package com.alipay.security.open.referer;

import com.alipay.security.open.common.log.LoggerUtil;
import com.alipay.security.open.common.log.SecurityLoggerFactory;
import com.alipay.security.open.common.string.StringUtil;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;

/* loaded from: input_file:com/alipay/security/open/referer/RefererCheckUtil.class */
public class RefererCheckUtil {
    private static final Logger logger = SecurityLoggerFactory.getLogger((Class<?>) RefererCheckUtil.class);
    private static List<Pattern> allowHostUrl = new ArrayList();
    private static List<String> jsonSuffixList = new ArrayList();
    private static List<String> refererHostWhiteList = new ArrayList();
    private static List<String> urlWhiteList = new ArrayList();
    private static List<String> customJsonSuffixList = new ArrayList();
    private static Pattern refererHostWhitePattern = null;
    private static boolean checkSuffix = false;
    private static boolean isEnalbe = true;
    private static boolean isDeny = true;

    public static boolean doCheck(HttpServletRequest httpServletRequest, String str) {
        return suffixRefererCheck(getRefererFromRequest(httpServletRequest), str);
    }

    public static boolean doCheck(Map<String, String> map, String str) {
        return suffixRefererCheck(map.get("referer"), str);
    }

    public static boolean suffixRefererCheck(String str, String str2) {
        if (isEnalbe && !StringUtil.isBlank(str2)) {
            return (checkSuffix && !isAjax(str2)) || !needCheck(str2) || isRefererAllowed(str, str2) || !isDeny;
        }
        return true;
    }

    public static boolean annotationCheck(HttpServletRequest httpServletRequest, String str, boolean z, boolean z2) {
        return annotationRefererCheck(getRefererFromRequest(httpServletRequest), str, z, z2);
    }

    public static boolean annotationRefererCheck(String str, String str2, boolean z, boolean z2) {
        if (!isEnalbe) {
            return true;
        }
        if (z) {
            if (z2 || isRefererAllowed(str, str2)) {
                return true;
            }
        } else if (!z2 || isRefererAllowed(str, str2)) {
            return true;
        }
        return !isDeny;
    }

    private static String getRefererFromRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("referer");
        if (StringUtil.isEmpty(header)) {
            header = httpServletRequest.getHeader("referer");
        }
        if (StringUtil.isEmpty(header)) {
            header = httpServletRequest.getHeader("REFERER");
        }
        return header;
    }

    private static boolean isAjax(String str) {
        String substringAfterLast = StringUtil.substringAfterLast(str, "/");
        Iterator<String> it = jsonSuffixList.iterator();
        while (it.hasNext()) {
            if (StringUtil.contains(substringAfterLast, it.next())) {
                return true;
            }
        }
        return false;
    }

    private static boolean needCheck(String str) {
        if (urlWhiteList.isEmpty()) {
            return true;
        }
        if (str.startsWith("/home/")) {
            str = StringUtil.substring(str, 5);
        }
        Iterator<String> it = urlWhiteList.iterator();
        while (it.hasNext()) {
            if (StringUtil.contains(str, it.next())) {
                return false;
            }
        }
        return true;
    }

    private static boolean isRefererAllowed(String str, String str2) {
        if (StringUtil.isBlank(str)) {
            LoggerUtil.formatError(logger, "RefererCheckUtil", "isRefererAllowed", "RefererIsNull", "pass=false", "验证Referer不通过,阻断业务。referer为空");
            return false;
        }
        Iterator<Pattern> it = allowHostUrl.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).find()) {
                return true;
            }
        }
        if (refererHostWhitePattern != null && refererHostWhitePattern.matcher(str).find()) {
            return true;
        }
        LoggerUtil.formatError(logger, "RefererCheckUtil", "refererCheck", "RefererNotPass", "pass=false##referer=" + str + "##uri=" + str2, "验证Referer不通过,阻断业务!");
        return false;
    }

    public static void setRefererHostWhiteList(List<String> list) {
        if (null == list || list.isEmpty()) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("^http(s)?://([a-z0-9_\\-]+\\.)*(");
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String replaceAll = StringUtil.trim(it.next()).replaceAll("\\.", "\\\\.");
            refererHostWhiteList.add(replaceAll);
            sb.append(replaceAll);
            sb.append("|");
        }
        sb.deleteCharAt(sb.length() - 1);
        sb.append(")(:\\d+)?(/.*)?$");
        refererHostWhitePattern = Pattern.compile(sb.toString());
    }

    public static void setAllowHostUrl(List<String> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(Pattern.compile(StringUtil.trim(it.next())));
        }
        allowHostUrl = arrayList;
    }

    public static void setUrlWhiteList(List<String> list) {
        if (null == list || list.isEmpty()) {
            return;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String trim = StringUtil.trim(it.next());
            if (StringUtil.isNotBlank(trim)) {
                urlWhiteList.add(trim);
            }
        }
    }

    public static void setCustomJsonSuffixList(List<String> list) {
        if (list == null || list.isEmpty()) {
            return;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            customJsonSuffixList.add(StringUtil.trim(it.next()));
        }
        if (customJsonSuffixList.isEmpty()) {
            return;
        }
        jsonSuffixList = customJsonSuffixList;
    }

    public static void setCheckSuffix(boolean z) {
        checkSuffix = z;
    }

    public static void setIsEnalbe(boolean z) {
        isEnalbe = z;
    }

    public static void setIsDeny(boolean z) {
        isDeny = z;
    }

    static {
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(taobao|alibaba|alibaba-inc|alipay-inc|aliloan|koubei|alimama)\\.(com|net|cn|com\\.cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(1688|alibado|alisoft)\\.(com|cn|com\\.cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(alipay|zmxy|zhimaxy|mayibank)\\.(net|com\\.cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(mybank)\\.(cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(mayibank|zhimaxy)\\.(cn)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(alipay|aliexpress|atpanel|taobaocdn|taojianghu|taojapan|hitao|taohua|tao123|tmall|etao|alitrip|zhifubao|zhifu|alipaydev|alipayobjects|alipay-cloud)\\.(com)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(alibank)\\.(net)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(aliimg)\\.(com|net)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(taobao|koubei)\\.(org)(:\\d+)?(/.*)?$"));
        allowHostUrl.add(Pattern.compile("^http(s)?://([a-z0-9_\\-]+\\.)*(yahoo)\\.(cn|com\\.cn)(:\\d+)?(/.*)?$"));
        jsonSuffixList.add(".json");
    }
}
