package io.leopard.web4j.nobug.csrf;

import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:io/leopard/web4j/nobug/csrf/RefererSecurityValidator.class */
public class RefererSecurityValidator {
    private static Map<String, String> DOMAIN_WHITE_MAP = new ConcurrentHashMap();

    public static void setDoaminWhiteList(List<String> list) {
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                concurrentHashMap.put(it.next(), "");
            }
        }
        DOMAIN_WHITE_MAP = concurrentHashMap;
    }

    public static void checkReferer(HttpServletRequest httpServletRequest) {
        checkReferer(httpServletRequest, DOMAIN_WHITE_MAP);
    }

    public static void checkReferer(HttpServletRequest httpServletRequest, Map<String, String> map) {
        String header = httpServletRequest.getHeader("referer");
        if (header == null || header.length() == 0) {
            throw new RefererInvalidException("来源信息不能为空.");
        }
        String serverName = httpServletRequest.getServerName();
        String parseDomain = parseDomain(header);
        if (!serverName.equals(parseDomain) && !map.containsKey(parseDomain)) {
            throw new RefererInvalidException("非法请求[" + serverName + " " + header + "].");
        }
    }

    public static String parseDomain(String str) {
        String lowerCase = str.toLowerCase();
        Matcher matcher = Pattern.compile("^(http|https)://([a-z0-9\\.\\-_]+)").matcher(lowerCase);
        if (matcher.find()) {
            return matcher.group(2);
        }
        System.err.println("根据referer[" + lowerCase + "]解析域名出错.");
        return null;
    }
}
