package org.owasp.csrfguard;

import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.csrfguard.http.InterceptRedirectResponse;
import org.owasp.csrfguard.session.LogicalSession;
import org.owasp.csrfguard.token.storage.LogicalSessionExtractor;
import org.owasp.csrfguard.token.transferobject.TokenTO;
import org.owasp.csrfguard.util.CsrfGuardUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/csrfguard-4.2.1.jar:org/owasp/csrfguard/CsrfGuardFilter.class */
public class CsrfGuardFilter implements Filter {
    private FilterConfig filterConfig = null;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CsrfGuardFilter.class);

    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        CsrfGuard csrfGuard = CsrfGuard.getInstance();
        if (!csrfGuard.isEnabled()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            handleNonHttpServletMessages(servletRequest, servletResponse, filterChain);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (CsrfGuardUtils.isPermittedUserAgent(httpServletRequest, httpServletResponse, csrfGuard)) {
            doFilter(httpServletRequest, httpServletResponse, filterChain, csrfGuard);
        }
    }

    public void destroy() {
        this.filterConfig = null;
    }

    private void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, CsrfGuard csrfGuard) throws IOException, ServletException {
        InterceptRedirectResponse interceptRedirectResponse = new InterceptRedirectResponse(httpServletResponse, httpServletRequest, csrfGuard);
        LogicalSessionExtractor logicalSessionExtractor = csrfGuard.getLogicalSessionExtractor();
        LogicalSession extract = logicalSessionExtractor.extract(httpServletRequest);
        if (extract != null) {
            handleSession(httpServletRequest, interceptRedirectResponse, filterChain, extract, csrfGuard);
        } else if (csrfGuard.isUseNewTokenLandingPage()) {
            csrfGuard.writeLandingPage(interceptRedirectResponse, logicalSessionExtractor.extractOrCreate(httpServletRequest).getKey());
        } else {
            handleNoSession(httpServletRequest, httpServletResponse, interceptRedirectResponse, filterChain, csrfGuard);
        }
    }

    private void handleSession(HttpServletRequest httpServletRequest, InterceptRedirectResponse interceptRedirectResponse, FilterChain filterChain, LogicalSession logicalSession, CsrfGuard csrfGuard) throws IOException, ServletException {
        String key = logicalSession.getKey();
        if (new CsrfValidator().isValid(httpServletRequest, interceptRedirectResponse)) {
            filterChain.doFilter(httpServletRequest, interceptRedirectResponse);
        } else {
            logInvalidRequest(httpServletRequest);
        }
        String requestURI = httpServletRequest.getRequestURI();
        CsrfGuardUtils.addResponseTokenHeader(csrfGuard, httpServletRequest, interceptRedirectResponse, new TokenTO((Map<String, String>) Collections.singletonMap(requestURI, csrfGuard.getTokenService().generateTokensIfAbsent(key, httpServletRequest.getMethod(), requestURI))));
    }

    private void handleNoSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, InterceptRedirectResponse interceptRedirectResponse, FilterChain filterChain, CsrfGuard csrfGuard) throws IOException, ServletException {
        if (!csrfGuard.isValidateWhenNoSessionExists()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (new CsrfValidator().isValid(httpServletRequest, interceptRedirectResponse)) {
            filterChain.doFilter(httpServletRequest, interceptRedirectResponse);
        } else {
            logInvalidRequest(httpServletRequest);
        }
    }

    private void handleNonHttpServletMessages(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String format = String.format("CSRFGuard does not know how to work with requests of class %s ", servletRequest.getClass().getName());
        LOGGER.warn(format);
        this.filterConfig.getServletContext().log("[WARNING]" + format);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void logInvalidRequest(HttpServletRequest httpServletRequest) {
        LOGGER.warn("Invalid request: URI: '{}' | Remote Address: '{}'", httpServletRequest.getRequestURI(), httpServletRequest.getRemoteAddr());
    }
}
