package io.github.pixee.security.jakarta;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.FilenameUtils;

/* loaded from: input_file:BOOT-INF/lib/java-security-toolkit-1.2.1.jar:io/github/pixee/security/jakarta/PathValidator.class */
public final class PathValidator {
    private static final String unsafePathMessage = "unsafe forward destination specified";
    private static final List<PathNormalizer> pathValidators = Collections.unmodifiableList(Arrays.asList(new ApacheFilenameUtilsPathNormalizer(), new UriPathNormalizer()));
    private static final List<String> unsafeDestinations = Collections.unmodifiableList(Arrays.asList("WEB-INF/web.xml", "WEB-INF/classes/", "WEB-INF/lib/"));

    /* loaded from: input_file:BOOT-INF/lib/java-security-toolkit-1.2.1.jar:io/github/pixee/security/jakarta/PathValidator$ApacheFilenameUtilsPathNormalizer.class */
    private static class ApacheFilenameUtilsPathNormalizer implements PathNormalizer {
        private ApacheFilenameUtilsPathNormalizer() {
        }

        @Override // io.github.pixee.security.jakarta.PathValidator.PathNormalizer
        public String normalizeOrNull(String str) {
            return FilenameUtils.normalize(str, true);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/java-security-toolkit-1.2.1.jar:io/github/pixee/security/jakarta/PathValidator$PathNormalizer.class */
    private interface PathNormalizer {
        String normalizeOrNull(String str);
    }

    /* loaded from: input_file:BOOT-INF/lib/java-security-toolkit-1.2.1.jar:io/github/pixee/security/jakarta/PathValidator$UriPathNormalizer.class */
    private static class UriPathNormalizer implements PathNormalizer {
        private UriPathNormalizer() {
        }

        @Override // io.github.pixee.security.jakarta.PathValidator.PathNormalizer
        public String normalizeOrNull(String str) {
            try {
                return new URI(str).normalize().getPath();
            } catch (URISyntaxException e) {
                return null;
            }
        }
    }

    public static String validateDispatcherPath(String str) {
        if (str == null) {
            return null;
        }
        String replace = str.replace('\\', '/');
        if (replace.indexOf(0) != -1) {
            throw new SecurityException(unsafePathMessage);
        }
        Iterator<PathNormalizer> it = pathValidators.iterator();
        while (it.hasNext()) {
            String normalizeOrNull = it.next().normalizeOrNull(replace);
            if (normalizeOrNull != null) {
                runCheckOn(normalizeOrNull);
                return str;
            }
        }
        return str;
    }

    private static void runCheckOn(String str) {
        Iterator<String> it = unsafeDestinations.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                throw new SecurityException(unsafePathMessage);
            }
        }
    }
}
