package com.greenfossil.thorium.decorators;

import com.greenfossil.thorium.Configuration;
import com.greenfossil.thorium.Request;
import com.greenfossil.thorium.Request$;
import com.greenfossil.thorium.RequestAttrs$;
import com.linecorp.armeria.common.Cookie;
import com.linecorp.armeria.common.Cookies;
import com.linecorp.armeria.common.HttpHeaderNames;
import com.linecorp.armeria.common.HttpRequest;
import com.linecorp.armeria.common.RequestHeaders;
import com.linecorp.armeria.server.HttpService;
import com.linecorp.armeria.server.ServiceRequestContext;
import java.util.concurrent.CompletableFuture;
import org.slf4j.Logger;
import scala.Function1;
import scala.Function2;
import scala.Function3;
import scala.Option;
import scala.runtime.BoxesRunTime;
import scala.util.Try;

/* compiled from: CSRFGuardModule.scala */
/* loaded from: input_file:com/greenfossil/thorium/decorators/CSRFGuardModule.class */
public class CSRFGuardModule implements ThreatGuardModule {
    private final Function2<String, ServiceRequestContext, Object> allowWhiteListPredicate;
    private final Function3<String, String, ServiceRequestContext, Object> isSameOriginPredicate;
    private final Function1<String, Object> verifyModMethodPredicate;
    private final Logger logger = CSRFGuardModule$.com$greenfossil$thorium$decorators$CSRFGuardModule$$$csrfLogger;

    public static CSRFGuardModule apply() {
        return CSRFGuardModule$.MODULE$.apply();
    }

    public static CSRFGuardModule apply(Function2<String, ServiceRequestContext, Object> function2) {
        return CSRFGuardModule$.MODULE$.apply(function2);
    }

    public static CSRFGuardModule apply(Function2<String, ServiceRequestContext, Object> function2, Function3<String, String, ServiceRequestContext, Object> function3) {
        return CSRFGuardModule$.MODULE$.apply(function2, function3);
    }

    public static CSRFGuardModule apply(Function3<String, String, ServiceRequestContext, Object> function3) {
        return CSRFGuardModule$.MODULE$.apply(function3);
    }

    public static Function1<String, Object> defaultToVerifyMethodFn() {
        return CSRFGuardModule$.MODULE$.defaultToVerifyMethodFn();
    }

    public static String generateCSRFToken(Request request) {
        return CSRFGuardModule$.MODULE$.generateCSRFToken(request);
    }

    public static Try<String> generateCSRFToken(String str, String str2, String str3) {
        return CSRFGuardModule$.MODULE$.generateCSRFToken(str, str2, str3);
    }

    public static Cookie generateCSRFTokenCookie(Configuration configuration, Option<String> option) {
        return CSRFGuardModule$.MODULE$.generateCSRFTokenCookie(configuration, option);
    }

    public static boolean verifyHmac(String str, String str2, String str3) {
        return CSRFGuardModule$.MODULE$.verifyHmac(str, str2, str3);
    }

    public CSRFGuardModule(Function2<String, ServiceRequestContext, Object> function2, Function3<String, String, ServiceRequestContext, Object> function3, Function1<String, Object> function1) {
        this.allowWhiteListPredicate = function2;
        this.isSameOriginPredicate = function3;
        this.verifyModMethodPredicate = function1;
    }

    @Override // com.greenfossil.thorium.decorators.ThreatGuardModule
    public /* bridge */ /* synthetic */ ThreatGuardModule and(ThreatGuardModule threatGuardModule) {
        ThreatGuardModule and;
        and = and(threatGuardModule);
        return and;
    }

    @Override // com.greenfossil.thorium.decorators.ThreatGuardModule
    public /* bridge */ /* synthetic */ ThreatGuardModule or(ThreatGuardModule threatGuardModule) {
        ThreatGuardModule or;
        or = or(threatGuardModule);
        return or;
    }

    @Override // com.greenfossil.thorium.decorators.ThreatGuardModule
    public /* bridge */ /* synthetic */ boolean isAssetPath(ServiceRequestContext serviceRequestContext) {
        boolean isAssetPath;
        isAssetPath = isAssetPath(serviceRequestContext);
        return isAssetPath;
    }

    @Override // com.greenfossil.thorium.decorators.ThreatGuardModule
    public /* bridge */ /* synthetic */ CompletableFuture extractTokenValue(ServiceRequestContext serviceRequestContext, String str) {
        CompletableFuture extractTokenValue;
        extractTokenValue = extractTokenValue(serviceRequestContext, str);
        return extractTokenValue;
    }

    @Override // com.greenfossil.thorium.decorators.ThreatGuardModule
    public Logger logger() {
        return this.logger;
    }

