package com.seeyon.ctp.common.web.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/seeyon/ctp/common/web/filter/CTPCsrfGuardFilter.class */
public class CTPCsrfGuardFilter implements Filter {
    private FilterConfig filterConfig = null;
    private static final Log LOG = LogFactory.getLog(CTPCsrfGuardFilter.class);

    public void destroy() {
        this.filterConfig = null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!CTPCsrfGuard.getInstance().isEnabled()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            this.filterConfig.getServletContext().log(String.format("[WARNING] CsrfGuard does not know how to work with requests of class %s ", servletRequest.getClass().getName()));
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null && !CTPCsrfGuard.getInstance().isValidateWhenNoSessionExists()) {
            filterChain.doFilter(httpServletRequest, (HttpServletResponse) servletResponse);
            return;
        }
        CTPCsrfGuard cTPCsrfGuard = CTPCsrfGuard.getInstance();
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("CsrfGuard analyzing request %s", httpServletRequest.getRequestURI()));
        }
        InterceptRedirectResponse interceptRedirectResponse = new InterceptRedirectResponse((HttpServletResponse) servletResponse, httpServletRequest, cTPCsrfGuard);
        if (session != null && session.isNew() && cTPCsrfGuard.isUseNewTokenLandingPage()) {
            cTPCsrfGuard.writeLandingPage(httpServletRequest, interceptRedirectResponse);
        } else if (cTPCsrfGuard.isValidRequest(httpServletRequest, interceptRedirectResponse)) {
            filterChain.doFilter(httpServletRequest, interceptRedirectResponse);
        }
        cTPCsrfGuard.updateTokens(httpServletRequest);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
    }
}
