package org.apache.nifi.web.util;

import java.net.URI;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.UriBuilderException;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.CertificateUtils;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.jackson.internal.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/util/WebUtils.class */
public final class WebUtils {
    private static Logger logger = LoggerFactory.getLogger(WebUtils.class);
    static final ReadWriteLock lock = new ReentrantReadWriteLock();
    private static final String PROXY_CONTEXT_PATH_HTTP_HEADER = "X-ProxyContextPath";
    private static final String FORWARDED_CONTEXT_HTTP_HEADER = "X-Forwarded-Context";

    private WebUtils() {
    }

    public static Client createClient(ClientConfig clientConfig) {
        return createClientHelper(clientConfig, null);
    }

    public static Client createClient(ClientConfig clientConfig, SSLContext sSLContext) {
        return createClientHelper(clientConfig, sSLContext);
    }

    private static Client createClientHelper(ClientConfig clientConfig, SSLContext sSLContext) {
        ClientBuilder newBuilder = ClientBuilder.newBuilder();
        if (clientConfig != null) {
            newBuilder = newBuilder.withConfig(clientConfig);
        }
        if (sSLContext != null) {
            newBuilder = newBuilder.sslContext(sSLContext).hostnameVerifier(new HostnameVerifier() { // from class: org.apache.nifi.web.util.WebUtils.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    try {
                        for (Certificate certificate : sSLSession.getPeerCertificates()) {
                            if ((certificate instanceof X509Certificate) && CertificateUtils.getSubjectAlternativeNames((X509Certificate) certificate).contains(str.toLowerCase())) {
                                return true;
                            }
                        }
                        return false;
                    } catch (CertificateParsingException | SSLPeerUnverifiedException e) {
                        WebUtils.logger.warn("Hostname Verification encountered exception verifying hostname due to: " + e, e);
                        return false;
                    }
                }
            });
        }
        return newBuilder.register(ObjectMapperResolver.class).register(JacksonJaxbJsonProvider.class).build();
    }

    public static String getResourcePath(URI uri, HttpServletRequest httpServletRequest, String str) throws UriBuilderException {
        String path = uri.getPath();
        String normalizeContextPath = normalizeContextPath(determineContextPath(httpServletRequest));
        if (StringUtils.isNotBlank(normalizeContextPath)) {
            verifyContextPath(str, normalizeContextPath);
            path = normalizeContextPath + path;
        }
        return path;
    }

    public static void verifyContextPath(String str, String str2) throws UriBuilderException {
        if (StringUtils.isBlank(str2) || Arrays.asList(StringUtils.split(str, ",")).contains(str2)) {
            return;
        }
        String str3 = "The provided context path [" + str2 + "] was not whitelisted [" + str + "]";
        logger.error(str3);
        throw new UriBuilderException(str3);
    }

    public static String normalizeContextPath(String str) {
        if (!StringUtils.isNotBlank(str)) {
            return "";
        }
        if (!str.startsWith("/")) {
            str = "/" + str;
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        return str;
    }

    public static String determineContextPath(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        String header = httpServletRequest.getHeader(PROXY_CONTEXT_PATH_HTTP_HEADER);
        String header2 = httpServletRequest.getHeader(FORWARDED_CONTEXT_HTTP_HEADER);
        logger.debug("Context path: " + contextPath);
        String str = "";
        if (anyNotBlank(header, header2)) {
            logger.debug(String.format("On the request, the following context paths were parsed from headers:\n\t X-ProxyContextPath: %s\n\tX-Forwarded-Context: %s", header, header2));
            str = StringUtils.isNotBlank(header) ? header : header2;
        }
        logger.debug("Determined context path: " + str);
        return str;
    }

    private static boolean anyNotBlank(String... strArr) {
        for (String str : strArr) {
            if (StringUtils.isNotBlank(str)) {
                return true;
            }
        }
        return false;
    }
}
