package com.atlassian.jira.web.action;

import com.atlassian.annotations.PublicApi;
import com.atlassian.jira.util.velocity.VelocityRequestContextFactory;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@PublicApi
/* loaded from: input_file:com/atlassian/jira/web/action/SafeRedirectChecker.class */
public final class SafeRedirectChecker implements RedirectSanitiser {
    private static final Logger securityLog = LoggerFactory.getLogger("com.atlassian.jira.login.security");
    private final VelocityRequestContextFactory velocityRequestContextFactory;

    public SafeRedirectChecker(VelocityRequestContextFactory velocityRequestContextFactory) {
        this.velocityRequestContextFactory = velocityRequestContextFactory;
    }

    public boolean canRedirectTo(@Nullable String str) {
        if (str == null) {
            return true;
        }
        if (str.startsWith("//")) {
            return false;
        }
        return str.startsWith(getCanonicalBaseURL()) || !str.contains(":");
    }

    @Override // com.atlassian.jira.web.action.RedirectSanitiser
    @Nullable
    public String makeSafeRedirectUrl(@Nullable String str) {
        if (str == null) {
            return null;
        }
        if (canRedirectTo(str)) {
            return str;
        }
        securityLog.warn("Potential malicious redirect detected: " + str);
        return null;
    }

    protected String getCanonicalBaseURL() {
        return this.velocityRequestContextFactory.getJiraVelocityRequestContext().getCanonicalBaseUrl();
    }
}
