package org.springframework.web.servlet.function;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import java.util.function.Function;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.UrlResource;
import org.springframework.extensions.surf.CssImageDataHandler;
import org.springframework.http.server.PathContainer;
import org.springframework.util.Assert;
import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.util.pattern.PathPattern;
import org.springframework.web.util.pattern.PathPatternParser;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/spring-webmvc-6.0.8.jar:org/springframework/web/servlet/function/PathResourceLookupFunction.class */
public class PathResourceLookupFunction implements Function<ServerRequest, Optional<Resource>> {
    private final PathPattern pattern;
    private final Resource location;

    public PathResourceLookupFunction(String str, Resource resource) {
        Assert.hasLength(str, "'pattern' must not be empty");
        Assert.notNull(resource, "'location' must not be null");
        this.pattern = PathPatternParser.defaultInstance.parse(str);
        this.location = resource;
    }

    @Override // java.util.function.Function
    public Optional<Resource> apply(ServerRequest serverRequest) {
        PathContainer pathWithinApplication = serverRequest.requestPath().pathWithinApplication();
        if (!this.pattern.matches(pathWithinApplication)) {
            return Optional.empty();
        }
        String processPath = processPath(this.pattern.extractPathWithinPattern(pathWithinApplication).value());
        if (processPath.contains(QuickTargetSourceCreator.PREFIX_THREAD_LOCAL)) {
            processPath = StringUtils.uriDecode(processPath, StandardCharsets.UTF_8);
        }
        if (!StringUtils.hasLength(processPath) || isInvalidPath(processPath)) {
            return Optional.empty();
        }
        try {
            Resource createRelative = this.location.createRelative(processPath);
            return (createRelative.isReadable() && isResourceUnderLocation(createRelative)) ? Optional.of(createRelative) : Optional.empty();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private String processPath(String str) {
        boolean z = false;
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) == '/') {
                z = true;
            } else if (str.charAt(i) > ' ' && str.charAt(i) != 127) {
                if (i == 0 || (i == 1 && z)) {
                    return str;
                }
                return z ? "/" + str.substring(i) : str.substring(i);
            }
        }
        return z ? "/" : "";
    }

    private boolean isInvalidPath(String str) {
        if (str.contains("WEB-INF") || str.contains("META-INF")) {
            return true;
        }
        if (str.contains(":/")) {
            String substring = str.charAt(0) == '/' ? str.substring(1) : str;
            if (ResourceUtils.isUrl(substring) || substring.startsWith("url:")) {
                return true;
            }
        }
        return str.contains("..") && StringUtils.cleanPath(str).contains(CssImageDataHandler.DOUBLE_FULL_STOP_SLASH);
    }

    private boolean isResourceUnderLocation(Resource resource) throws IOException {
        String path;
        String cleanPath;
        if (resource.getClass() != this.location.getClass()) {
            return false;
        }
        if (resource instanceof UrlResource) {
            path = resource.getURL().toExternalForm();
            cleanPath = StringUtils.cleanPath(this.location.getURL().toString());
        } else if (resource instanceof ClassPathResource) {
            path = ((ClassPathResource) resource).getPath();
            cleanPath = StringUtils.cleanPath(((ClassPathResource) this.location).getPath());
        } else {
            path = resource.getURL().getPath();
            cleanPath = StringUtils.cleanPath(this.location.getURL().getPath());
        }
        if (cleanPath.equals(path)) {
            return true;
        }
        if (path.startsWith((cleanPath.endsWith("/") || cleanPath.isEmpty()) ? cleanPath : cleanPath + "/")) {
            return (path.contains(QuickTargetSourceCreator.PREFIX_THREAD_LOCAL) && StringUtils.uriDecode(path, StandardCharsets.UTF_8).contains(CssImageDataHandler.DOUBLE_FULL_STOP_SLASH)) ? false : true;
        }
        return false;
    }

    public String toString() {
        return this.pattern + " -> " + this.location;
    }
}
