package org.springframework.web.servlet.resource;

import ch.qos.logback.classic.pattern.CallerDataConverter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.EmbeddedValueResolverAware;
import org.springframework.core.io.Resource;
import org.springframework.core.io.UrlResource;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpRange;
import org.springframework.http.MediaType;
import org.springframework.http.converter.ResourceHttpMessageConverter;
import org.springframework.http.converter.ResourceRegionHttpMessageConverter;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils;
import org.springframework.util.StringValueResolver;
import org.springframework.web.HttpRequestHandler;
import org.springframework.web.accept.ContentNegotiationManager;
import org.springframework.web.accept.PathExtensionContentNegotiationStrategy;
import org.springframework.web.accept.ServletPathExtensionContentNegotiationStrategy;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.servlet.HandlerMapping;
import org.springframework.web.servlet.support.WebContentGenerator;
import org.springframework.web.util.UrlPathHelper;
import org.unbescape.uri.UriEscape;

/* loaded from: input_file:WEB-INF/lib/spring-webmvc-5.0.12.RELEASE.jar:org/springframework/web/servlet/resource/ResourceHttpRequestHandler.class */
public class ResourceHttpRequestHandler extends WebContentGenerator implements HttpRequestHandler, EmbeddedValueResolverAware, InitializingBean, CorsConfigurationSource {
    private static final Log logger = LogFactory.getLog((Class<?>) ResourceHttpRequestHandler.class);
    private static final String URL_RESOURCE_CHARSET_PREFIX = "[charset=";
    private final List<String> locationValues;
    private final List<Resource> locations;
    private final Map<Resource, Charset> locationCharsets;
    private final List<ResourceResolver> resourceResolvers;
    private final List<ResourceTransformer> resourceTransformers;

    @Nullable
    private ResourceHttpMessageConverter resourceHttpMessageConverter;

    @Nullable
    private ResourceRegionHttpMessageConverter resourceRegionHttpMessageConverter;

    @Nullable
    private ContentNegotiationManager contentNegotiationManager;

    @Nullable
    private PathExtensionContentNegotiationStrategy contentNegotiationStrategy;

    @Nullable
    private CorsConfiguration corsConfiguration;

    @Nullable
    private UrlPathHelper urlPathHelper;

    @Nullable
    private StringValueResolver embeddedValueResolver;

    public ResourceHttpRequestHandler() {
        super(HttpMethod.GET.name(), HttpMethod.HEAD.name());
        this.locationValues = new ArrayList(4);
        this.locations = new ArrayList(4);
        this.locationCharsets = new HashMap(4);
        this.resourceResolvers = new ArrayList(4);
        this.resourceTransformers = new ArrayList(4);
    }

    public void setLocationValues(List<String> list) {
        Assert.notNull(list, "Location values list must not be null");
        this.locationValues.clear();
        this.locationValues.addAll(list);
    }

    public void setLocations(List<Resource> list) {
        Assert.notNull(list, "Locations list must not be null");
        this.locations.clear();
        this.locations.addAll(list);
    }

    public List<Resource> getLocations() {
        return this.locations;
    }

    public void setResourceResolvers(@Nullable List<ResourceResolver> list) {
        this.resourceResolvers.clear();
        if (list != null) {
            this.resourceResolvers.addAll(list);
        }
    }

    public List<ResourceResolver> getResourceResolvers() {
        return this.resourceResolvers;
    }

    public void setResourceTransformers(@Nullable List<ResourceTransformer> list) {
        this.resourceTransformers.clear();
        if (list != null) {
            this.resourceTransformers.addAll(list);
        }
    }

    public List<ResourceTransformer> getResourceTransformers() {
        return this.resourceTransformers;
    }

    public void setResourceHttpMessageConverter(@Nullable ResourceHttpMessageConverter resourceHttpMessageConverter) {
        this.resourceHttpMessageConverter = resourceHttpMessageConverter;
    }

    @Nullable
    public ResourceHttpMessageConverter getResourceHttpMessageConverter() {
        return this.resourceHttpMessageConverter;
    }

    public void setResourceRegionHttpMessageConverter(@Nullable ResourceRegionHttpMessageConverter resourceRegionHttpMessageConverter) {
        this.resourceRegionHttpMessageConverter = resourceRegionHttpMessageConverter;
    }

