package org.eclipsefoundation.http.request;

import io.smallrye.mutiny.Uni;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.HttpServerRequest;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.SecurityContext;
import org.apache.commons.lang3.StringUtils;
import org.eclipsefoundation.http.annotations.Csrf;
import org.eclipsefoundation.http.namespace.RequestHeaderNames;
import org.eclipsefoundation.utils.config.CSRFSecurityConfig;
import org.eclipsefoundation.utils.exception.FinalForbiddenException;
import org.eclipsefoundation.utils.helper.CSRFHelper;
import org.eclipsefoundation.utils.model.AdditionalUserData;
import org.jboss.resteasy.reactive.server.ServerRequestFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipsefoundation/http/request/CSRFSecurityFilter.class */
public class CSRFSecurityFilter {
    public static final Logger LOGGER = LoggerFactory.getLogger(CSRFSecurityFilter.class);
    private final CSRFSecurityConfig config;
    private final CSRFHelper csrf;
    private final AdditionalUserData aud;

    public CSRFSecurityFilter(CSRFHelper cSRFHelper, AdditionalUserData additionalUserData, CSRFSecurityConfig cSRFSecurityConfig) {
        this.config = cSRFSecurityConfig;
        this.csrf = cSRFHelper;
        this.aud = additionalUserData;
    }

    @ServerRequestFilter(priority = 4999)
    public Uni<Void> filter(ContainerRequestContext containerRequestContext, ResourceInfo resourceInfo, HttpServerRequest httpServerRequest) {
        Csrf csrf;
        if (this.config.enabled() && (((csrf = (Csrf) resourceInfo.getResourceMethod().getAnnotation(Csrf.class)) != null && csrf.enabled()) || (csrf == null && isMutationAction(containerRequestContext.getMethod())))) {
            validateCsrfToken(containerRequestContext.getHeaderString(RequestHeaderNames.CSRF_TOKEN), httpServerRequest, containerRequestContext.getSecurityContext());
        }
        return Uni.createFrom().nullItem();
    }

    private boolean isMutationAction(String str) {
        return HttpMethod.DELETE.name().equals(str) || HttpMethod.POST.name().equals(str) || HttpMethod.PUT.name().equals(str);
    }

    private void validateCsrfToken(String str, HttpServerRequest httpServerRequest, SecurityContext securityContext) {
        if (StringUtils.isBlank(str)) {
            throw new FinalForbiddenException("No CSRF token passed for mutation call, refusing connection");
        }
        if (this.config.distributedMode().enabled()) {
            this.csrf.compareCSRF(this.csrf.getNewCSRFToken(httpServerRequest, securityContext), str);
        } else {
            this.csrf.compareCSRF(this.aud.getCsrf(), str);
        }
    }
}
