package org.apache.knox.gateway.util;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import org.apache.knox.gateway.SpiGatewayMessages;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.filter.AbstractGatewayFilter;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;

/* loaded from: input_file:org/apache/knox/gateway/util/WhitelistUtils.class */
public class WhitelistUtils {
    static final String DEFAULT_CONFIG_VALUE = "DEFAULT";
    static final String LOCALHOST_REGEXP_SEGMENT = "(localhost|127\\.0\\.0\\.1|0:0:0:0:0:0:0:1|::1)";
    static final String LOCALHOST_REGEXP = "^(localhost|127\\.0\\.0\\.1|0:0:0:0:0:0:0:1|::1)$";
    static final String DEFAULT_DISPATCH_WHITELIST_TEMPLATE = "^\\/.*$;^https?:\\/\\/%s:[0-9]+\\/?.*$";
    private static final String IP_ADDRESS_REGEX = "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$";
    private static final SpiGatewayMessages LOG = (SpiGatewayMessages) MessagesFactory.get(SpiGatewayMessages.class);
    private static final List<String> DEFAULT_SERVICE_ROLES = Collections.singletonList("KNOXSSO");

    public static String getDispatchWhitelist(HttpServletRequest httpServletRequest) {
        String str = null;
        GatewayConfig gatewayConfig = (GatewayConfig) httpServletRequest.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
        if (gatewayConfig != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(DEFAULT_SERVICE_ROLES);
            arrayList.addAll(gatewayConfig.getDispatchWhitelistServices());
            if (arrayList.contains((String) httpServletRequest.getAttribute(AbstractGatewayFilter.TARGET_SERVICE_ROLE))) {
                str = gatewayConfig.getDispatchWhitelist();
                if (str == null || str.equalsIgnoreCase(DEFAULT_CONFIG_VALUE)) {
                    str = deriveDefaultDispatchWhitelist(httpServletRequest);
                    LOG.derivedDispatchWhitelist(str);
                }
            }
        }
        return str;
    }

    private static String deriveDefaultDispatchWhitelist(HttpServletRequest httpServletRequest) {
        String str = null;
        String domain = getDomain(httpServletRequest.getHeader("X-Forwarded-Host"));
        String str2 = null;
        if (domain == null) {
            str2 = httpServletRequest.getServerName();
            domain = getDomain(str2);
        }
        if (domain != null) {
            str = defineWhitelistForDomain(domain);
        } else if (!str2.matches(LOCALHOST_REGEXP)) {
            LOG.unableToDetermineKnoxDomainForDefaultWhitelist(str2);
            str = String.format(Locale.ROOT, DEFAULT_DISPATCH_WHITELIST_TEMPLATE, str2);
        }
        if (str == null) {
            LOG.unableToDetermineKnoxDomainForDefaultWhitelist("localhost");
            str = String.format(Locale.ROOT, DEFAULT_DISPATCH_WHITELIST_TEMPLATE, LOCALHOST_REGEXP_SEGMENT);
        }
        return str;
    }

    private static String getDomain(String str) {
        String str2 = null;
        if (str != null && !str.isEmpty()) {
            String stripPort = stripPort(str);
            if (!stripPort.matches(IP_ADDRESS_REGEX) && stripPort.indexOf(46) > 0) {
                str2 = stripPort.substring(stripPort.indexOf(46));
            }
        }
        return str2;
    }

    private static String defineWhitelistForDomain(String str) {
        String str2 = null;
        if (str != null && !str.isEmpty()) {
            str2 = String.format(Locale.ROOT, DEFAULT_DISPATCH_WHITELIST_TEMPLATE, "(" + (".+" + str.replaceAll("\\.", "\\\\.")) + ")");
        }
        return str2;
    }

    private static String stripPort(String str) {
        String str2 = str;
        int indexOf = str.indexOf(58);
        if (indexOf > 0) {
            str2 = str.substring(0, indexOf);
        }
        return str2;
    }
}
