package org.hippoecm.hst.pagecomposer.jaxrs.services.validators;

import com.google.common.base.Optional;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import org.apache.commons.lang.StringUtils;
import org.hippoecm.hst.configuration.model.HstManager;
import org.hippoecm.hst.container.XSSUrlFilter;
import org.hippoecm.hst.core.request.HstRequestContext;
import org.hippoecm.hst.pagecomposer.jaxrs.services.exceptions.ClientError;
import org.hippoecm.hst.pagecomposer.jaxrs.services.exceptions.ClientException;
import org.hippoecm.hst.site.HstServices;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hst-page-composer-2.28.06.jar:org/hippoecm/hst/pagecomposer/jaxrs/services/validators/AbstractPathInfoValidator.class */
abstract class AbstractPathInfoValidator implements Validator {
    private static final Logger log = LoggerFactory.getLogger(AbstractPathInfoValidator.class);

    protected abstract String getPathInfo() throws ClientException;

    @Override // org.hippoecm.hst.pagecomposer.jaxrs.services.validators.Validator
    public final void validate(HstRequestContext hstRequestContext) throws RuntimeException {
        String pathInfo = getPathInfo();
        if (StringUtils.isEmpty(pathInfo)) {
            return;
        }
        if (containsEncodedDirectoryTraversalChars(pathInfo, (String) Optional.fromNullable(hstRequestContext.getServletRequest().getCharacterEncoding()).or((Optional) "UTF-8"))) {
            throw new ClientException(String.format("Invalid pathInfo '%s' because contains invalid encoded chars like  %%2f, %%5c or %%2e which are typically used for directory traversal (attacks)", pathInfo), ClientError.INVALID_PATH_INFO);
        }
        if (XSSUrlFilter.containsMarkups(pathInfo)) {
            String format = String.format("Invalid pathInfo '%s' because it contains XSS markup", pathInfo);
            log.info(format);
            throw new ClientException(format, ClientError.INVALID_PATH_INFO);
        }
        if (((HstManager) HstServices.getComponentManager().getComponent(HstManager.class.getName())).isExcludedByHstFilterInitParameter(pathInfo)) {
            String format2 = String.format("PathInfo '%s' cannot be used because it is skipped through web.xml prefix or postfix exclusions.", pathInfo);
            log.info(format2);
            throw new ClientException(format2, ClientError.INVALID_PATH_INFO);
        }
        if (hstRequestContext.getResolvedMount().getMount().getVirtualHost().getVirtualHosts().isExcluded(pathInfo)) {
            String format3 = String.format("PathInfo '%s' cannot be used because it is skipped through prefix or postfix exclusions on /hst:hst/hst:hosts configuration.", pathInfo);
            log.info(format3);
            throw new ClientException(format3, ClientError.INVALID_PATH_INFO);
        }
    }

    public static boolean containsEncodedDirectoryTraversalChars(String str, String str2) {
        String lowerCase = str.toLowerCase();
        if (lowerCase.contains("%2f") || lowerCase.contains("%5c") || lowerCase.contains("%2e")) {
            log.info("PathInfo '{}' contains invalid encoded '/' or '\\' or a '.'", lowerCase);
            return true;
        }
        try {
            URLDecoder.decode(lowerCase, str2);
            return false;
        } catch (UnsupportedEncodingException | IllegalArgumentException e) {
            log.info("PathInfo '{}' cannot be decoded with '{}'.", lowerCase, str2);
            return true;
        }
    }
}
