package org.apache.shindig.gadgets;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.shindig.common.logging.i18n.MessageKeys;
import org.apache.shindig.config.ContainerConfig;

/* loaded from: input_file:WEB-INF/lib/shindig-gadgets-2.5.0-update1.jar:org/apache/shindig/gadgets/AbstractLockedDomainService.class */
public abstract class AbstractLockedDomainService implements LockedDomainService {
    protected static final String LOCKED_DOMAIN_REQUIRED_KEY = "gadgets.uri.iframe.lockedDomainRequired";
    protected static final String PERMITTED_REFERER_DOMAINS_KEY = "shindig.locked-domain.permittedRefererDomains";
    protected static final String LOCKED_DOMAIN_FEATURE = "locked-domain";
    private final boolean enabled;
    private boolean refererCheckEnabled;
    private LockedDomainObserver ldObserver;
    private static final String classname = HashLockedDomainService.class.getName();
    private static final Logger LOG = Logger.getLogger(classname, MessageKeys.MESSAGES);
    private boolean lockSecurityTokens = false;
    protected final Map<String, Boolean> required = Maps.newHashMap();
    protected final Map<String, List<Object>> permittedRefererDomains = Maps.newHashMap();

    /* loaded from: input_file:WEB-INF/lib/shindig-gadgets-2.5.0-update1.jar:org/apache/shindig/gadgets/AbstractLockedDomainService$LockedDomainObserver.class */
    private class LockedDomainObserver implements ContainerConfig.ConfigObserver {
        private LockedDomainObserver() {
        }

        @Override // org.apache.shindig.config.ContainerConfig.ConfigObserver
        public void containersChanged(ContainerConfig containerConfig, Collection<String> collection, Collection<String> collection2) {
            for (String str : collection) {
                AbstractLockedDomainService.this.required.put(str, Boolean.valueOf(containerConfig.getBool(str, AbstractLockedDomainService.LOCKED_DOMAIN_REQUIRED_KEY)));
                AbstractLockedDomainService.this.permittedRefererDomains.put(str, containerConfig.getList(str, AbstractLockedDomainService.PERMITTED_REFERER_DOMAINS_KEY));
            }
            for (String str2 : collection2) {
                AbstractLockedDomainService.this.required.remove(str2);
                AbstractLockedDomainService.this.permittedRefererDomains.remove(str2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractLockedDomainService(ContainerConfig containerConfig, boolean z) {
        this.enabled = z;
        if (z) {
            this.ldObserver = new LockedDomainObserver();
            containerConfig.addConfigObserver(this.ldObserver, true);
        }
    }

    @Inject
    public void setRefererCheckEnabled(@Named("shindig.locked-domain.refererCheck.enabled") boolean z) {
        this.refererCheckEnabled = z;
    }

    @Override // org.apache.shindig.gadgets.LockedDomainService
    public abstract String getLockedDomainForGadget(Gadget gadget, String str) throws GadgetException;

    @Override // org.apache.shindig.gadgets.LockedDomainService
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.apache.shindig.gadgets.LockedDomainService
    public abstract boolean isGadgetValidForHost(String str, Gadget gadget, String str2);

    @Override // org.apache.shindig.gadgets.LockedDomainService
    public abstract boolean isHostUsingLockedDomain(String str);

    @Override // org.apache.shindig.gadgets.LockedDomainService
    public boolean isSafeForOpenProxy(String str) {
        return (isEnabled() && isHostUsingLockedDomain(str)) ? false : true;
    }

    @Override // org.apache.shindig.gadgets.LockedDomainService
    public boolean isRefererCheckEnabled() {
        return this.refererCheckEnabled;
    }

    @Inject(optional = true)
    public void setLockSecurityTokens(@Named("shindig.locked-domain.lock-security-tokens") Boolean bool) {
        this.lockSecurityTokens = bool.booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isDomainLockingEnforced(String str) {
        return this.required.get(str).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isExcludedFromLockedDomain(Gadget gadget, String str) {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isGadgetReqestingLocking(Gadget gadget) {
        return this.lockSecurityTokens ? gadget.getAllFeatures().contains("locked-domain") : gadget.getViewFeatures().keySet().contains("locked-domain");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidReferer(Gadget gadget, String str) {
        String referer = gadget.getContext().getReferer();
        List<Object> list = this.permittedRefererDomains.get(str);
        if (null == referer || "".equals(referer.trim())) {
            if (list.isEmpty()) {
                return true;
            }
            LOG.logp(Level.SEVERE, classname, "Referer check failed, referer url is not valid.", MessageKeys.FAILED_TO_VALIDATE, new Object[]{referer});
            return false;
        }
        try {
            URL url = new URL(referer);
            if (list.isEmpty()) {
                return true;
            }
            boolean z = false;
            String lowerCase = url.getHost().toLowerCase();
            Iterator<Object> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (lowerCase.endsWith(((String) it.next()).toLowerCase())) {
                    z = true;
                    break;
                }
            }
            if (z) {
                return true;
            }
            LOG.logp(Level.SEVERE, classname, "Referer check failed.", MessageKeys.FAILED_TO_VALIDATE, new Object[]{referer});
            return false;
        } catch (MalformedURLException e) {
            LOG.logp(Level.SEVERE, classname, "Referer check failed, malformed referer url.", MessageKeys.FAILED_TO_VALIDATE, new Object[]{referer});
            return false;
        }
    }
}
