package org.springframework.web.servlet.resource;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.UrlResource;
import org.springframework.lang.Nullable;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.ServletContextResource;
import org.springframework.web.util.UriUtils;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:BOOT-INF/lib/spring-webmvc-5.1.9.RELEASE.jar:org/springframework/web/servlet/resource/PathResourceResolver.class */
public class PathResourceResolver extends AbstractResourceResolver {

    @Nullable
    private Resource[] allowedLocations;
    private final Map<Resource, Charset> locationCharsets = new HashMap(4);

    @Nullable
    private UrlPathHelper urlPathHelper;

    public void setAllowedLocations(@Nullable Resource... resourceArr) {
        this.allowedLocations = resourceArr;
    }

    @Nullable
    public Resource[] getAllowedLocations() {
        return this.allowedLocations;
    }

    public void setLocationCharsets(Map<Resource, Charset> map) {
        this.locationCharsets.clear();
        this.locationCharsets.putAll(map);
    }

    public Map<Resource, Charset> getLocationCharsets() {
        return Collections.unmodifiableMap(this.locationCharsets);
    }

    public void setUrlPathHelper(@Nullable UrlPathHelper urlPathHelper) {
        this.urlPathHelper = urlPathHelper;
    }

    @Nullable
    public UrlPathHelper getUrlPathHelper() {
        return this.urlPathHelper;
    }

    @Override // org.springframework.web.servlet.resource.AbstractResourceResolver
    protected Resource resolveResourceInternal(@Nullable HttpServletRequest httpServletRequest, String str, List<? extends Resource> list, ResourceResolverChain resourceResolverChain) {
        return getResource(str, httpServletRequest, list);
    }

    @Override // org.springframework.web.servlet.resource.AbstractResourceResolver
    protected String resolveUrlPathInternal(String str, List<? extends Resource> list, ResourceResolverChain resourceResolverChain) {
        if (!StringUtils.hasText(str) || getResource(str, null, list) == null) {
            return null;
        }
        return str;
    }

    @Nullable
    private Resource getResource(String str, @Nullable HttpServletRequest httpServletRequest, List<? extends Resource> list) {
        Resource resource;
        for (Resource resource2 : list) {
            try {
                resource = getResource(encodeIfNecessary(str, httpServletRequest, resource2), resource2);
            } catch (IOException e) {
                if (this.logger.isDebugEnabled()) {
                    String str2 = "Skip location [" + resource2 + "] due to error";
                    if (this.logger.isTraceEnabled()) {
                        this.logger.trace(str2, e);
                    } else {
                        this.logger.debug(str2 + ": " + e.getMessage());
                    }
                }
            }
            if (resource != null) {
                return resource;
            }
        }
        return null;
    }

    @Nullable
    protected Resource getResource(String str, Resource resource) throws IOException {
        Resource createRelative = resource.createRelative(str);
        if (!createRelative.isReadable()) {
            return null;
        }
        if (checkResource(createRelative, resource)) {
            return createRelative;
        }
        if (!this.logger.isWarnEnabled()) {
            return null;
        }
        Resource[] allowedLocations = getAllowedLocations();
        this.logger.warn("Resource path \"" + str + "\" was successfully resolved but resource \"" + createRelative.getURL() + "\" is neither under the current location \"" + resource.getURL() + "\" nor under any of the allowed locations " + (allowedLocations != null ? Arrays.asList(allowedLocations) : "[]"));
        return null;
    }

    protected boolean checkResource(Resource resource, Resource resource2) throws IOException {
        if (isResourceUnderLocation(resource, resource2)) {
            return true;
        }
        Resource[] allowedLocations = getAllowedLocations();
        if (allowedLocations == null) {
            return false;
        }
        for (Resource resource3 : allowedLocations) {
            if (isResourceUnderLocation(resource, resource3)) {
                return true;
            }
        }
        return false;
    }

    private boolean isResourceUnderLocation(Resource resource, Resource resource2) throws IOException {
        String path;
        String cleanPath;
        if (resource.getClass() != resource2.getClass()) {
            return false;
        }
        if (resource instanceof UrlResource) {
            path = resource.getURL().toExternalForm();
            cleanPath = StringUtils.cleanPath(resource2.getURL().toString());
        } else if (resource instanceof ClassPathResource) {
            path = ((ClassPathResource) resource).getPath();
            cleanPath = StringUtils.cleanPath(((ClassPathResource) resource2).getPath());
        } else if (resource instanceof ServletContextResource) {
            path = ((ServletContextResource) resource).getPath();
            cleanPath = StringUtils.cleanPath(((ServletContextResource) resource2).getPath());
        } else {
            path = resource.getURL().getPath();
            cleanPath = StringUtils.cleanPath(resource2.getURL().getPath());
        }
        if (cleanPath.equals(path)) {
            return true;
        }
        return path.startsWith((cleanPath.endsWith("/") || cleanPath.isEmpty()) ? cleanPath : new StringBuilder().append(cleanPath).append("/").toString()) && !isInvalidEncodedPath(path);
    }

    private String encodeIfNecessary(String str, @Nullable HttpServletRequest httpServletRequest, Resource resource) {
        if (!shouldEncodeRelativePath(resource) || httpServletRequest == null) {
            return str;
        }
        Charset orDefault = this.locationCharsets.getOrDefault(resource, StandardCharsets.UTF_8);
        StringBuilder sb = new StringBuilder();
        StringTokenizer stringTokenizer = new StringTokenizer(str, "/");
        while (stringTokenizer.hasMoreTokens()) {
            sb.append(UriUtils.encode(stringTokenizer.nextToken(), orDefault));
            sb.append("/");
        }
        if (!str.endsWith("/")) {
            sb.setLength(sb.length() - 1);
        }
        return sb.toString();
    }

    private boolean shouldEncodeRelativePath(Resource resource) {
        return (resource instanceof UrlResource) && this.urlPathHelper != null && this.urlPathHelper.isUrlDecode();
    }

    private boolean isInvalidEncodedPath(String str) {
        if (!str.contains("%")) {
            return false;
        }
        try {
            String decode = URLDecoder.decode(str, "UTF-8");
            if (!decode.contains("../") && !decode.contains("..\\")) {
                return false;
            }
            this.logger.warn("Resolved resource path contains encoded \"../\" or \"..\\\": " + str);
            return true;
        } catch (UnsupportedEncodingException e) {
            return false;
        }
    }
}
