package org.forgerock.openam.shared.security.whitelist;

import com.sun.identity.shared.configuration.SystemPropertiesManager;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.whitelist.URLPatternMatcher;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import org.forgerock.openam.sdk.org.forgerock.json.JsonValue;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:org/forgerock/openam/shared/security/whitelist/RedirectUrlValidator.class */
public class RedirectUrlValidator<T> {
    public static final String GOTO = "goto";
    public static final String GOTO_ON_FAIL = "gotoOnFail";
    private final ValidDomainExtractor<T> domainExtractor;
    private static final Debug DEBUG = Debug.getInstance("patternMatching");
    private static final String MAX_URL_LENGTH_PROPERTY = "org.forgerock.openam.redirecturlvalidator.maxUrlLength";
    private static final int MAX_URL_LENGTH = SystemPropertiesManager.getAsInt(MAX_URL_LENGTH_PROPERTY, 2000);

    public RedirectUrlValidator(ValidDomainExtractor<T> validDomainExtractor) {
        this.domainExtractor = validDomainExtractor;
    }

    public boolean isRedirectUrlValid(String str, T t) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        Collection<String> extractValidDomains = this.domainExtractor.extractValidDomains(t);
        DEBUG.message("RedirectUrlValidator.isRedirectUrlValid: Validating goto URL {} against patterns: {}", str, extractValidDomains);
        if (str.length() > MAX_URL_LENGTH) {
            DEBUG.message("RedirectUrlValidator.isRedirectUrlValid: The url was length {} which is longer than the allowed maximum of {}", Integer.valueOf(str.length()), Integer.valueOf(MAX_URL_LENGTH));
            return false;
        }
        try {
            URI uri = new URI(str);
            if (!uri.isAbsolute() && !str.startsWith("//")) {
                return true;
            }
            if (uri.getScheme() != null && !uri.getScheme().equals("http")) {
                if (!uri.getScheme().equals("https")) {
                    return false;
                }
            }
            if (extractValidDomains == null || extractValidDomains.isEmpty()) {
                DEBUG.message("RedirectUrlValidator.isRedirectUrlValid: There are no patterns to validate the URL against, the goto URL {} is considered valid", str);
                return true;
            }
            try {
                return new URLPatternMatcher().match(str, extractValidDomains, true);
            } catch (MalformedURLException e) {
                DEBUG.error("RedirectUrlValidator.isRedirectUrlValid: An error occurred while validating goto URL: {}", str, e);
                return false;
            }
        } catch (URISyntaxException e2) {
            DEBUG.message("RedirectUrlValidator.isRedirectUrlValid: The goto URL {} is not a valid URI", str, e2);
            return false;
        }
    }

    public String getRedirectUrl(T t, String str, String str2) {
        String str3 = null;
        if (str == null) {
            return str2;
        }
        if (isRedirectUrlValid(str, t)) {
            str3 = str;
        }
        if (str3 == null || str3.isEmpty()) {
            str3 = str2;
        }
        return str3;
    }

    public String getAndDecodeParameter(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter(str);
        if (parameter == null) {
            return null;
        }
        if (!Boolean.parseBoolean(httpServletRequest.getParameter("encoded"))) {
            return parameter;
        }
        String decodeAsUTF8String = Base64.decodeAsUTF8String(parameter);
        if (decodeAsUTF8String == null) {
            DEBUG.warning("RedirectUrlValidator.getAndDecodeParameter: As parameter 'encoded' is true, parameter ['{}']='{}' should be base64 encoded", str, parameter);
        }
        return decodeAsUTF8String;
    }

    public String getValueFromJson(JsonValue jsonValue, String str) {
        if (jsonValue == null || !jsonValue.isDefined(str)) {
            return null;
        }
        return jsonValue.get(str).asString();
    }
}
