package io.github.pixee.security;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;

/* loaded from: input_file:BOOT-INF/lib/java-security-toolkit-1.2.1.jar:io/github/pixee/security/ZipSecurity.class */
public final class ZipSecurity {

    /* loaded from: input_file:BOOT-INF/lib/java-security-toolkit-1.2.1.jar:io/github/pixee/security/ZipSecurity$HardenedZipInputStream.class */
    private static class HardenedZipInputStream extends ZipInputStream {
        private HardenedZipInputStream(InputStream inputStream) {
            super(inputStream);
        }

        private HardenedZipInputStream(InputStream inputStream, Charset charset) {
            super(inputStream, charset);
        }

        @Override // java.util.zip.ZipInputStream
        public ZipEntry getNextEntry() throws IOException {
            ZipEntry nextEntry = super.getNextEntry();
            if (nextEntry == null) {
                return null;
            }
            String name = nextEntry.getName();
            if (!name.trim().isEmpty()) {
                if (isRootFileEntry(name)) {
                    throw new SecurityException("encountered zip file path that is absolute: " + name);
                }
                if (containsEscapesAndTargetsBelowRoot(name)) {
                    throw new SecurityException("path to sensitive locations contained escapes: " + name);
                }
            }
            return nextEntry;
        }

        private boolean containsEscapesAndTargetsBelowRoot(String str) {
            if (!str.contains("../") && !str.contains("..\\")) {
                return false;
            }
            try {
                return isBelowOrSisterToCurrentDirectory(str);
            } catch (IOException e) {
                return false;
            }
        }

        private boolean isBelowOrSisterToCurrentDirectory(String str) throws IOException {
            File canonicalFile = new File("").getCanonicalFile();
            return !new File(canonicalFile, str).getCanonicalFile().toPath().startsWith(canonicalFile.toPath());
        }

        private boolean isRootFileEntry(String str) {
            return str.startsWith("/");
        }
    }

    private ZipSecurity() {
    }

    public static ZipInputStream createHardenedInputStream(InputStream inputStream, Charset charset) {
        return new HardenedZipInputStream(inputStream, charset);
    }

    public static ZipInputStream createHardenedInputStream(InputStream inputStream) {
        return new HardenedZipInputStream(inputStream);
    }
}
