package org.springframework.web.reactive.resource;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.core.io.UrlResource;
import org.springframework.core.log.LogFormatUtils;
import org.springframework.lang.Nullable;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.UriUtils;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/web/reactive/resource/PathResourceResolver.class */
public class PathResourceResolver extends AbstractResourceResolver {

    @Nullable
    private Resource[] allowedLocations;

    public void setAllowedLocations(@Nullable Resource... resourceArr) {
        this.allowedLocations = resourceArr;
    }

    @Nullable
    public Resource[] getAllowedLocations() {
        return this.allowedLocations;
    }

    @Override // org.springframework.web.reactive.resource.AbstractResourceResolver
    protected Mono<Resource> resolveResourceInternal(@Nullable ServerWebExchange serverWebExchange, String str, List<? extends Resource> list, ResourceResolverChain resourceResolverChain) {
        return getResource(str, list);
    }

    @Override // org.springframework.web.reactive.resource.AbstractResourceResolver
    protected Mono<String> resolveUrlPathInternal(String str, List<? extends Resource> list, ResourceResolverChain resourceResolverChain) {
        return StringUtils.hasText(str) ? getResource(str, list).map(resource -> {
            return str;
        }) : Mono.empty();
    }

    private Mono<Resource> getResource(String str, List<? extends Resource> list) {
        return Flux.fromIterable(list).concatMap(resource -> {
            return getResource(str, resource);
        }).next();
    }

    protected Mono<Resource> getResource(String str, Resource resource) {
        try {
            if (!(resource instanceof UrlResource)) {
                str = UriUtils.decode(str, StandardCharsets.UTF_8);
            }
            Resource createRelative = resource.createRelative(str);
            if (createRelative.isReadable()) {
                if (checkResource(createRelative, resource)) {
                    return Mono.just(createRelative);
                }
                if (this.logger.isWarnEnabled()) {
                    Resource[] allowedLocations = getAllowedLocations();
                    this.logger.warn(LogFormatUtils.formatValue("Resource path \"" + str + "\" was successfully resolved but resource \"" + createRelative.getURL() + "\" is neither under the current location \"" + resource.getURL() + "\" nor under any of the allowed locations " + (allowedLocations != null ? Arrays.asList(allowedLocations) : "[]"), -1, true));
                }
            }
            return Mono.empty();
        } catch (IOException e) {
            if (this.logger.isDebugEnabled()) {
                String str2 = "Skip location [" + resource + "] due to error";
                if (this.logger.isTraceEnabled()) {
                    this.logger.trace(str2, e);
                } else {
                    this.logger.debug(str2 + ": " + e.getMessage());
                }
            }
            return Mono.error(e);
        }
    }

    protected boolean checkResource(Resource resource, Resource resource2) throws IOException {
        if (isResourceUnderLocation(resource, resource2)) {
            return true;
        }
        if (getAllowedLocations() == null) {
            return false;
        }
        for (Resource resource3 : getAllowedLocations()) {
            if (isResourceUnderLocation(resource, resource3)) {
                return true;
            }
        }
        return false;
    }

    private boolean isResourceUnderLocation(Resource resource, Resource resource2) throws IOException {
        String path;
        String cleanPath;
        if (resource.getClass() != resource2.getClass()) {
            return false;
        }
        if (resource instanceof UrlResource) {
            path = resource.getURL().toExternalForm();
            cleanPath = StringUtils.cleanPath(resource2.getURL().toString());
        } else if (resource instanceof ClassPathResource) {
            path = ((ClassPathResource) resource).getPath();
            cleanPath = StringUtils.cleanPath(((ClassPathResource) resource2).getPath());
        } else {
            path = resource.getURL().getPath();
            cleanPath = StringUtils.cleanPath(resource2.getURL().getPath());
        }
        if (cleanPath.equals(path)) {
            return true;
        }
        return path.startsWith((cleanPath.endsWith("/") || cleanPath.isEmpty()) ? cleanPath : new StringBuilder().append(cleanPath).append("/").toString()) && !isInvalidEncodedPath(path);
    }

    private boolean isInvalidEncodedPath(String str) {
        if (!str.contains("%")) {
            return false;
        }
        try {
            String decode = URLDecoder.decode(str, "UTF-8");
            if (!decode.contains("../") && !decode.contains("..\\")) {
                return false;
            }
            this.logger.warn(LogFormatUtils.formatValue("Resolved resource path contains encoded \"../\" or \"..\\\": " + str, -1, true));
            return true;
        } catch (UnsupportedEncodingException e) {
            return false;
        } catch (IllegalArgumentException e2) {
            return false;
        }
    }
}
