package com.liferay.bean.portlet.cdi.extension.internal.mvc;

import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.auth.AuthTokenUtil;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.StringUtil;
import java.io.Serializable;
import java.lang.reflect.Method;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.mvc.security.Csrf;
import javax.mvc.security.CsrfProtected;
import javax.portlet.ClientDataRequest;
import javax.ws.rs.core.Configuration;

@Priority(1000)
@CsrfValidationInterceptorBinding
@Interceptor
/* loaded from: input_file:com/liferay/bean/portlet/cdi/extension/internal/mvc/CsrfValidationInterceptor.class */
public class CsrfValidationInterceptor implements Serializable {
    private static final Log _log = LogFactoryUtil.getLog(CsrfValidationInterceptor.class);
    private static final long serialVersionUID = 1348567603498123441L;

    @Inject
    private Configuration _configuration;

    @AroundInvoke
    public Object validateMethodInvocation(InvocationContext invocationContext) throws Exception {
        Csrf.CsrfOptions csrfOptions = Csrf.CsrfOptions.EXPLICIT;
        Object property = this._configuration.getProperty("javax.mvc.security.CsrfProtection");
        if (property != null) {
            if (property instanceof Csrf.CsrfOptions) {
                csrfOptions = (Csrf.CsrfOptions) property;
            } else {
                try {
                    csrfOptions = Csrf.CsrfOptions.valueOf(property.toString());
                } catch (IllegalArgumentException e) {
                    _log.error(e.getMessage(), e);
                }
            }
        }
        if (csrfOptions == Csrf.CsrfOptions.OFF) {
            return invocationContext.proceed();
        }
        Method method = invocationContext.getMethod();
        if (csrfOptions == Csrf.CsrfOptions.EXPLICIT && !method.isAnnotationPresent(CsrfProtected.class)) {
            return invocationContext.proceed();
        }
        boolean z = false;
        Object[] parameters = invocationContext.getParameters();
        if (parameters.length != 2) {
            _log.error("The method signature must include (ActionRequest, ActionResponse) or (ResourceRequest, ResourceResponse) as parameters");
        } else if (parameters[0] instanceof ClientDataRequest) {
            ClientDataRequest clientDataRequest = (ClientDataRequest) parameters[0];
            if (StringUtil.toLowerCase(clientDataRequest.getMethod()).equals("post")) {
                try {
                    AuthTokenUtil.checkCSRFToken(((ThemeDisplay) clientDataRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY")).getRequest(), CsrfValidationInterceptor.class.getName());
                    z = true;
                } catch (PrincipalException e2) {
                    _log.error("The CSRF token is invalid", e2);
                }
            } else {
                z = true;
            }
        } else {
            _log.error("The first parameter of the method signature must be an ActionRequest or ResourceRequest");
        }
        if (z) {
            return invocationContext.proceed();
        }
        return null;
    }
}