    @Nullable
    public ResourceRegionHttpMessageConverter getResourceRegionHttpMessageConverter() {
        return this.resourceRegionHttpMessageConverter;
    }

    public void setContentNegotiationManager(@Nullable ContentNegotiationManager contentNegotiationManager) {
        this.contentNegotiationManager = contentNegotiationManager;
    }

    @Nullable
    public ContentNegotiationManager getContentNegotiationManager() {
        return this.contentNegotiationManager;
    }

    public void setCorsConfiguration(CorsConfiguration corsConfiguration) {
        this.corsConfiguration = corsConfiguration;
    }

    @Override // org.springframework.web.cors.CorsConfigurationSource
    @Nullable
    public CorsConfiguration getCorsConfiguration(HttpServletRequest httpServletRequest) {
        return this.corsConfiguration;
    }

    public void setUrlPathHelper(@Nullable UrlPathHelper urlPathHelper) {
        this.urlPathHelper = urlPathHelper;
    }

    @Nullable
    public UrlPathHelper getUrlPathHelper() {
        return this.urlPathHelper;
    }

    @Override // org.springframework.context.EmbeddedValueResolverAware
    public void setEmbeddedValueResolver(StringValueResolver stringValueResolver) {
        this.embeddedValueResolver = stringValueResolver;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        resolveResourceLocations();
        if (logger.isWarnEnabled() && CollectionUtils.isEmpty(this.locations)) {
            logger.warn("Locations list is empty. No resources will be served unless a custom ResourceResolver is configured as an alternative to PathResourceResolver.");
        }
        if (this.resourceResolvers.isEmpty()) {
            this.resourceResolvers.add(new PathResourceResolver());
        }
        initAllowedLocations();
        if (this.resourceHttpMessageConverter == null) {
            this.resourceHttpMessageConverter = new ResourceHttpMessageConverter();
        }
        if (this.resourceRegionHttpMessageConverter == null) {
            this.resourceRegionHttpMessageConverter = new ResourceRegionHttpMessageConverter();
        }
        this.contentNegotiationStrategy = initContentNegotiationStrategy();
    }

    private void resolveResourceLocations() {
        if (CollectionUtils.isEmpty(this.locationValues)) {
            return;
        }
        if (!CollectionUtils.isEmpty(this.locations)) {
            throw new IllegalArgumentException("Please set either Resource-based \"locations\" or String-based \"locationValues\", but not both.");
        }
        ApplicationContext obtainApplicationContext = obtainApplicationContext();
        for (String str : this.locationValues) {
            if (this.embeddedValueResolver != null) {
                String resolveStringValue = this.embeddedValueResolver.resolveStringValue(str);
                if (resolveStringValue == null) {
                    throw new IllegalArgumentException("Location resolved to null: " + str);
                }
                str = resolveStringValue;
            }
            Charset charset = null;
            String trim = str.trim();
            if (trim.startsWith(URL_RESOURCE_CHARSET_PREFIX)) {
                int indexOf = trim.indexOf(93, URL_RESOURCE_CHARSET_PREFIX.length());
                if (indexOf == -1) {
                    throw new IllegalArgumentException("Invalid charset syntax in location: " + trim);
                }
                charset = Charset.forName(trim.substring(URL_RESOURCE_CHARSET_PREFIX.length(), indexOf));
                trim = trim.substring(indexOf + 1);
            }
            Resource resource = obtainApplicationContext.getResource(trim);
            this.locations.add(resource);
            if (charset != null) {
                if (!(resource instanceof UrlResource)) {
                    throw new IllegalArgumentException("Unexpected charset for non-UrlResource: " + resource);
                }
                this.locationCharsets.put(resource, charset);
            }
        }
    }

    protected void initAllowedLocations() {
        if (CollectionUtils.isEmpty(this.locations)) {
            return;
        }
        for (int size = getResourceResolvers().size() - 1; size >= 0; size--) {
            if (getResourceResolvers().get(size) instanceof PathResourceResolver) {
                PathResourceResolver pathResourceResolver = (PathResourceResolver) getResourceResolvers().get(size);
                if (ObjectUtils.isEmpty((Object[]) pathResourceResolver.getAllowedLocations())) {
                    pathResourceResolver.setAllowedLocations((Resource[]) getLocations().toArray(new Resource[0]));
                }
                if (this.urlPathHelper != null) {
                    pathResourceResolver.setLocationCharsets(this.locationCharsets);
                    pathResourceResolver.setUrlPathHelper(this.urlPathHelper);
                    return;
                }
                return;
            }
        }
    }

