package com.lenovo.cloud.framework.custom.security.filter;

import com.lenovo.cloud.framework.custom.security.config.properties.SsrfProperties;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URL;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/lenovo/cloud/framework/custom/security/filter/SsrfFilter.class */
public class SsrfFilter extends OncePerRequestFilter {
    private final AntPathMatcher pathMatcher;
    private final SsrfProperties properties;

    public SsrfFilter(AntPathMatcher antPathMatcher, SsrfProperties ssrfProperties) {
        this.pathMatcher = antPathMatcher;
        this.properties = ssrfProperties;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (isExcludedUrl(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String parameter = httpServletRequest.getParameter("url");
        if (parameter != null && !parameter.isEmpty()) {
            try {
                if (!isWhitelistedDomain(new URL(parameter).getHost().toLowerCase())) {
                    httpServletResponse.sendError(403, "SSRF attack detected");
                    return;
                }
            } catch (Exception e) {
                httpServletResponse.sendError(400, "Invalid URL");
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean isExcludedUrl(String str) {
        return this.properties.getExcludeUrls().stream().anyMatch(str2 -> {
            return this.pathMatcher.match(str2, str);
        });
    }

    private boolean isWhitelistedDomain(String str) {
        return this.properties.getWhitelistDomains().stream().anyMatch(str2 -> {
            return str.endsWith(str2.toLowerCase());
        });
    }
}
