package org.springframework.web.servlet.resource;

import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.UrlResource;
import org.springframework.core.log.LogFormatUtils;
import org.springframework.lang.Nullable;
import org.springframework.util.Assert;
import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.ServletContextResource;
import org.springframework.web.util.UriUtils;

/* loaded from: input_file:WEB-INF/lib/spring-webmvc-6.2.1.jar:org/springframework/web/servlet/resource/ResourceHandlerUtils.class */
public abstract class ResourceHandlerUtils {
    private static final Log logger = LogFactory.getLog((Class<?>) ResourceHandlerUtils.class);
    private static final String FOLDER_SEPARATOR = "/";
    private static final String WINDOWS_FOLDER_SEPARATOR = "\\";

    public static void assertResourceLocation(@Nullable Resource resource) {
        Assert.notNull(resource, "Resource location must not be null");
        try {
            String externalForm = resource instanceof UrlResource ? resource.getURL().toExternalForm() : resource instanceof ClassPathResource ? ((ClassPathResource) resource).getPath() : resource.getURL().getPath();
            Assert.isTrue(externalForm.endsWith("/") || externalForm.endsWith(WINDOWS_FOLDER_SEPARATOR), "Resource location does not end with slash: " + externalForm);
        } catch (IOException e) {
        }
    }

    public static String initLocationPath(String str) {
        String str2 = str.contains("/") ? "/" : WINDOWS_FOLDER_SEPARATOR;
        if (!str.endsWith(str2)) {
            str = str.concat(str2);
            logger.warn("Appended trailing slash to static resource location: " + str);
        }
        return str;
    }

    public static String normalizeInputPath(String str) {
        return cleanLeadingSlash(cleanDuplicateSlashes(StringUtils.replace(str, WINDOWS_FOLDER_SEPARATOR, "/")));
    }

    private static String cleanDuplicateSlashes(String str) {
        char c;
        StringBuilder sb = null;
        char c2 = 0;
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == '/' && c2 == '/') {
                if (sb == null) {
                    sb = new StringBuilder(str.substring(0, i));
                }
                c = charAt;
            } else {
                if (sb != null) {
                    sb.append(str.charAt(i));
                }
                c = charAt;
            }
            c2 = c;
        }
        return sb != null ? sb.toString() : str;
    }

    private static String cleanLeadingSlash(String str) {
        boolean z = false;
        int i = 0;
        while (i < str.length()) {
            if (str.charAt(i) == '/') {
                z = true;
            } else if (str.charAt(i) > ' ' && str.charAt(i) != 127) {
                return (i == 0 || (i == 1 && z)) ? str : z ? "/" + str.substring(i) : str.substring(i);
            }
            i++;
        }
        return z ? "/" : "";
    }

    public static boolean shouldIgnoreInputPath(String str) {
        return !StringUtils.hasText(str) || isInvalidPath(str) || isInvalidEncodedPath(str);
    }

    public static boolean isInvalidPath(String str) {
        if (str.contains("WEB-INF") || str.contains("META-INF")) {
            if (!logger.isWarnEnabled()) {
                return true;
            }
            logger.warn(LogFormatUtils.formatValue("Path with \"WEB-INF\" or \"META-INF\": [" + str + "]", -1, true));
            return true;
        }
        if (str.contains(":/")) {
            String substring = str.charAt(0) == '/' ? str.substring(1) : str;
            if (ResourceUtils.isUrl(substring) || substring.startsWith("url:")) {
                if (!logger.isWarnEnabled()) {
                    return true;
                }
                logger.warn(LogFormatUtils.formatValue("Path represents URL or has \"url:\" prefix: [" + str + "]", -1, true));
                return true;
            }
        }
        if (!str.contains("../")) {
            return false;
        }
        if (!logger.isWarnEnabled()) {
            return true;
        }
        logger.warn(LogFormatUtils.formatValue("Path contains \"../\" after call to StringUtils#cleanPath: [" + str + "]", -1, true));
        return true;
    }

    private static boolean isInvalidEncodedPath(String str) {
        String decode = decode(str);
        if (decode.contains(QuickTargetSourceCreator.PREFIX_THREAD_LOCAL)) {
            decode = decode(decode);
        }
        if (StringUtils.hasText(decode) && !isInvalidPath(decode)) {
            return isInvalidPath(normalizeInputPath(decode));
        }
        return true;
    }

    private static String decode(String str) {
        try {
            return UriUtils.decode(str, StandardCharsets.UTF_8);
        } catch (Exception e) {
            return "";
        }
    }

    public static boolean isResourceUnderLocation(Resource resource, Resource resource2) throws IOException {
        String path;
        String cleanPath;
        if (resource2.getClass() != resource.getClass()) {
            return false;
        }
        if (resource2 instanceof UrlResource) {
            path = resource2.getURL().toExternalForm();
            cleanPath = StringUtils.cleanPath(resource.getURL().toString());
        } else if (resource2 instanceof ClassPathResource) {
            path = ((ClassPathResource) resource2).getPath();
            cleanPath = StringUtils.cleanPath(((ClassPathResource) resource).getPath());
        } else if (resource2 instanceof ServletContextResource) {
            path = ((ServletContextResource) resource2).getPath();
            cleanPath = StringUtils.cleanPath(((ServletContextResource) resource).getPath());
        } else {
            path = resource2.getURL().getPath();
            cleanPath = StringUtils.cleanPath(resource.getURL().getPath());
        }
        if (cleanPath.equals(path)) {
            return true;
        }
        return path.startsWith((cleanPath.endsWith("/") || cleanPath.isEmpty()) ? cleanPath : cleanPath + "/") && !isInvalidEncodedResourcePath(path);
    }

    private static boolean isInvalidEncodedResourcePath(String str) {
        if (!str.contains(QuickTargetSourceCreator.PREFIX_THREAD_LOCAL)) {
            return false;
        }
        try {
            String decode = URLDecoder.decode(str, StandardCharsets.UTF_8);
            if (!decode.contains("../") && !decode.contains("..\\")) {
                return false;
            }
            logger.warn(LogFormatUtils.formatValue("Resolved resource path contains encoded \"../\" or \"..\\\": " + str, -1, true));
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }
}