    protected PathExtensionContentNegotiationStrategy initContentNegotiationStrategy() {
        PathExtensionContentNegotiationStrategy pathExtensionContentNegotiationStrategy;
        HashMap hashMap = null;
        if (getContentNegotiationManager() != null && (pathExtensionContentNegotiationStrategy = (PathExtensionContentNegotiationStrategy) getContentNegotiationManager().getStrategy(PathExtensionContentNegotiationStrategy.class)) != null) {
            hashMap = new HashMap(pathExtensionContentNegotiationStrategy.getMediaTypes());
        }
        return getServletContext() != null ? new ServletPathExtensionContentNegotiationStrategy(getServletContext(), hashMap) : new PathExtensionContentNegotiationStrategy(hashMap);
    }

    @Override // org.springframework.web.HttpRequestHandler
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Resource resource = getResource(httpServletRequest);
        if (resource == null) {
            logger.trace("No matching resource found - returning 404");
            httpServletResponse.sendError(404);
            return;
        }
        if (HttpMethod.OPTIONS.matches(httpServletRequest.getMethod())) {
            httpServletResponse.setHeader("Allow", getAllowHeader());
            return;
        }
        checkRequest(httpServletRequest);
        if (new ServletWebRequest(httpServletRequest, httpServletResponse).checkNotModified(resource.lastModified())) {
            logger.trace("Resource not modified - returning 304");
            return;
        }
        prepareResponse(httpServletResponse);
        MediaType mediaType = getMediaType(httpServletRequest, resource);
        if (mediaType != null) {
            if (logger.isTraceEnabled()) {
                logger.trace("Determined media type '" + mediaType + "' for " + resource);
            }
        } else if (logger.isTraceEnabled()) {
            logger.trace("No media type found for " + resource + " - not sending a content-type header");
        }
        if (WebContentGenerator.METHOD_HEAD.equals(httpServletRequest.getMethod())) {
            setHeaders(httpServletResponse, resource, mediaType);
            logger.trace("HEAD request - skipping content");
            return;
        }
        ServletServerHttpResponse servletServerHttpResponse = new ServletServerHttpResponse(httpServletResponse);
        if (httpServletRequest.getHeader("Range") == null) {
            Assert.state(this.resourceHttpMessageConverter != null, "Not initialized");
            setHeaders(httpServletResponse, resource, mediaType);
            this.resourceHttpMessageConverter.write(resource, mediaType, servletServerHttpResponse);
            return;
        }
        Assert.state(this.resourceRegionHttpMessageConverter != null, "Not initialized");
        httpServletResponse.setHeader("Accept-Ranges", "bytes");
        try {
            List<HttpRange> range = new ServletServerHttpRequest(httpServletRequest).getHeaders().getRange();
            httpServletResponse.setStatus(HttpServletResponse.SC_PARTIAL_CONTENT);
            this.resourceRegionHttpMessageConverter.write(HttpRange.toResourceRegions(range, resource), mediaType, servletServerHttpResponse);
        } catch (IllegalArgumentException e) {
            httpServletResponse.setHeader("Content-Range", "bytes */" + resource.contentLength());
            httpServletResponse.sendError(HttpServletResponse.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
        }
    }

    @Nullable
    protected Resource getResource(HttpServletRequest httpServletRequest) throws IOException {
        String str = (String) httpServletRequest.getAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE);
        if (str == null) {
            throw new IllegalStateException("Required request attribute '" + HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE + "' is not set");
        }
        String processPath = processPath(str);
        if (!StringUtils.hasText(processPath) || isInvalidPath(processPath)) {
            if (!logger.isTraceEnabled()) {
                return null;
            }
            logger.trace("Ignoring invalid resource path [" + processPath + "]");
            return null;
        }
        if (!isInvalidEncodedPath(processPath)) {
            DefaultResourceResolverChain defaultResourceResolverChain = new DefaultResourceResolverChain(getResourceResolvers());
            Resource resolveResource = defaultResourceResolverChain.resolveResource(httpServletRequest, processPath, getLocations());
            return (resolveResource == null || getResourceTransformers().isEmpty()) ? resolveResource : new DefaultResourceTransformerChain(defaultResourceResolverChain, getResourceTransformers()).transform(httpServletRequest, resolveResource);
        }
        if (!logger.isTraceEnabled()) {
            return null;
        }
        logger.trace("Ignoring invalid resource path with escape sequences [" + processPath + "]");
        return null;
    }

