package hirondelle.web4j.security;

import hirondelle.web4j.Controller;
import hirondelle.web4j.database.DAOException;
import hirondelle.web4j.model.Id;
import hirondelle.web4j.util.Util;
import hirondelle.web4j.util.WebUtil;
import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:hirondelle/web4j/security/CsrfFilter.class */
public class CsrfFilter implements Filter {
    public static final String FORM_SOURCE_ID_KEY = "web4j_key_for_form_source_id";
    public static final String PREVIOUS_FORM_SOURCE_ID_KEY = "web4j_key_for_previous_form_source_id";
    public static final String FORM_SOURCE_DAO_KEY = "web4j_key_for_form_source_dao";
    private static final Logger fLogger = Util.getLogger(CsrfFilter.class);
    private static final boolean DO_NOT_CREATE = false;
    private static final String TEXT_HTML = "text/html";

    /* loaded from: input_file:hirondelle/web4j/security/CsrfFilter$CharResponseWrapper.class */
    private static final class CharResponseWrapper extends HttpServletResponseWrapper {
        private CharArrayWriter fOutput;

        public String toString() {
            return this.fOutput.toString();
        }

        public CharResponseWrapper(HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
            this.fOutput = new CharArrayWriter();
        }

        public PrintWriter getWriter() {
            return new PrintWriter(this.fOutput);
        }
    }

    public void init(FilterConfig filterConfig) {
        fLogger.config("INIT : " + getClass().getName() + ". Reading in SqlIds for reading and writing form-source ids.");
        String initParameter = filterConfig.getInitParameter("FormSourceIdRead");
        String initParameter2 = filterConfig.getInitParameter("FormSourceIdWrite");
        checkValidSqlId(initParameter);
        checkValidSqlId(initParameter2);
        CsrfDAO.init(initParameter, initParameter2);
    }

    public void destroy() {
        fLogger.config("DESTROY : " + getClass().getName());
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        fLogger.fine("START CSRF Filter.");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        addItemsForNewSessions(httpServletRequest);
        if (isServingHtml(httpServletResponse)) {
            fLogger.fine("Serving html. Wrapping response.");
            CharResponseWrapper charResponseWrapper = new CharResponseWrapper(httpServletResponse);
            filterChain.doFilter(servletRequest, charResponseWrapper);
            CharArrayWriter charArrayWriter = new CharArrayWriter();
            charArrayWriter.write(new CsrfModifiedResponse(httpServletRequest, httpServletResponse).addNonceTo(charResponseWrapper.toString()));
            servletResponse.setContentLength(charArrayWriter.toString().getBytes((String) WebUtil.findAttribute(Controller.CHARACTER_ENCODING, httpServletRequest)).length);
            servletResponse.getWriter().write(charArrayWriter.toString());
            servletResponse.getWriter().close();
        } else {
            fLogger.fine("Not serving html. Not modifiying response.");
            filterChain.doFilter(servletRequest, servletResponse);
        }
        fLogger.fine("END CSRF Filter.");
    }

    public void addCsrfToken(HttpServletRequest httpServletRequest) throws ServletException {
        addItemsForNewSessions(httpServletRequest);
    }

    private static void checkValidSqlId(String str) {
        if (Util.textHasContent(str)) {
            return;
        }
        fLogger.severe("SqlId required as Filter init-param, but has no content: " + Util.quote(str));
    }

    private void addItemsForNewSessions(HttpServletRequest httpServletRequest) throws ServletException {
        HttpSession session = httpServletRequest.getSession(false);
        if (sessionExists(session) && hasNoFormSourceIdInSession(session)) {
            Id calcFormSourceId = calcFormSourceId();
            addFormSourceIdToSession(session, calcFormSourceId);
            if (userHasLoggedIn(httpServletRequest)) {
                CsrfDAO csrfDAO = new CsrfDAO(httpServletRequest.getUserPrincipal().getName(), calcFormSourceId);
                addPreviousFormSourceIdToSession(session, csrfDAO);
                addFormSourceDAOToSession(session, csrfDAO);
            }
        }
    }

    private boolean sessionExists(HttpSession httpSession) {
        return httpSession != null;
    }

    private boolean hasNoFormSourceIdInSession(HttpSession httpSession) {
        return httpSession.getAttribute(FORM_SOURCE_ID_KEY) == null;
    }

    private boolean userHasLoggedIn(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getUserPrincipal() != null;
    }

    private void addFormSourceIdToSession(HttpSession httpSession, Id id) {
        fLogger.fine("Adding new form-source id to user's session.");
        httpSession.setAttribute(FORM_SOURCE_ID_KEY, id);
    }

    private Id calcFormSourceId() {
        return new Id(getHashFor(getRandomNumber().toString()));
    }

    private void addPreviousFormSourceIdToSession(HttpSession httpSession, CsrfDAO csrfDAO) throws ServletException {
        fLogger.fine("Adding previous form-source id to session.");
        try {
            Id fetchPreviousFormSourceId = csrfDAO.fetchPreviousFormSourceId();
            if (fetchPreviousFormSourceId == null) {
                fLogger.fine("No previous form-source id found.");
            } else {
                fLogger.fine("Adding previous form-source id to session.");
                httpSession.setAttribute(PREVIOUS_FORM_SOURCE_ID_KEY, fetchPreviousFormSourceId);
            }
        } catch (DAOException e) {
            throw new ServletException("Cannot fetch previous form-source id from database.", e);
        }
    }

    private void addFormSourceDAOToSession(HttpSession httpSession, CsrfDAO csrfDAO) {
        fLogger.fine("Adding CsrfDAO object to session.");
        httpSession.setAttribute(FORM_SOURCE_DAO_KEY, csrfDAO);
    }

    private synchronized Long getRandomNumber() {
        return Long.valueOf(new Random().nextLong());
    }

    private String getHashFor(String str) {
        try {
            return hexEncode(MessageDigest.getInstance("SHA-1").digest(str.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            fLogger.severe("MessageDigest cannot find SHA-1 algorithm.");
            throw new RuntimeException("MessageDigest cannot find SHA-1 algorithm.");
        }
    }

    private static String hexEncode(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        for (byte b : bArr) {
            sb.append(cArr[(b & 240) >> 4]);
            sb.append(cArr[b & 15]);
        }
        return sb.toString();
    }

    private boolean isServingHtml(HttpServletResponse httpServletResponse) {
        String contentType = httpServletResponse.getContentType();
        return (!Util.textHasContent(contentType)) || (Util.textHasContent(contentType) && contentType.startsWith(TEXT_HTML));
    }
}
