package com.bokesoft.yigoee.prod.components.security.csrf.filter;

import com.bokesoft.yigo.mid.session.ISessionInfoMap;
import com.bokesoft.yigo.mid.session.SessionInfoProviderHolder;
import com.bokesoft.yigoee.prod.components.security.csrf.cache.AutoExpiringCache;
import java.io.IOException;
import java.time.Duration;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;

/* loaded from: input_file:com/bokesoft/yigoee/prod/components/security/csrf/filter/CacheCSRFValidationFilter.class */
public class CacheCSRFValidationFilter implements Filter {
    public static final String CLIENT_ID_COOKIE_NAME = "clientID";
    private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN";
    private final String cacheKeyPrefix = DEFAULT_CSRF_TOKEN_ATTR_NAME;
    private final String clientIdCookieName = CLIENT_ID_COOKIE_NAME;
    private Duration maxInactiveInterval = DEFAULT_MAX_INACTIVE_INTERVAL;
    private static final Set<HttpMethod> ALLOWED_METHODS = new HashSet(Arrays.asList(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE, HttpMethod.OPTIONS));
    private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = CacheCSRFValidationFilter.class.getName().concat(".CSRF_TOKEN");
    private static final Duration DEFAULT_MAX_INACTIVE_INTERVAL = Duration.ofMinutes(60);
    private static final Logger LOG = LoggerFactory.getLogger(CacheCSRFValidationFilter.class);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (ALLOWED_METHODS.contains(HttpMethod.resolve(httpServletRequest.getMethod()))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        Cookie cookie = null;
        if (httpServletRequest.getCookies() != null) {
            cookie = (Cookie) Arrays.stream(httpServletRequest.getCookies()).filter(cookie2 -> {
                return cookie2.getName().equals(CLIENT_ID_COOKIE_NAME);
            }).findFirst().orElse(null);
        }
        if (cookie == null || StringUtils.isBlank(cookie.getValue())) {
            LOG.info("CacheCSRFValidationFilter: clientId cookie absent or value is null/empty so we provide one and return an HTTP NO_CONTENT response !");
            httpServletResponse.setStatus(204);
            return;
        }
        String value = cookie.getValue();
        String loadToken = loadToken(value);
        if (StringUtils.isBlank(loadToken)) {
            String generateToken = generateToken();
            saveToken(value, generateToken);
            loadToken = generateToken;
        }
        String header = httpServletRequest.getHeader(DEFAULT_CSRF_HEADER_NAME);
        if (StringUtils.isBlank(header)) {
            LOG.warn("CSRFValidationFilter: Token provided via HTTP Header is absent/empty so we block the request !");
            httpServletResponse.sendError(403, "CSRFValidationFilter: Token provided via HTTP Header is absent/empty so we block the request !");
        } else if (header.equals(loadToken)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            LOG.warn("CSRFValidationFilter: Token provided via HTTP Header and via Session-cache are not equals so we block the request !");
            httpServletResponse.sendError(403, "CSRFValidationFilter: Token provided via HTTP Header and via Session-cache are not equals so we block the request !");
        }
    }

    public String generateCacheKey(String str) {
        return this.cacheKeyPrefix.concat(":").concat(str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        LOG.info("CSRFValidationFilter: Filter init.");
    }

    public void destroy() {
        LOG.info("CSRFValidationFilter: Filter shutdown");
    }

    public String generateToken() {
        return UUID.randomUUID().toString();
    }

    public void saveToken(String str, String str2) {
        AutoExpiringCache.put(str, str2, this.maxInactiveInterval);
    }

    public void removeToken(String str) {
        AutoExpiringCache.remove(str);
    }

    public String loadToken(String str) {
        ISessionInfoMap sessionInfoMap = SessionInfoProviderHolder.getSimpleProvider().getSessionInfoMap();
        return sessionInfoMap.contains(str) ? (String) sessionInfoMap.get(str).getSessionParas().get(generateCacheKey(str)) : loadTokenFromCache(str);
    }

    public String loadTokenFromCache(String str) {
        return (String) AutoExpiringCache.get(str);
    }

    public Duration getMaxInactiveInterval() {
        return this.maxInactiveInterval;
    }

    public void setMaxInactiveInterval(Duration duration) {
        this.maxInactiveInterval = duration;
    }
}