    @Override // com.greenfossil.thorium.decorators.ThreatGuardModule
    public CompletableFuture<Object> isSafe(HttpService httpService, ServiceRequestContext serviceRequestContext, HttpRequest httpRequest) {
        RequestHeaders headers = httpRequest.headers();
        String str = headers.get(HttpHeaderNames.ORIGIN);
        String str2 = headers.get(HttpHeaderNames.REFERER);
        boolean z = "same-origin".equals(headers.get(HttpHeaderNames.SEC_FETCH_SITE)) || (str != null && str.startsWith(httpRequest.uri().getScheme()) && str.endsWith(httpRequest.uri().getAuthority()));
        boolean unboxToBoolean = BoxesRunTime.unboxToBoolean(this.isSameOriginPredicate.apply(str, str2, serviceRequestContext));
        boolean z2 = z && unboxToBoolean;
        boolean unboxToBoolean2 = BoxesRunTime.unboxToBoolean(this.allowWhiteListPredicate.apply(str, serviceRequestContext));
        boolean z3 = !BoxesRunTime.unboxToBoolean(this.verifyModMethodPredicate.apply(serviceRequestContext.method().name()));
        if (isAssetPath(serviceRequestContext) || z3 || unboxToBoolean2 || (allPathPrefixes(serviceRequestContext) && z2)) {
            logger().trace(new StringBuilder(99).append(Request$.MODULE$).append(" granted - isSameOrigin:").append(z2).append(", isSameOriginPredicate:").append(unboxToBoolean).append(" allowWhiteList:").append(unboxToBoolean2).append(", method:").append(httpRequest.method()).append(", uri:").append(httpRequest.uri()).append(", Origin: ").append(str).append(", referer:").append(str2).toString());
            return CompletableFuture.completedFuture(BoxesRunTime.boxToBoolean(true));
        }
        Configuration configuration = (Configuration) serviceRequestContext.attr(RequestAttrs$.MODULE$.Config());
        logger().info(new StringBuilder(127).append("Verifying request - isSameOrigin:").append(z2).append(", isSameOriginPredicate:").append(unboxToBoolean).append(", allowWhiteList:").append(unboxToBoolean2).append(" Origin: ").append(str).append(", referer:").append(str2).append(", method:").append(httpRequest.method()).append(", uri:").append(httpRequest.uri()).append(", content-type:").append(httpRequest.contentType()).append(" ...").toString());
        headers.forEach((asciiString, str3) -> {
            logger().debug(new StringBuilder(16).append("Header:").append((CharSequence) asciiString).append(" - value:").append(str3).toString());
        });
        Cookies cookies = headers.cookies();
        logger().info(new StringBuilder(14).append("Cookies found:").append(cookies.size()).toString());
        cookies.forEach(cookie -> {
            logger().info(new StringBuilder(7).append("Cookie ").append(cookie).toString());
        });
        String cookieName = configuration.httpConfiguration().csrfConfig().cookieName();
        return extractTokenValue(serviceRequestContext, cookieName).thenApply(str4 -> {
            String str4 = (String) cookies.stream().filter(cookie2 -> {
                String name = cookie2.name();
                return cookieName != null ? cookieName.equals(name) : name == null;
            }).findFirst().map(cookie3 -> {
                return cookie3.value();
            }).orElse(null);
            boolean z4 = str4 != null && (str4 != null ? str4.equals(str4) : str4 == null);
            logger().info(new StringBuilder(61).append("CSRFTokenPair matched:").append(z4).append(",  FormCSRFToken:[").append(str4).append("], CookieCSRFToken:[").append(str4).append("]").toString());
            boolean z5 = z4 && CSRFGuardModule$.MODULE$.verifyHmac(str4, configuration.httpConfiguration().secretConfig().secret(), configuration.httpConfiguration().csrfConfig().jwt().signatureAlgorithm());
            logger().info(new StringBuilder(33).append("isTokenMatched:").append(z4).append(", isHhmacVerified:").append(z5).toString());
            boolean z6 = z5 || unboxToBoolean2 || z2;
            String sb = new StringBuilder(92).append("Request isSafe:").append(z6).append(", Origin: ").append(str).append(", isSameOrigin:").append(z2).append(", allowWhistList:").append(unboxToBoolean2).append(", method:").append(httpRequest.method()).append(", uri:").append(httpRequest.uri()).append(" path:").append(httpRequest.path()).append(" content-type:").append(httpRequest.contentType()).toString();
            if (z6) {
                logger().debug(sb);
            } else {
                logger().warn(sb);
                httpRequest.headers().forEach((asciiString2, str5) -> {
                    logger().warn(new StringBuilder(14).append("Header:").append((CharSequence) asciiString2).append(" value:").append(str5).toString());
                });
            }
            return z6;
        });
    }

    private boolean allPathPrefixes(ServiceRequestContext serviceRequestContext) {
        String path = serviceRequestContext.request().path();
        return ((Configuration) serviceRequestContext.attr(RequestAttrs$.MODULE$.Config())).httpConfiguration().csrfConfig().allowPathPrefixes().exists(str -> {
            return path.startsWith(str);
        });
    }
}
