.getAuthority()) {
                replaceAll = uri.getAuthority();
            }
            return replaceAll.toLowerCase();
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String extractProtocol(String str) {
        int indexOf = str.indexOf(ServletScopesKeys.COLON_BSLASH_BSLASH_BASE);
        return (indexOf != -1 ? str.substring(0, indexOf) : "").toLowerCase();
    }

    private static HttpServletRequest getHttpRequest(ServletRequest servletRequest) {
        ServletRequest servletRequest2 = servletRequest;
        while (true) {
            ServletRequest servletRequest3 = servletRequest2;
            if (!(servletRequest3 instanceof ServletRequestWrapper)) {
                return (HttpServletRequest) servletRequest3;
            }
            servletRequest2 = ((ServletRequestWrapper) servletRequest3).getRequest();
        }
    }

    public static boolean isAllowedOrigin(ServletRequest servletRequest, boolean z) {
        HttpServletRequest httpRequest = getHttpRequest(servletRequest);
        String header = httpRequest.getHeader(HEADER_ORIGIN);
        if (header == null) {
            return true;
        }
        String extractDomain = extractDomain(header);
        if (CorsFilter.isAllowedOriginDomain(httpRequest, extractDomain, extractProtocol(header))) {
            return true;
        }
        return z && extractDomain.equals(getHostAndPort());
    }

    public static boolean isAllowedRedirectTarget(String str) {
        String extractDomain = extractDomain(str);
        return extractDomain.equals(getHostAndPort()) || CorsFilter.isDomainInAllowedOriginsList(getProtocol(str), extractDomain);
    }

    public static boolean isAllowedOriginOrReferrer(ServletRequest servletRequest) {
        String rawOrigin = getRawOrigin(servletRequest);
        if (rawOrigin == null) {
            return false;
        }
        String extractDomain = extractDomain(rawOrigin);
        return CorsFilter.isAllowedOriginDomain(getHttpRequest(servletRequest), extractDomain, extractProtocol(rawOrigin)) || extractDomain.equals(getHostAndPort());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getRawOrigin(ServletRequest servletRequest) {
        HttpServletRequest httpRequest = getHttpRequest(servletRequest);
        String header = httpRequest.getHeader(HEADER_ORIGIN);
        if ("null".equals(header)) {
            header = null;
        }
        if (header == null) {
            header = httpRequest.getHeader(HEADER_REFERER);
            if (header != null) {
                if (isCorsSafeUri(httpRequest)) {
                    return header.toLowerCase();
                }
                return null;
            }
        }
        if (header == null) {
            return null;
        }
        return header.toLowerCase();
    }

    public static boolean isCorsSafeUri(ServletRequest servletRequest) {
        HttpServletRequest httpRequest = getHttpRequest(servletRequest);
        return isCorsSafePath(httpRequest.getServletPath(), httpRequest);
    }

    private static boolean isCorsSafePath(String str, HttpServletRequest httpServletRequest) {
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        if (str.contains(WEBCONTENT_ENDPOINT_URL)) {
            return true;
        }
        String str2 = str;
        boolean z = -1;
        switch (str2.hashCode()) {
            case -900873754:
                if (str2.equals("/personalization/mfa_verification_code.none")) {
                    z = 9;
                    break;
                }
                break;
            case -544514392:
                if (str2.equals("/saml/idp_selection.jsp")) {
                    z = 8;
                    break;
                }
                break;
            case -439524994:
                if (str2.equals("/tempo/file-web-encrypt")) {
                    z = 4;
                    break;
                }
                break;
            case 46465116:
                if (str2.equals("/cors")) {
                    z = false;
                    break;
                }
                break;
            case 1032664339:
                if (str2.equals(SamlSpServiceUrlGenerator.SAML_LOGOUT_CONSUMER_ENDPOINT)) {
                    z = 7;
                    break;
                }
                break;
            case 1258426510:
                if (str2.equals(LoginPageServlet.PORTAL_LOGIN_JSP)) {
                    z = 10;
                    break;
                }
                break;
            case 1262849977:
                if (str2.equals("/cors/io")) {
                    z = true;
                    break;
                }
                break;
            case 1262850399:
                if (str2.equals(CORS_WC_ENDPOINT_URI)) {
                    z = 2;
                    break;
                }
                break;
            case 1387070749:
                if (str2.equals("/integrations/office")) {
                    z = 6;
                    break;
                }
                break;
            case 1420464614:
                if (str2.equals("/tempo/file-web")) {
                    z = 3;
                    break;
                }
                break;
            case 2140305730:
                if (str2.equals("/forgotpasswordrequest")) {
                    z = 5;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
            case true:
                return true;
            case true:
                return wasOriginallyCorsRequest(httpServletRequest);
            default:
                return false;
        }
    }

    protected static boolean wasOriginallyCorsRequest(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getAttribute(CORS_ENDPOINT_PATH);
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        return isCorsSafePath(str, null);
    }

    public static String toOrigin(ServletRequest servletRequest) throws ServletException {
        String rawOrigin = getRawOrigin(servletRequest);
        if (rawOrigin == null) {
            return servletRequest.getScheme() + ServletScopesKeys.COLON_BSLASH_BSLASH_BASE + getHostAndPort();
        }
        if (rawOrigin.indexOf("//") == -1) {
            throw new ServletException("Malformed origin header: " + rawOrigin + " requires protocol://");
        }
        return rawOrigin.split("//")[0] + "//" + extractDomain(rawOrigin);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getHostAndPort() {
        HostAndPort hostAndPort = ((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getHostAndPort();
        return hostAndPort.getHost().toLowerCase() + (hostAndPort.hasPort() ? ":" + hostAndPort.getPort() : "");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getDynamicHostAndPort() {
        HostAndPort dynamicHostAndPort = ((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getDynamicHostAndPort();
        return dynamicHostAndPort.getHost().toLowerCase() + (dynamicHostAndPort.hasPort() ? ":" + dynamicHostAndPort.getPort() : "");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getStaticHostAndPort() {
        HostAndPort staticHostAndPort = ((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getStaticHostAndPort();
        return staticHostAndPort.getHost().toLowerCase() + (staticHostAndPort.hasPort() ? ":" + staticHostAndPort.getPort() : "");
    }

    public static String getEmbeddedRedirect(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(EMBEDDED_ORIGIN_PARAMETER);
        if (Strings.isNullOrEmpty(parameter)) {
            return null;
        }
        return parameter + httpServletRequest.getContextPath() + CORS_WC_ENDPOINT_URI + httpServletRequest.getParameter(EMBEDDED_QUERY_STRING_PARAMETER);
    }
}
