package com.huawei.cdc.service.security.filter;

import com.huawei.cdc.service.security.config.CasConfig;
import com.huawei.cdc.service.util.CommonConstants;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/cdc/service/security/filter/FICSRFPreventionFilter.class */
public class FICSRFPreventionFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(FICSRFPreventionFilter.class);
    public static final String IPV6_COMPRESSION_REGEX = "((?::0\\b){2,}):?(?!\\S*\\b\\1:0\\b)(\\S*)";
    public static final String HEADER_USER_AGENT = "User-Agent";
    private String headerName;
    private Set<String> methodsToIgnore;
    private String[] browserUserAgents;
    private boolean isCsrfEnabled;
    private String[] refererDomainWhiteList;

    /* loaded from: input_file:com/huawei/cdc/service/security/filter/FICSRFPreventionFilter$HttpInteraction.class */
    public interface HttpInteraction {
        String getHeader(String str);

        String getServerName();

        String getMethod();

        void proceed() throws IOException, ServletException;

        void sendError(int i, String str) throws IOException;
    }

    /* loaded from: input_file:com/huawei/cdc/service/security/filter/FICSRFPreventionFilter$ServletFilterHttpInteraction.class */
    private static final class ServletFilterHttpInteraction implements HttpInteraction {
        private final FilterChain chain;
        private final HttpServletRequest httpRequest;
        private final HttpServletResponse httpResponse;

        public ServletFilterHttpInteraction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
            this.httpRequest = httpServletRequest;
            this.httpResponse = httpServletResponse;
            this.chain = filterChain;
        }

        @Override // com.huawei.cdc.service.security.filter.FICSRFPreventionFilter.HttpInteraction
        public String getHeader(String str) {
            return this.httpRequest.getHeader(str);
        }

        @Override // com.huawei.cdc.service.security.filter.FICSRFPreventionFilter.HttpInteraction
        public String getServerName() {
            return this.httpRequest.getServerName();
        }

        @Override // com.huawei.cdc.service.security.filter.FICSRFPreventionFilter.HttpInteraction
        public String getMethod() {
            return this.httpRequest.getMethod();
        }

        @Override // com.huawei.cdc.service.security.filter.FICSRFPreventionFilter.HttpInteraction
        public void proceed() throws IOException, ServletException {
            this.chain.doFilter(this.httpRequest, this.httpResponse);
        }

        @Override // com.huawei.cdc.service.security.filter.FICSRFPreventionFilter.HttpInteraction
        public void sendError(int i, String str) throws IOException {
            this.httpResponse.sendError(i, str);
        }
    }

    public void init(CasConfig casConfig) {
        this.headerName = casConfig.getCsrfCustomHeader();
        this.isCsrfEnabled = casConfig.isCsrfEnable();
        this.refererDomainWhiteList = new String[]{casConfig.getCasProxyIp()};
        parseMethodsToIgnore(casConfig.getCsrfMethodIgnore());
        parseBrowserUserAgents(casConfig.getCsrfBrowserUserAgent());
        LOG.info("Adding cross-site request forgery (CSRF) protection.");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.isCsrfEnabled) {
            handleHttpInteraction(new ServletFilterHttpInteraction((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain));
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void handleHttpInteraction(HttpInteraction httpInteraction) throws IOException, ServletException {
        if (httpInteraction.getHeader(this.headerName) == null && isBrowser(httpInteraction.getHeader(HEADER_USER_AGENT)) && !this.methodsToIgnore.contains(httpInteraction.getMethod())) {
            httpInteraction.sendError(400, "Missing Required Header for CSRF Vulnerability Protection");
        } else if (isRefererValid(httpInteraction)) {
            httpInteraction.proceed();
        } else {
            httpInteraction.sendError(400, "Missing Required Header for CSRF Vulnerability Protection");
        }
    }

    protected boolean isBrowser(String str) {
        boolean z = false;
        if (this.browserUserAgents != null && this.browserUserAgents.length > 0 && str != null) {
            String[] strArr = this.browserUserAgents;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (str.toLowerCase(Locale.ENGLISH).startsWith(strArr[i].toLowerCase(Locale.ENGLISH))) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    private boolean isRefererValid(HttpInteraction httpInteraction) {
        String header = httpInteraction.getHeader("referer");
        String serverName = httpInteraction.getServerName();
        if (!isBrowser(httpInteraction.getHeader(HEADER_USER_AGENT)) || null == header) {
            return true;
        }
        try {
            URL url = new URL(header);
            if (serverName.equals(url.getHost())) {
                return true;
            }
            for (String str : this.refererDomainWhiteList) {
                if (ipPreProcess(str).equals(ipPreProcess(url.getHost()))) {
                    return true;
                }
            }
            return false;
        } catch (MalformedURLException e) {
            return false;
        }
    }

    private String ipPreProcess(String str) {
        return str.replaceAll("\\\\", CommonConstants.EMPTY).replaceAll(IPV6_COMPRESSION_REGEX, "::$2");
    }

    public void destroy() {
    }

    void parseMethodsToIgnore(String str) {
        String[] split = str.split(CommonConstants.COMMA);
        this.methodsToIgnore = new HashSet();
        Collections.addAll(this.methodsToIgnore, split);
    }

    void parseBrowserUserAgents(String str) {
        this.browserUserAgents = str.split(CommonConstants.COMMA);
    }
}
