package com.atlassian.jira.web.action;

import com.atlassian.http.url.SameOrigin;
import com.atlassian.jira.util.velocity.VelocityRequestContextFactory;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/web/action/RedirectSanitiserImpl.class */
public class RedirectSanitiserImpl implements RedirectSanitiser {
    private static final Logger securityLog = LoggerFactory.getLogger("com.atlassian.jira.login.security");
    private static final Pattern ACCEPTABLE_RELATIVE_URL = Pattern.compile("^((\\.{1,2}/)*|/?)[^./]");
    private final VelocityRequestContextFactory velocityRequestContextFactory;

    public RedirectSanitiserImpl(VelocityRequestContextFactory velocityRequestContextFactory) {
        this.velocityRequestContextFactory = velocityRequestContextFactory;
    }

    @Override // com.atlassian.jira.web.action.RedirectSanitiser
    public boolean canRedirectTo(@Nullable String str) {
        if (str == null) {
            return true;
        }
        try {
            URI uri = new URI(str);
            Matcher matcher = ACCEPTABLE_RELATIVE_URL.matcher(str);
            if (!uri.isAbsolute() && !matcher.find()) {
                return false;
            }
            if (getCanonicalBaseURL() == null) {
                return !uri.isAbsolute();
            }
            URI uri2 = new URI(getCanonicalBaseURL());
            if (!uri.isAbsolute() || SameOrigin.isSameOrigin(uri, uri2)) {
                return uri.getPath() == null || !uri.getPath().contains(":");
            }
            return false;
        } catch (MalformedURLException | URISyntaxException e) {
            return false;
        }
    }

    @Override // com.atlassian.jira.web.action.RedirectSanitiser
    @Nullable
    public String makeSafeRedirectUrl(@Nullable String str) {
        if (str == null) {
            return null;
        }
        if (canRedirectTo(str)) {
            return str;
        }
        securityLog.warn("Potential malicious redirect detected: '{}'", str);
        return null;
    }

    protected String getCanonicalBaseURL() {
        return this.velocityRequestContextFactory.getJiraVelocityRequestContext().getCanonicalBaseUrl();
    }
}
