package com.huawei.bigdata.om.web.security;

import com.huawei.bigdata.om.common.utils.FileUtil;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.northbound.snmp.constdefinition.ConstDefinition;
import com.huawei.bigdata.om.web.api.converter.BackupRecoveryConverter;
import com.huawei.bigdata.om.web.api.service.AuditResourceService;
import com.huawei.bigdata.om.web.constant.Resource;
import com.huawei.bigdata.om.web.util.WebUtils;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.Normalizer;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/bigdata/om/web/security/CheckCSRFFilter.class */
public class CheckCSRFFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(CheckCSRFFilter.class);
    private static final String SEPARATOR = System.getProperty("line.separator");
    private static final String PATH = "/webapps/web/WEB-INF/classes/config/csrf_white_url.properties";
    private static final String OMS_INI_PATH = "/workspace/conf/oms-config.ini";
    private static final String SWITCH_ON = "on";
    private static final String SWITCH_OFF = "off";
    private static final String FILTER_NAME = "CheckCSRFFilter";
    private static volatile CheckCSRFFilter checkCSRFFilter;
    private String requestURI;
    private String heardToken;
    private String parameterToken;
    private String sessionToken;
    private String cookieToken;
    private String needtoken;
    private String referUrl;
    private String refererSwitch;
    private String webip;
    private String ssoip;
    private List<Pattern> whiteReferList = new ArrayList();
    private List<Pattern> whiltUrlList = new ArrayList();
    private List<Pattern> tokenUrlList = new ArrayList();

    public void init(FilterConfig filterConfig) throws ServletException {
        String str = System.getenv("OMS_RUN_PATH") + OMS_INI_PATH;
        loadWhiteUrl();
        this.webip = loadProperty(str, "ws_float_ip");
        this.ssoip = loadProperty(str, "sso_ip");
        if (StringUtils.isBlank(this.webip)) {
            this.webip = "";
        }
        if (StringUtils.isBlank(this.ssoip)) {
            this.ssoip = this.webip;
        }
        if (StringUtils.isBlank(this.refererSwitch)) {
            this.refererSwitch = SWITCH_OFF;
        }
        filterConfig.getServletContext().setAttribute(FILTER_NAME, this);
        LOGGER.info("whiteReferList properties file is {}.", this.whiteReferList.get(0));
        LOGGER.info("refererSwitch properties file is {}.", this.refererSwitch);
        LOGGER.info("webip properties file is {}.", this.webip);
        LOGGER.info("ssoip properties file is {}.", this.ssoip);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        this.parameterToken = httpServletRequest.getParameter("token");
        this.requestURI = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
        this.referUrl = httpServletRequest.getHeader("Referer");
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            this.requestURI += pathInfo;
        }
        HttpSession session = httpServletRequest.getSession();
        this.sessionToken = (String) session.getAttribute("Token");
        this.needtoken = (String) session.getAttribute("needtoken");
        this.heardToken = httpServletRequest.getHeader("X-HW-FI-Auth-Token");
        this.cookieToken = WebUtils.getTokenFromCookies(httpServletRequest);
        if (!this.refererSwitch.equals(SWITCH_ON)) {
            LOGGER.warn("Referer switch is off {} .", this.refererSwitch);
        } else if (StringUtils.isNotEmpty(this.referUrl)) {
            LOGGER.debug("This refer url is {}", this.referUrl);
            if (!isValidRefererUrl(this.referUrl)) {
                LOGGER.error("This request referer {} is error, remote ip is {}.", this.referUrl, remoteAddr);
                httpServletResponse.setStatus(403);
                return;
            }
            LOGGER.debug("This request token is OK {}", this.referUrl);
        } else {
            LOGGER.warn("This request referer is null, remote ip is {}.", remoteAddr);
        }
        if (!StringUtils.isEmpty(this.needtoken) && this.needtoken.equals(Resource.SCREEN_LOCK)) {
            if (!checkToken()) {
                LOGGER.error("This request token is error ");
                httpServletResponse.setStatus(403);
                return;
            }
            LOGGER.debug("This request token is OK ");
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public boolean isValidRefererUrl(String str) {
        String str2 = "https://" + this.webip;
        String str3 = "https://" + this.ssoip;
        if (str.startsWith(str2) || str.startsWith(str3)) {
            return true;
        }
        if (str.startsWith("https://[")) {
            String str4 = this.webip;
            String str5 = this.ssoip;
            try {
                String hostAddress = InetAddress.getByName(str4).getHostAddress();
                String hostAddress2 = InetAddress.getByName(str5).getHostAddress();
                String str6 = "";
                if (str.startsWith("https://[")) {
                    int indexOf = str.indexOf("[");
                    int indexOf2 = str.indexOf("]");
                    if (indexOf2 >= 0) {
                        str6 = InetAddress.getByName(str.substring(indexOf + 1, indexOf2)).getHostAddress();
                    }
                }
                if (str6.equals(hostAddress)) {
                    return true;
                }
                if (str6.equals(hostAddress2)) {
                    return true;
                }
            } catch (UnknownHostException e) {
                LOGGER.error("Normalize the ip failured.");
            }
        }
        Iterator<Pattern> it = this.whiteReferList.iterator();
        while (it.hasNext()) {
            String pattern = it.next().toString();
            if (!StringUtils.isEmpty(pattern) && str.contains(pattern)) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }

