package com.sankuai.security.sdk.core.ssrf;

import com.sankuai.security.sdk.util.StringUtils;
import com.sankuai.security.sdk.util.UrlUtils;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:BOOT-INF/lib/shangou-sdk-1.0.31.jar:com/sankuai/security/sdk/core/ssrf/SSRFChecker.class */
public class SSRFChecker {
    private static final Log logger = LogFactory.getLog(SSRFChecker.class);
    private static final Pattern EVIL_URL_PATTERN = Pattern.compile("[\\\\#].*?@");

    private SSRFChecker() {
        throw new IllegalStateException("Utility class");
    }

    public static boolean securitySSRF(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            return true;
        }
        if (StringUtils.isBlank(str2) || isEvilUrl(str)) {
            return false;
        }
        String hostV4 = UrlUtils.getHostV4(str);
        if (StringUtils.isBlank(hostV4)) {
            return false;
        }
        if (str2.equals(hostV4)) {
            return true;
        }
        return str2.startsWith("*") && hostV4.endsWith(str2.substring(1));
    }

    public static boolean securitySSRF(String str, List<String> list) {
        if (StringUtils.isBlank(str)) {
            return true;
        }
        if (list == null || list.isEmpty() || isEvilUrl(str)) {
            return false;
        }
        String hostV4 = UrlUtils.getHostV4(str);
        if (StringUtils.isBlank(hostV4)) {
            return false;
        }
        for (String str2 : list) {
            if (str2 != null) {
                if (str2.startsWith(hostV4)) {
                    return true;
                }
                if (str2.startsWith("*") && hostV4.endsWith(str2.substring(1))) {
                    return true;
                }
            }
        }
        return false;
    }

    public static boolean checkSSRFWithoutRedirect(String str) {
        if (StringUtils.isBlank(str)) {
            return true;
        }
        return (isEvilUrl(str) || UrlUtils.isInnerHost(str)) ? false : true;
    }

    private static SSRFConfig checkSSRFConfig(SSRFConfig sSRFConfig) {
        if (sSRFConfig == null) {
            return SSRFConfig.getDefaultConfig();
        }
        if (sSRFConfig.getAllowMaxRedirectTimes() <= 0) {
            HttpURLConnection.setFollowRedirects(false);
            sSRFConfig.setAllowMaxRedirectTimes(0);
        } else if (sSRFConfig.getAllowMaxRedirectTimes() > 16) {
            sSRFConfig.setAllowMaxRedirectTimes(16);
        }
        if (sSRFConfig.getConnectionTimeout() <= 0) {
            sSRFConfig.setConnectionTimeout(1000);
        } else if (sSRFConfig.getConnectionTimeout() > 10000) {
            sSRFConfig.setConnectionTimeout(10000);
        }
        if (sSRFConfig.getReadTimeout() <= 0) {
            sSRFConfig.setReadTimeout(2000);
        } else if (sSRFConfig.getReadTimeout() > 20000) {
            sSRFConfig.setReadTimeout(20000);
        }
        return sSRFConfig;
    }

    private static Boolean checkAcceptedDomains(String str, SSRFConfig sSRFConfig) {
        if (!sSRFConfig.getAcceptedDomains().isEmpty()) {
            if (isEvilUrl(str)) {
                return false;
            }
            String hostV4 = UrlUtils.getHostV4(str);
            if (StringUtils.isNotBlank(hostV4)) {
                for (String str2 : sSRFConfig.getAcceptedDomains()) {
                    if (str2 != null) {
                        if (str2.startsWith(hostV4)) {
                            return true;
                        }
                        if (str2.startsWith("*") && hostV4.endsWith(str2.substring(1))) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }

    public static boolean checkSSRF(String str, SSRFConfig sSRFConfig) {
        if (StringUtils.isBlank(str)) {
            return true;
        }
        SSRFConfig checkSSRFConfig = checkSSRFConfig(sSRFConfig);
        if (!checkProtocol(str, checkSSRFConfig)) {
            return false;
        }
        if (checkAcceptedDomains(str, checkSSRFConfig).booleanValue()) {
            return true;
        }
        if (!checkSSRFConfig.getAddressCheckIfNotMatchDomains()) {
            return false;
        }
        String str2 = str;
        for (int i = 0; i <= checkSSRFConfig.getAllowMaxRedirectTimes(); i++) {
            try {
                if (StringUtils.isBlank(str2)) {
                    return true;
                }
                if (isEvilUrl(str2) || UrlUtils.isInnerHost(str2)) {
                    return false;
                }
                HttpResult send = HttpSender.send(new URL(str2), checkSSRFConfig.getConnectionTimeout(), checkSSRFConfig.getReadTimeout());
                if (send == null || !send.isRedirect()) {
                    return true;
                }
                str2 = send.getUrl();
            } catch (MalformedURLException e) {
                logger.warn("Found malformed url-" + str2 + " while checking " + str + ", root cause " + e.getMessage());
                return false;
            }
        }
        return false;
    }

    public static boolean checkSSRF(String str) {
        return checkSSRF(str, SSRFConfig.getDefaultConfig());
    }

    private static boolean checkProtocol(String str, SSRFConfig sSRFConfig) {
        String lowerCase = str.substring(0, Math.min(8, str.length())).toLowerCase();
        if (sSRFConfig.getAcceptedProtocols().isEmpty()) {
            return false;
        }
        Iterator<String> it = sSRFConfig.getAcceptedProtocols().iterator();
        while (it.hasNext()) {
            if (lowerCase.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    private static boolean isEvilUrl(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        int i = 0;
        int indexOf = str.indexOf("//");
        if (indexOf > -1) {
            i = indexOf + 2;
        }
        int indexOf2 = str.indexOf(47, i);
        String str2 = str;
        if (indexOf2 > 0) {
            str2 = str.substring(0, indexOf2);
        }
        return EVIL_URL_PATTERN.matcher(str2).find();
    }
}
