package org.springframework.web.servlet.resource;

import java.io.IOException;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.UrlResource;
import org.springframework.lang.Nullable;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.support.ServletContextResource;

/* loaded from: input_file:BOOT-INF/lib/spring-webmvc-5.0.0.RC2.jar:org/springframework/web/servlet/resource/PathResourceResolver.class */
public class PathResourceResolver extends AbstractResourceResolver {
    private Resource[] allowedLocations;

    public void setAllowedLocations(Resource... resourceArr) {
        this.allowedLocations = resourceArr;
    }

    @Nullable
    public Resource[] getAllowedLocations() {
        return this.allowedLocations;
    }

    @Override // org.springframework.web.servlet.resource.AbstractResourceResolver
    protected Resource resolveResourceInternal(@Nullable HttpServletRequest httpServletRequest, String str, List<? extends Resource> list, ResourceResolverChain resourceResolverChain) {
        return getResource(str, list);
    }

    @Override // org.springframework.web.servlet.resource.AbstractResourceResolver
    protected String resolveUrlPathInternal(String str, List<? extends Resource> list, ResourceResolverChain resourceResolverChain) {
        if (!StringUtils.hasText(str) || getResource(str, list) == null) {
            return null;
        }
        return str;
    }

    @Nullable
    private Resource getResource(String str, List<? extends Resource> list) {
        Resource resource;
        for (Resource resource2 : list) {
            try {
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("Checking location: " + resource2);
                }
                resource = getResource(str, resource2);
            } catch (IOException e) {
                this.logger.trace("Failure checking for relative resource - trying next location", e);
            }
            if (resource != null) {
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace("Found match: " + resource);
                }
                return resource;
            }
            if (this.logger.isTraceEnabled()) {
                this.logger.trace("No match for location: " + resource2);
            }
        }
        return null;
    }

    @Nullable
    protected Resource getResource(String str, Resource resource) throws IOException {
        Resource createRelative = resource.createRelative(str);
        if (!createRelative.exists() || !createRelative.isReadable()) {
            return null;
        }
        if (checkResource(createRelative, resource)) {
            return createRelative;
        }
        if (!this.logger.isTraceEnabled()) {
            return null;
        }
        Resource[] allowedLocations = getAllowedLocations();
        this.logger.trace("Resource path=\"" + str + "\" was successfully resolved but resource=\"" + createRelative.getURL() + "\" is neither under the current location=\"" + resource.getURL() + "\" nor under any of the allowed locations=" + (allowedLocations != null ? Arrays.asList(allowedLocations) : ClassUtils.ARRAY_SUFFIX));
        return null;
    }

    protected boolean checkResource(Resource resource, Resource resource2) throws IOException {
        if (isResourceUnderLocation(resource, resource2)) {
            return true;
        }
        Resource[] allowedLocations = getAllowedLocations();
        if (allowedLocations == null) {
            return false;
        }
        for (Resource resource3 : allowedLocations) {
            if (isResourceUnderLocation(resource, resource3)) {
                return true;
            }
        }
        return false;
    }

    private boolean isResourceUnderLocation(Resource resource, Resource resource2) throws IOException {
        String path;
        String cleanPath;
        if (resource.getClass() != resource2.getClass()) {
            return false;
        }
        if (resource instanceof UrlResource) {
            path = resource.getURL().toExternalForm();
            cleanPath = StringUtils.cleanPath(resource2.getURL().toString());
        } else if (resource instanceof ClassPathResource) {
            path = ((ClassPathResource) resource).getPath();
            cleanPath = StringUtils.cleanPath(((ClassPathResource) resource2).getPath());
        } else if (resource instanceof ServletContextResource) {
            path = ((ServletContextResource) resource).getPath();
            cleanPath = StringUtils.cleanPath(((ServletContextResource) resource2).getPath());
        } else {
            path = resource.getURL().getPath();
            cleanPath = StringUtils.cleanPath(resource2.getURL().getPath());
        }
        if (cleanPath.equals(path)) {
            return true;
        }
        if (!path.startsWith((cleanPath.endsWith("/") || cleanPath.isEmpty()) ? cleanPath : cleanPath + "/")) {
            return false;
        }
        if (!path.contains(QuickTargetSourceCreator.PREFIX_THREAD_LOCAL) || !URLDecoder.decode(path, "UTF-8").contains("../")) {
            return true;
        }
        if (!this.logger.isTraceEnabled()) {
            return false;
        }
        this.logger.trace("Resolved resource path contains \"../\" after decoding: " + path);
        return false;
    }
}
