package net.risesoft.filters;

import java.io.IOException;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.risesoft.y9.Y9Context;
import net.risesoft.y9.configuration.feature.security.Y9SecurityProperties;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:net/risesoft/filters/CsrfFilter.class */
public class CsrfFilter implements Filter {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (isRefererValid((HttpServletRequest) servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            httpServletResponse.setStatus(403);
            httpServletResponse.getOutputStream().print("For security reasons, your request could not be processed");
        }
    }

    private boolean isAcceptedReferer(String str) {
        Stream stream = ((Y9SecurityProperties) Y9Context.getBean(Y9SecurityProperties.class)).getCsrf().getAcceptedReferer().stream();
        Objects.requireNonNull(str);
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    public boolean isRefererValid(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Referer");
        return !StringUtils.isNotBlank(header) || header.contains(httpServletRequest.getContextPath()) || isAcceptedReferer(header);
    }
}
