package org.springframework.security.web.firewall;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.4.1.jar:org/springframework/security/web/firewall/DefaultHttpFirewall.class */
public class DefaultHttpFirewall implements HttpFirewall {
    private boolean allowUrlEncodedSlash;

    @Override // org.springframework.security.web.firewall.HttpFirewall
    public FirewalledRequest getFirewalledRequest(HttpServletRequest httpServletRequest) throws RequestRejectedException {
        RequestWrapper requestWrapper = new RequestWrapper(httpServletRequest);
        if (!isNormalized(requestWrapper.getServletPath()) || !isNormalized(requestWrapper.getPathInfo())) {
            throw new RequestRejectedException("Un-normalized paths are not supported: " + requestWrapper.getServletPath() + (requestWrapper.getPathInfo() != null ? requestWrapper.getPathInfo() : ""));
        }
        String requestURI = requestWrapper.getRequestURI();
        if (containsInvalidUrlEncodedSlash(requestURI)) {
            throw new RequestRejectedException("The requestURI cannot contain encoded slash. Got " + requestURI);
        }
        return requestWrapper;
    }

    @Override // org.springframework.security.web.firewall.HttpFirewall
    public HttpServletResponse getFirewalledResponse(HttpServletResponse httpServletResponse) {
        return new FirewalledResponse(httpServletResponse);
    }

    public void setAllowUrlEncodedSlash(boolean z) {
        this.allowUrlEncodedSlash = z;
    }

    private boolean containsInvalidUrlEncodedSlash(String str) {
        if (this.allowUrlEncodedSlash || str == null) {
            return false;
        }
        return str.contains("%2f") || str.contains("%2F");
    }

    private boolean isNormalized(String str) {
        if (str == null) {
            return true;
        }
        int length = str.length();
        while (true) {
            int i = length;
            if (i <= 0) {
                return true;
            }
            int lastIndexOf = str.lastIndexOf(47, i - 1);
            int i2 = i - lastIndexOf;
            if (i2 == 2 && str.charAt(lastIndexOf + 1) == '.') {
                return false;
            }
            if (i2 == 3 && str.charAt(lastIndexOf + 1) == '.' && str.charAt(lastIndexOf + 2) == '.') {
                return false;
            }
            length = lastIndexOf;
        }
    }
}
