package org.apache.catalina.filters;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.14.jar:org/apache/catalina/filters/RestCsrfPreventionFilter.class */
public class RestCsrfPreventionFilter extends CsrfPreventionFilterBase {
    private static final Pattern NON_MODIFYING_METHODS_PATTERN = Pattern.compile("GET|HEAD|OPTIONS");
    private static final Predicate<String> nonModifyingMethods = str -> {
        return Objects.nonNull(str) && NON_MODIFYING_METHODS_PATTERN.matcher(str).matches();
    };
    private Set<String> pathsAcceptingParams = new HashSet();
    private String pathsDelimiter = ",";

    /* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.14.jar:org/apache/catalina/filters/RestCsrfPreventionFilter$FetchRequest.class */
    private class FetchRequest implements RestCsrfPreventionStrategy {
        private final Predicate<String> fetchRequest;

        private FetchRequest() {
            this.fetchRequest = str -> {
                return Constants.CSRF_REST_NONCE_HEADER_FETCH_VALUE.equalsIgnoreCase(str);
            };
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.apache.catalina.filters.RestCsrfPreventionFilter.RestCsrfPreventionStrategy
        public boolean apply(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            if (!this.fetchRequest.test(nonceFromRequestHeader.getNonce(httpServletRequest, Constants.CSRF_REST_NONCE_HEADER_NAME))) {
                return true;
            }
            String nonce = nonceFromSession.getNonce(httpServletRequest.getSession(false), Constants.CSRF_REST_NONCE_SESSION_ATTR_NAME);
            if (nonce == null) {
                nonce = RestCsrfPreventionFilter.this.generateNonce();
                nonceToSession.setNonce(Objects.requireNonNull(httpServletRequest.getSession(true)), Constants.CSRF_REST_NONCE_SESSION_ATTR_NAME, nonce);
            }
            nonceToResponse.setNonce(httpServletResponse, Constants.CSRF_REST_NONCE_HEADER_NAME, nonce);
            return true;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.14.jar:org/apache/catalina/filters/RestCsrfPreventionFilter$MethodType.class */
    private enum MethodType {
        NON_MODIFYING_METHOD,
        MODIFYING_METHOD
    }

    @FunctionalInterface
    /* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.14.jar:org/apache/catalina/filters/RestCsrfPreventionFilter$NonceConsumer.class */
    private interface NonceConsumer<T> {
        void setNonce(T t, String str, String str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.14.jar:org/apache/catalina/filters/RestCsrfPreventionFilter$NonceSupplier.class */
    public interface NonceSupplier<T, R> {
        R getNonce(T t, String str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.14.jar:org/apache/catalina/filters/RestCsrfPreventionFilter$RestCsrfPreventionStrategy.class */
    public interface RestCsrfPreventionStrategy {
        public static final NonceSupplier<HttpServletRequest, String> nonceFromRequestHeader = (httpServletRequest, str) -> {
            return httpServletRequest.getHeader(str);
        };
        public static final NonceSupplier<HttpServletRequest, String[]> nonceFromRequestParams = (httpServletRequest, str) -> {
            return httpServletRequest.getParameterValues(str);
        };
        public static final NonceSupplier<HttpSession, String> nonceFromSession = (httpSession, str) -> {
            if (Objects.isNull(httpSession)) {
                return null;
            }
            return (String) httpSession.getAttribute(str);
        };
        public static final NonceConsumer<HttpServletResponse> nonceToResponse = (httpServletResponse, str, str2) -> {
            httpServletResponse.setHeader(str, str2);
        };
        public static final NonceConsumer<HttpSession> nonceToSession = (httpSession, str, str2) -> {
            httpSession.setAttribute(str, str2);
        };

        boolean apply(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException;
    }

    /* loaded from: input_file:WEB-INF/lib/tomcat-embed-core-9.0.14.jar:org/apache/catalina/filters/RestCsrfPreventionFilter$StateChangingRequest.class */
    private class StateChangingRequest implements RestCsrfPreventionStrategy {
        private StateChangingRequest() {
        }

        @Override // org.apache.catalina.filters.RestCsrfPreventionFilter.RestCsrfPreventionStrategy
        public boolean apply(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
            if (isValidStateChangingRequest(extractNonceFromRequest(httpServletRequest), nonceFromSession.getNonce(httpServletRequest.getSession(false), Constants.CSRF_REST_NONCE_SESSION_ATTR_NAME))) {
                return true;
            }
            nonceToResponse.setNonce(httpServletResponse, Constants.CSRF_REST_NONCE_HEADER_NAME, Constants.CSRF_REST_NONCE_HEADER_REQUIRED_VALUE);
            httpServletResponse.sendError(RestCsrfPreventionFilter.this.getDenyStatus(), FilterBase.sm.getString("restCsrfPreventionFilter.invalidNonce"));
            return false;
        }

        private boolean isValidStateChangingRequest(String str, String str2) {
            return Objects.nonNull(str) && Objects.nonNull(str2) && Objects.equals(str, str2);
        }

        private String extractNonceFromRequest(HttpServletRequest httpServletRequest) {
            String nonce = nonceFromRequestHeader.getNonce(httpServletRequest, Constants.CSRF_REST_NONCE_HEADER_NAME);
            if ((Objects.isNull(nonce) || Objects.equals("", nonce)) && !RestCsrfPreventionFilter.this.getPathsAcceptingParams().isEmpty() && RestCsrfPreventionFilter.this.getPathsAcceptingParams().contains(RestCsrfPreventionFilter.this.getRequestedPath(httpServletRequest))) {
                nonce = extractNonceFromRequestParams(httpServletRequest);
            }
            return nonce;
        }

        private String extractNonceFromRequestParams(HttpServletRequest httpServletRequest) {
            String[] nonce = nonceFromRequestParams.getNonce(httpServletRequest, Constants.CSRF_REST_NONCE_HEADER_NAME);
            if (!Objects.nonNull(nonce) || nonce.length <= 0) {
                return null;
            }
            String str = nonce[0];
            for (String str2 : nonce) {
                if (!Objects.equals(str2, str)) {
                    return null;
                }
            }
            return str;
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        RestCsrfPreventionStrategy stateChangingRequest;
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            MethodType methodType = MethodType.MODIFYING_METHOD;
            if (nonModifyingMethods.test(((HttpServletRequest) servletRequest).getMethod())) {
                methodType = MethodType.NON_MODIFYING_METHOD;
            }
            switch (methodType) {
                case NON_MODIFYING_METHOD:
                    stateChangingRequest = new FetchRequest();
                    break;
                default:
                    stateChangingRequest = new StateChangingRequest();
                    break;
            }
            if (!stateChangingRequest.apply((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse)) {
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void setPathsAcceptingParams(String str) {
        if (Objects.nonNull(str)) {
            Arrays.asList(str.split(this.pathsDelimiter)).forEach(str2 -> {
                this.pathsAcceptingParams.add(str2.trim());
            });
        }
    }

    public Set<String> getPathsAcceptingParams() {
        return this.pathsAcceptingParams;
    }
}
