package org.fcrepo.http.api;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.fcrepo.kernel.api.exception.ExternalMessageBodyException;
import org.fcrepo.kernel.api.utils.AutoReloadingConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fcrepo/http/api/ExternalContentPathValidator.class */
public class ExternalContentPathValidator extends AutoReloadingConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(ExternalContentPathValidator.class);
    private static final Set<String> ALLOWED_SCHEMES = new HashSet(Arrays.asList("file", "http", "https"));
    private static final Pattern SCHEME_PATTERN = Pattern.compile("^(http|https|file):/.*", 2);
    private static final Pattern HTTP_DOMAIN_PATTERN = Pattern.compile("^(http|https)://([^/]+/.*|$)");
    private static final Pattern RELATIVE_MOD_PATTERN = Pattern.compile(".*(^|/)\\.\\.($|/).*");
    private static final Pattern NORMALIZE_FILE_URI = Pattern.compile("^file:/{2,3}");
    private List<String> allowedList;

    public void validate(String str) throws ExternalMessageBodyException {
        if (this.allowedList == null || this.allowedList.size() == 0) {
            throw new ExternalMessageBodyException("External content is disallowed by the server");
        }
        if (StringUtils.isEmpty(str)) {
            throw new ExternalMessageBodyException("External content path was empty");
        }
        String normalizeUri = normalizeUri(str);
        try {
            URI uri = new URI(normalizeUri);
            uri.toURL();
            if (RELATIVE_MOD_PATTERN.matcher(uri.getPath()).matches()) {
                throw new ExternalMessageBodyException("Path was not absolute: " + str);
            }
            if (!uri.isAbsolute()) {
                throw new ExternalMessageBodyException("Path was not absolute: " + str);
            }
            String scheme = uri.getScheme();
            if (!ALLOWED_SCHEMES.contains(scheme)) {
                throw new ExternalMessageBodyException("Path did not provide an allowed scheme: " + str);
            }
            if (scheme.equals("file") && !Paths.get(uri).toFile().exists()) {
                throw new ExternalMessageBodyException("Path did not match any allowed external content paths: " + str);
            }
            if (!this.allowedList.stream().anyMatch(str2 -> {
                return normalizeUri.startsWith(str2);
            })) {
                throw new ExternalMessageBodyException("Path did not match any allowed external content paths: " + str);
            }
        } catch (Exception e) {
            throw new ExternalMessageBodyException("Path was not a valid URI: " + str);
        }
    }

    private String normalizeUri(String str) {
        String[] split = str.split(":", 2);
        if (split.length != 2) {
            return str;
        }
        String str2 = split[0].toLowerCase() + ":" + split[1];
        return str2.startsWith("file://") ? NORMALIZE_FILE_URI.matcher(str2).replaceFirst("file:/") : str2;
    }

    protected synchronized void loadConfiguration() throws IOException {
        LOGGER.info("Loading list of allowed external content locations from {}", this.configPath);
        Stream<String> lines = Files.lines(Paths.get(this.configPath, new String[0]));
        Throwable th = null;
        try {
            this.allowedList = (List) lines.map(str -> {
                return normalizeUri(str.trim());
            }).filter(str2 -> {
                return isAllowanceValid(str2);
            }).collect(Collectors.toList());
            if (lines != null) {
                if (0 == 0) {
                    lines.close();
                    return;
                }
                try {
                    lines.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (lines != null) {
                if (0 != 0) {
                    try {
                        lines.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    lines.close();
                }
            }
            throw th3;
        }
    }

    private boolean isAllowanceValid(String str) {
        Matcher matcher = SCHEME_PATTERN.matcher(str);
        if (!matcher.matches() || RELATIVE_MOD_PATTERN.matcher(str).matches()) {
            LOGGER.error("Invalid path {} specified in external path configuration {}", str, this.configPath);
            return false;
        }
        String lowerCase = matcher.group(1).toLowerCase();
        if (!"file".equals(lowerCase)) {
            if ((!"http".equals(lowerCase) && !"https".equals(lowerCase)) || HTTP_DOMAIN_PATTERN.matcher(str).matches()) {
                return true;
            }
            LOGGER.error("Invalid path {} in configuration {}, domain must end with a '/'", str, this.configPath);
            return false;
        }
        File file = new File(URI.create(str).getPath());
        if ((!str.endsWith("/") || file.isDirectory()) && (str.endsWith("/") || file.isFile())) {
            return true;
        }
        LOGGER.error("Invalid path {} in configuration {}, directories must end with a '/'", str, this.configPath);
        return false;
    }
}
