package org.rythmengine.spring.web;

import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.osgl.logging.L;
import org.osgl.logging.Logger;
import org.osgl.util.C;
import org.osgl.util.ListBuilder;
import org.osgl.util.S;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:org/rythmengine/spring/web/CsrfManager.class */
public class CsrfManager extends HandlerInterceptorAdapter {
    Logger logger = L.get(CsrfManager.class);
    private String parameterName = "__csrf";
    private String headerName = "__csrf";
    private List<Pattern> waiveList = C.list();

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setParameterName(String str) {
        if (S.notBlank(str)) {
            this.parameterName = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHeaderName(String str) {
        if (S.notBlank(str)) {
            this.headerName = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setWaiveList(List<String> list) {
        if (list.isEmpty()) {
            return;
        }
        ListBuilder create = ListBuilder.create();
        for (String str : list) {
            if (!S.blank(str)) {
                create.add(Pattern.compile(str.trim().toLowerCase(), 2));
            }
        }
        this.waiveList = create.toList();
    }

    private boolean shouldWaiveCsrfCheck(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        Iterator<Pattern> it = this.waiveList.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(requestURI).matches()) {
                return true;
            }
        }
        this.logger.debug("request url cannot be waived: %s", new Object[]{requestURI});
        return false;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (HttpMethod.isSafe(httpServletRequest) || shouldWaiveCsrfCheck(httpServletRequest)) {
            return true;
        }
        String parameter = httpServletRequest.getParameter(this.parameterName);
        if (null == parameter) {
            parameter = httpServletRequest.getHeader(this.headerName);
        }
        if (RythmConfigurer.getInstance().sessionManagerEnabled()) {
            if (Session.checkAuthenticityToken(parameter)) {
                return true;
            }
            this.logger.error("Cannot verify the authenticity token for request: %s", new Object[]{httpServletRequest.getRequestURI()});
            httpServletResponse.sendError(403, "Bad authenticity token");
            return false;
        }
        HttpSession session = httpServletRequest.getSession(false);
        if (null == session) {
            httpServletResponse.sendError(403, "Bad authenticity token");
            return false;
        }
        if (!S.neq((String) session.getAttribute(Csrf.SESSION_KEY), parameter)) {
            return true;
        }
        httpServletResponse.sendError(403, "Bad authenticity token");
        return false;
    }
}
