package com.github.kaizen4j.shiro.csrf;

import com.github.kaizen4j.shiro.exception.CsrfException;
import com.github.kaizen4j.shiro.exception.InvalidCsrfTokenException;
import com.github.kaizen4j.shiro.exception.MissingCsrfTokenException;
import com.github.kaizen4j.util.JsonUtils;
import com.github.kaizen4j.web.constant.HttpCodeEnum;
import com.github.kaizen4j.web.entity.vo.ResponseResultVO;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.util.Assert;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/kaizen4j/shiro/csrf/CsrfFilter.class */
public class CsrfFilter extends AccessControlFilter {
    private static final Logger logger = LoggerFactory.getLogger(CsrfFilter.class);
    public static final String DEFAULT_ERROR_KEY_ATTRIBUTE_NAME = "shiroFailure";
    private CsrfTokenRepository tokenRepository;
    private String failureKeyAttribute;
    private Set<String> allowedHttpMethods;

    public CsrfFilter() {
        this(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }

    public CsrfFilter(CsrfTokenRepository csrfTokenRepository) {
        this.failureKeyAttribute = DEFAULT_ERROR_KEY_ATTRIBUTE_NAME;
        this.allowedHttpMethods = new HashSet(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS"));
        Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
        this.tokenRepository = csrfTokenRepository;
    }

    public boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        try {
            return super.onPreHandle(servletRequest, servletResponse, obj);
        } catch (CsrfException e) {
            setFailureAttribute(servletRequest, e);
            handleExceptionIfNecessary(servletRequest, servletResponse, e);
            return onAccessDenied(servletRequest, servletResponse);
        }
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        CsrfToken loadToken = getTokenRepository().loadToken(http);
        boolean isNull = Objects.isNull(loadToken);
        if (isNull) {
            loadToken = getTokenRepository().generateToken(http);
            getTokenRepository().saveToken(loadToken, http, http2);
        }
        http.setAttribute(CsrfToken.class.getName(), loadToken);
        http.setAttribute(loadToken.getParameterName(), loadToken);
        if (isRequestAllowed(http, obj)) {
            return true;
        }
        String header = http.getHeader(loadToken.getHeaderName());
        if (StringUtils.isBlank(header)) {
            header = http.getParameter(loadToken.getParameterName());
        }
        if (loadToken.getToken().equals(header)) {
            return true;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Invalid CSRF token found for {}", http.getPathInfo());
        }
        if (isNull) {
            throw new MissingCsrfTokenException(header);
        }
        throw new InvalidCsrfTokenException(loadToken, header);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        WebUtils.saveRequest(servletRequest);
        return false;
    }

    protected void setFailureAttribute(ServletRequest servletRequest, CsrfException csrfException) {
        servletRequest.setAttribute(getFailureKeyAttribute(), csrfException.getClass().getName());
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected void handleExceptionIfNecessary(ServletRequest servletRequest, ServletResponse servletResponse, CsrfException csrfException) {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        if (!StringUtils.contains(http.getHeader("Content-Type"), "application/json")) {
            if (logger.isDebugEnabled()) {
                logger.debug("Not match contentType 'application/json' then thrown exception");
            }
            throw csrfException;
        }
        ResponseResultVO accessDenied = ResponseResultVO.accessDenied();
        accessDenied.setMessage("CSRF Token 检验失败");
        accessDenied.setError(csrfException.getMessage());
        try {
            http2.setCharacterEncoding(StandardCharsets.UTF_8.displayName());
            http2.setContentType("application/json");
            PrintWriter writer = http2.getWriter();
            writer.print(JsonUtils.toJson(accessDenied));
            writer.flush();
        } catch (IOException e) {
            logger.error("Write response body error: {}", JsonUtils.toJson(accessDenied), e);
            http2.setStatus(HttpCodeEnum.INTERNAL_SERVER_ERROR.getCode().intValue());
        }
    }

    public CsrfTokenRepository getTokenRepository() {
        return this.tokenRepository;
    }

    public void setTokenRepository(CsrfTokenRepository csrfTokenRepository) {
        this.tokenRepository = csrfTokenRepository;
    }

    public Set<String> getAllowedHttpMethods() {
        return this.allowedHttpMethods;
    }

    public void setAllowedHttpMethods(Set<String> set) {
        this.allowedHttpMethods.clear();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            this.allowedHttpMethods.add(it.next().toUpperCase(Locale.ENGLISH));
        }
    }

    public String getFailureKeyAttribute() {
        return this.failureKeyAttribute;
    }

    public void setFailureKeyAttribute(String str) {
        this.failureKeyAttribute = str;
    }

    private boolean isRequestAllowed(HttpServletRequest httpServletRequest, Object obj) {
        return getAllowedHttpMethods().contains(httpServletRequest.getMethod().toUpperCase(Locale.ENGLISH));
    }
}
