package org.eclipsefoundation.http.request;

import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
import org.apache.commons.lang3.StringUtils;
import org.eclipsefoundation.http.annotations.Csrf;
import org.eclipsefoundation.http.namespace.RequestHeaderNames;
import org.eclipsefoundation.utils.config.CSRFSecurityConfig;
import org.eclipsefoundation.utils.exception.FinalForbiddenException;
import org.eclipsefoundation.utils.helper.CSRFHelper;
import org.eclipsefoundation.utils.model.AdditionalUserData;
import org.jboss.resteasy.core.interception.jaxrs.PostMatchContainerRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
/* loaded from: input_file:org/eclipsefoundation/http/request/CSRFSecurityFilter.class */
public class CSRFSecurityFilter implements ContainerRequestFilter {
    public static final Logger LOGGER = LoggerFactory.getLogger(CSRFSecurityFilter.class);

    @Inject
    Instance<CSRFSecurityConfig> config;

    @Context
    HttpServletRequest httpServletRequest;

    @Inject
    Instance<CSRFHelper> csrf;

    @Inject
    AdditionalUserData aud;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (((CSRFSecurityConfig) this.config.get()).enabled()) {
            Csrf csrf = (Csrf) ((PostMatchContainerRequestContext) containerRequestContext).getResourceMethod().getMethod().getAnnotation(Csrf.class);
            if ((csrf == null || !csrf.enabled()) && !(csrf == null && isMutationAction(containerRequestContext.getMethod()))) {
                return;
            }
            validateCsrfToken(containerRequestContext.getHeaderString(RequestHeaderNames.CSRF_TOKEN));
        }
    }

    private boolean isMutationAction(String str) {
        return "DELETE".equals(str) || "POST".equals(str) || "PUT".equals(str);
    }

    private void validateCsrfToken(String str) {
        if (StringUtils.isBlank(str)) {
            throw new FinalForbiddenException("No CSRF token passed for mutation call, refusing connection");
        }
        if (((CSRFSecurityConfig) this.config.get()).distributedMode().enabled()) {
            ((CSRFHelper) this.csrf.get()).compareCSRF(((CSRFHelper) this.csrf.get()).getNewCSRFToken(this.httpServletRequest), str);
        } else {
            ((CSRFHelper) this.csrf.get()).compareCSRF(this.aud.getCsrf(), str);
        }
    }
}