    protected String processPath(String str) {
        return cleanLeadingSlash(cleanDuplicateSlashes(StringUtils.replace(str, "\\", "/")));
    }

    private String cleanDuplicateSlashes(String str) {
        char c;
        StringBuilder sb = null;
        char c2 = 0;
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == '/' && c2 == '/') {
                if (sb == null) {
                    sb = new StringBuilder(str.substring(0, i));
                }
                c = charAt;
            } else {
                if (sb != null) {
                    sb.append(str.charAt(i));
                }
                c = charAt;
            }
            c2 = c;
        }
        return sb != null ? sb.toString() : str;
    }

    private String cleanLeadingSlash(String str) {
        boolean z = false;
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) == '/') {
                z = true;
            } else if (str.charAt(i) > ' ' && str.charAt(i) != 127) {
                if (i == 0 || (i == 1 && z)) {
                    return str;
                }
                String substring = z ? "/" + str.substring(i) : str.substring(i);
                if (logger.isTraceEnabled()) {
                    logger.trace("Path after trimming leading '/' and control characters: [" + substring + "]");
                }
                return substring;
            }
        }
        return z ? "/" : "";
    }

    private boolean isInvalidEncodedPath(String str) {
        if (!str.contains(QuickTargetSourceCreator.PREFIX_THREAD_LOCAL)) {
            return false;
        }
        try {
            String decode = URLDecoder.decode(str, UriEscape.DEFAULT_ENCODING);
            if (isInvalidPath(decode)) {
                return true;
            }
            return isInvalidPath(processPath(decode));
        } catch (UnsupportedEncodingException | IllegalArgumentException e) {
            return false;
        }
    }

    protected boolean isInvalidPath(String str) {
        if (str.contains("WEB-INF") || str.contains("META-INF")) {
            if (!logger.isTraceEnabled()) {
                return true;
            }
            logger.trace("Path with \"WEB-INF\" or \"META-INF\": [" + str + "]");
            return true;
        }
        if (str.contains(":/")) {
            String substring = str.charAt(0) == '/' ? str.substring(1) : str;
            if (ResourceUtils.isUrl(substring) || substring.startsWith("url:")) {
                if (!logger.isTraceEnabled()) {
                    return true;
                }
                logger.trace("Path represents URL or has \"url:\" prefix: [" + str + "]");
                return true;
            }
        }
        if (!str.contains(CallerDataConverter.DEFAULT_RANGE_DELIMITER) || !StringUtils.cleanPath(str).contains("../")) {
            return false;
        }
        if (!logger.isTraceEnabled()) {
            return true;
        }
        logger.trace("Path contains \"../\" after call to StringUtils#cleanPath: [" + str + "]");
        return true;
    }

    @Nullable
    protected MediaType getMediaType(HttpServletRequest httpServletRequest, Resource resource) {
        if (this.contentNegotiationStrategy != null) {
            return this.contentNegotiationStrategy.getMediaTypeForResource(resource);
        }
        return null;
    }

    protected void setHeaders(HttpServletResponse httpServletResponse, Resource resource, @Nullable MediaType mediaType) throws IOException {
        long contentLength = resource.contentLength();
        if (contentLength > 2147483647L) {
            httpServletResponse.setContentLengthLong(contentLength);
        } else {
            httpServletResponse.setContentLength((int) contentLength);
        }
        if (mediaType != null) {
            httpServletResponse.setContentType(mediaType.toString());
        }
        if (resource instanceof HttpResource) {
            ((HttpResource) resource).getResponseHeaders().forEach((str, list) -> {
                boolean z = true;
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    if (z) {
                        httpServletResponse.setHeader(str, str);
                    } else {
                        httpServletResponse.addHeader(str, str);
                    }
                    z = false;
                }
            });
        }
        httpServletResponse.setHeader("Accept-Ranges", "bytes");
    }

    public String toString() {
        return "ResourceHttpRequestHandler [locations=" + getLocations() + ", resolvers=" + getResourceResolvers() + "]";
    }
}
