package org.qubership.profiler.security.csrf;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.catalina.filters.Constants;
import org.qubership.profiler.shaded.org.apache.commons.lang.StringUtils;
import org.qubership.profiler.shaded.org.slf4j.Logger;
import org.qubership.profiler.shaded.org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/war-lib-1.0.0-SNAPSHOT.jar:org/qubership/profiler/security/csrf/CSRFGuardFilter.class */
public class CSRFGuardFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CSRFGuardFilter.class);

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (checkCSRF(httpServletRequest.getRequestURI().toString(), httpServletRequest, httpServletResponse, httpServletRequest.getSession())) {
            return;
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean checkCSRF(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws IOException {
        if (httpServletRequest.getMethod().equalsIgnoreCase(Constants.METHOD_GET)) {
            return false;
        }
        String parameter = httpServletRequest.getParameter(CSRFGuardHelper.CSRF_TOKEN_P);
        if (parameter == null) {
            parameter = httpServletRequest.getHeader(CSRFGuardHelper.CSRF_TOKEN_P);
        }
        if (!StringUtils.isNotEmpty(parameter)) {
            log.error("CSRF: token from POST request is empty " + str);
            redirect(httpServletResponse);
            return true;
        }
        Object attribute = httpSession.getAttribute(CSRFGuardHelper.CSRF_TOKEN_P);
        if (attribute == null) {
            log.error("CSRF: token from http session doesn't exist " + str);
            redirect(httpServletResponse);
            return true;
        }
        if (parameter.equals(attribute.toString())) {
            return false;
        }
        log.error("CSRF: token from POST request is invalid " + str);
        redirect(httpServletResponse);
        return true;
    }

    private void redirect(ServletResponse servletResponse) throws IOException {
        ((HttpServletResponse) servletResponse).sendError(403);
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
