package org.apache.jackrabbit.webdav.util;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.mortbay.jetty.HttpHeaders;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/jackrabbit-webdav-2.5.3.jar:org/apache/jackrabbit/webdav/util/CSRFUtil.class
 */
/* loaded from: input_file:org/apache/jackrabbit/webdav/util/CSRFUtil.class */
public class CSRFUtil {
    public static final String DISABLED = "disabled";
    private static final Logger log = LoggerFactory.getLogger(CSRFUtil.class);
    private final boolean disabled;
    private final Set<String> allowedReferrerHosts;

    public CSRFUtil(String str) {
        if (str == null || str.length() == 0) {
            this.disabled = false;
            this.allowedReferrerHosts = Collections.emptySet();
            return;
        }
        if ("disabled".equalsIgnoreCase(str.trim())) {
            this.disabled = true;
            this.allowedReferrerHosts = Collections.emptySet();
            return;
        }
        this.disabled = false;
        String[] split = str.split(",");
        this.allowedReferrerHosts = new HashSet(split.length);
        for (String str2 : split) {
            this.allowedReferrerHosts.add(str2.trim());
        }
    }

    public boolean isValidRequest(HttpServletRequest httpServletRequest) throws MalformedURLException {
        String header;
        if (this.disabled || (header = httpServletRequest.getHeader(HttpHeaders.REFERER)) == null) {
            return true;
        }
        String host = new URL(header).getHost();
        return host.equals(httpServletRequest.getServerName()) || this.allowedReferrerHosts.contains(host);
    }
}
