package info.magnolia.cms.security;

import info.magnolia.cms.beans.config.ServerConfiguration;
import info.magnolia.context.Context;
import info.magnolia.util.EscapeUtil;
import java.io.IOException;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:info/magnolia/cms/security/CsrfCookieTokenFilter.class */
public class CsrfCookieTokenFilter extends CsrfTokenFilterBase {
    private static final Logger LOG = LoggerFactory.getLogger(CsrfCookieTokenFilter.class);
    private boolean secureCookie;
    private boolean httpOnlyCookie;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CsrfCookieTokenFilter(Provider<Context> provider, CsrfTokenStrategy csrfTokenStrategy) {
        super(provider, csrfTokenStrategy);
    }

    @Inject
    public CsrfCookieTokenFilter(Provider<Context> provider, ServerConfiguration serverConfiguration) {
        this(provider, new HmacCsrfToken(serverConfiguration));
    }

    @Override // info.magnolia.cms.filters.AbstractMgnlFilter
    public boolean bypasses(HttpServletRequest httpServletRequest) {
        return SecurityUtil.isAuthenticated() || super.bypasses(httpServletRequest);
    }

    public void setSecureCookie(boolean z) {
        this.secureCookie = z;
    }

    public void setHttpOnlyCookie(boolean z) {
        this.httpOnlyCookie = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // info.magnolia.cms.security.CsrfTokenFilterBase
    public boolean isCSRFTokenValid(CsrfTokenStrategy csrfTokenStrategy, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String newToken;
        LOG.debug("Running {} on {} request for {}", new Object[]{getClass().getSimpleName(), httpServletRequest.getMethod(), httpServletRequest.getServletPath()});
        Stream map = Arrays.stream(getCookies(httpServletRequest)).filter(cookie -> {
            return cookie.getName().equals("csrf");
        }).map((v0) -> {
            return v0.getValue();
        });
        Objects.requireNonNull(csrfTokenStrategy);
        Optional findFirst = map.filter(csrfTokenStrategy::isValid).findFirst();
        if (httpServletRequest.getMethod().equals("GET")) {
            if (!findFirst.isPresent() || csrfTokenStrategy.needsRenewal((String) findFirst.get())) {
                newToken = csrfTokenStrategy.newToken();
                httpServletResponse.addCookie(generateCookie(httpServletRequest, EscapeUtil.escapeCrlf(newToken)));
            } else {
                newToken = (String) findFirst.get();
            }
            httpServletRequest.setAttribute("csrf", newToken);
            return true;
        }
        if (!httpServletRequest.getMethod().equals("POST")) {
            return true;
        }
        String parameter = httpServletRequest.getParameter("csrf");
        if (!StringUtils.isNotBlank(parameter) || !findFirst.isPresent()) {
            csrfTokenMissing(httpServletRequest, httpServletResponse, httpServletRequest.getServletPath());
            return false;
        }
        if (!Objects.equals(parameter, findFirst.get())) {
            csrfTokenMismatch(httpServletRequest, httpServletResponse, httpServletRequest.getServletPath());
            return false;
        }
        if (csrfTokenStrategy.isValid(parameter)) {
            return true;
        }
        csrfTokenNotValid(httpServletRequest, httpServletResponse, httpServletRequest.getServletPath());
        return false;
    }

    private static Cookie[] getCookies(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        return cookies != null ? cookies : new Cookie[0];
    }

    private Cookie generateCookie(HttpServletRequest httpServletRequest, String str) {
        Cookie cookie = new Cookie("csrf", str);
        cookie.setPath(httpServletRequest.getContextPath());
        cookie.setSecure(this.secureCookie);
        cookie.setHttpOnly(this.httpOnlyCookie);
        cookie.setMaxAge(-1);
        return cookie;
    }
}