    public synchronized void updateWhiteUrl() {
        loadWhiteUrl();
    }

    public static CheckCSRFFilter getInstance(ServletContext servletContext) {
        if (servletContext == null) {
            return checkCSRFFilter;
        }
        if (checkCSRFFilter == null) {
            synchronized (CheckCSRFFilter.class) {
                if (checkCSRFFilter == null) {
                    checkCSRFFilter = (CheckCSRFFilter) servletContext.getAttribute(FILTER_NAME);
                }
            }
        }
        return checkCSRFFilter;
    }

    private boolean filterDoAndHtmUri() {
        return this.requestURI.contains(".do") || (this.requestURI.contains("/api/v2") && !this.requestURI.endsWith("/api/v2/session/logout")) || (this.requestURI.contains(".htm") && !this.requestURI.endsWith("logout_action.htm"));
    }

    private boolean checkToken() {
        if (!filterDoAndHtmUri()) {
            return true;
        }
        if (isWhiltUrl(this.requestURI)) {
            LOGGER.debug("This is whilt url {}, do nothing.", StringHelper.replaceBlank(this.requestURI));
            return true;
        }
        if (isTokenUrl(this.requestURI)) {
            if (StringUtils.isEmpty(this.parameterToken) || StringUtils.isEmpty(this.cookieToken)) {
                LOGGER.error("This url or cookies is without token information.", StringHelper.replaceBlank(this.requestURI));
                return false;
            }
            if (this.parameterToken.equals(this.sessionToken) && this.cookieToken.equals(this.sessionToken)) {
                LOGGER.debug("This request is OK.");
                return true;
            }
            LOGGER.error("This url or cookies is token information error.", StringHelper.replaceBlank(this.requestURI));
            return false;
        }
        if (StringUtils.isEmpty(this.heardToken) || StringUtils.isEmpty(this.cookieToken)) {
            LOGGER.error("This request heard or cookies is without token information.", StringHelper.replaceBlank(this.requestURI));
            return false;
        }
        if (this.heardToken.equals(this.sessionToken) && this.cookieToken.equals(this.sessionToken)) {
            LOGGER.debug("This request is OK.");
            return true;
        }
        LOGGER.error("This request heard or cookies is token information error.", StringHelper.replaceBlank(this.requestURI));
        return false;
    }

    private List<Pattern> loadUrlPattenList(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isEmpty(str)) {
            LOGGER.error("properties file is invalid.");
            return arrayList;
        }
        for (String str3 : replaceBlank(FileUtil.loadProperties(str).getProperty(str2)).split(AuditResourceService.SEMICOLON)) {
            arrayList.add(Pattern.compile(str3.replaceAll("\\*", BackupRecoveryConverter.DEFAULT_REGEXP)));
        }
        return arrayList;
    }

    private String loadProperty(String str, String str2) {
        if (!StringUtils.isEmpty(str)) {
            return FileUtil.loadProperties(str).getProperty(str2);
        }
        LOGGER.error("properties file is invalid.");
        return "";
    }

    private String replaceBlank(String str) {
        return str != null ? Pattern.compile("\\s*|\t|").matcher(Normalizer.normalize(str, Normalizer.Form.NFKC)).replaceAll("").replace(SEPARATOR, "") : "";
    }

    boolean isWhiltUrl(String str) {
        Iterator<Pattern> it = this.whiltUrlList.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                LOGGER.debug("This is whilt request.");
                return true;
            }
        }
        return false;
    }

    boolean isTokenUrl(String str) {
        Iterator<Pattern> it = this.tokenUrlList.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                LOGGER.debug("This is token in url request.");
                return true;
            }
        }
        return false;
    }

    private void loadWhiteUrl() {
        String str = System.getenv(ConstDefinition.OM_TOMCAT_HOME) + PATH;
        this.whiltUrlList = loadUrlPattenList(str, "whiteurl");
        this.tokenUrlList = loadUrlPattenList(str, "tokenurl");
        this.whiteReferList = loadUrlPattenList(str, "white_referer_url");
        this.refererSwitch = loadProperty(str, "referer_switch");
    }
}
