package org.geoserver.security;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.geoserver.platform.GeoServerExtensions;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.firewall.FirewalledRequest;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.25.3-georchestra.jar:org/geoserver/security/GeoServerHttpFirewall.class */
public class GeoServerHttpFirewall implements HttpFirewall {
    public static final String USE_STRICT_FIREWALL = "GEOSERVER_USE_STRICT_FIREWALL";
    private final DefaultHttpFirewall defaultFirewall = new DefaultHttpFirewall();
    private final StrictHttpFirewall strictFirewall = new StrictHttpFirewall();

    /* loaded from: input_file:WEB-INF/lib/gs-main-2.25.3-georchestra.jar:org/geoserver/security/GeoServerHttpFirewall$NormalizedHttpServletRequest.class */
    private static class NormalizedHttpServletRequest extends HttpServletRequestWrapper {
        private static final Pattern FORWARD_SLASHES = Pattern.compile("//+");

        private NormalizedHttpServletRequest(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        private static String normalizeSlashes(String str) {
            if (str != null) {
                return FORWARD_SLASHES.matcher(str).replaceAll("/");
            }
            return null;
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public String getContextPath() {
            return normalizeSlashes(super.getContextPath());
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public String getPathInfo() {
            return normalizeSlashes(super.getPathInfo());
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public String getRequestURI() {
            return normalizeSlashes(super.getRequestURI());
        }

        @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
        public String getServletPath() {
            return normalizeSlashes(super.getServletPath());
        }
    }

    @Override // org.springframework.security.web.firewall.HttpFirewall
    public FirewalledRequest getFirewalledRequest(HttpServletRequest httpServletRequest) {
        if (!"false".equalsIgnoreCase(GeoServerExtensions.getProperty(USE_STRICT_FIREWALL))) {
            this.strictFirewall.getFirewalledRequest(new NormalizedHttpServletRequest(httpServletRequest));
        }
        return this.defaultFirewall.getFirewalledRequest(httpServletRequest);
    }

    @Override // org.springframework.security.web.firewall.HttpFirewall
    public HttpServletResponse getFirewalledResponse(HttpServletResponse httpServletResponse) {
        return this.defaultFirewall.getFirewalledResponse(httpServletResponse);
    }
}
