package com.jxdinfo.hussar.core.filter;

import com.jxdinfo.hussar.common.constant.factory.MutiStrFactory;
import com.jxdinfo.hussar.otp.credential.AbstractOTPCredentialsMatcher;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/jxdinfo/hussar/core/filter/CsrfFilter.class */
public class CsrfFilter implements Filter {
    private static Logger LOGGER = LoggerFactory.getLogger(CsrfFilter.class);
    private AbstractOTPCredentialsMatcher abstractOTPCredentialsMatcher;
    private Set<String> excludesPattern;
    protected String contextPath;
    public static final String PARAM_NAME_EXCLUSIONS = "exclusions";
    private Boolean csrfcheck = true;
    private String refererWhitelist = "";
    protected PatternMatcher pathMatcher = HussarPathMatcher.getInstance();

    public CsrfFilter(AbstractOTPCredentialsMatcher abstractOTPCredentialsMatcher) {
        this.abstractOTPCredentialsMatcher = abstractOTPCredentialsMatcher;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("exclusions");
        if (initParameter != null && initParameter.trim().length() != 0) {
            this.excludesPattern = new HashSet(Arrays.asList(initParameter.split("\\s*,\\s*")));
        }
        this.contextPath = getContextPath(filterConfig.getServletContext());
    }

    private String getContextPath(ServletContext servletContext) {
        String contextPath = servletContext.getContextPath();
        if (contextPath == null || contextPath.length() == 0) {
            contextPath = "/";
        }
        return contextPath;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Referer");
        String requestURI = httpServletRequest.getRequestURI();
        if (!this.csrfcheck.booleanValue()) {
            LOGGER.error("当前CSRF过滤器已经关闭，不进行任何安全校验，当前请求URI为:" + requestURI + "\nREFERER" + header);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.addHeader("X-Frame-Options", "SAMEORIGIN");
        httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.setHeader("X-XSS-Protection", "1;mode=block");
        String scheme = httpServletRequest.getScheme();
        String serverName = httpServletRequest.getServerName();
        int serverPort = httpServletRequest.getServerPort();
        String str = scheme + "://" + serverName + ((("http".equals(scheme) && serverPort == 80) || ("https".equals(scheme) && serverPort == 443)) ? "" : MutiStrFactory.ATTR_SPLIT + serverPort);
        if (isExclusion(requestURI)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (header == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (header.trim().startsWith(str)) {
            String header2 = httpServletRequest.getHeader("x-csrf-token");
            if (header2 != null) {
                AbstractOTPCredentialsMatcher abstractOTPCredentialsMatcher = this.abstractOTPCredentialsMatcher;
                this.abstractOTPCredentialsMatcher.getClass();
                if (!abstractOTPCredentialsMatcher.verify("FCUD3YLMJYG2F72L2NFDXYPL6UJBUUN24BGBK6JDEIKHUA4ZOD2A", header2, 1)) {
                    AbstractOTPCredentialsMatcher abstractOTPCredentialsMatcher2 = this.abstractOTPCredentialsMatcher;
                    this.abstractOTPCredentialsMatcher.getClass();
                    LOGGER.error("检测到重复提交请求！403:  [" + abstractOTPCredentialsMatcher2.generate("FCUD3YLMJYG2F72L2NFDXYPL6UJBUUN24BGBK6JDEIKHUA4ZOD2A") + "][" + header2 + "]\nURI:" + requestURI);
                    httpServletRequest.getRequestDispatcher("/exception/403").forward(servletRequest, servletResponse);
                    return;
                }
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String[] split = this.refererWhitelist.split(",");
        boolean z = false;
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str2 = split[i];
            if (str2.length() > 0 && header.trim().startsWith(str2)) {
                z = true;
                break;
            }
            i++;
        }
        if (z) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (requestURI.endsWith("/exception/403")) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            LOGGER.error("检测到跨站请求！403: \nURI:" + requestURI + "\nREFERER: " + header);
            httpServletRequest.getRequestDispatcher("/exception/403").forward(servletRequest, servletResponse);
        }
    }

    private boolean isExclusion(String str) {
        if (this.excludesPattern == null || str == null) {
            return false;
        }
        if (this.contextPath != null && str.startsWith(this.contextPath)) {
            str = str.substring(this.contextPath.length());
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
        }
        Iterator<String> it = this.excludesPattern.iterator();
        while (it.hasNext()) {
            if (this.pathMatcher.matches(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }

    public boolean isCsrfcheck() {
        return this.csrfcheck.booleanValue();
    }

    public void setCsrfcheck(boolean z) {
        this.csrfcheck = Boolean.valueOf(z);
    }

    public String getRefererWhitelist() {
        return this.refererWhitelist;
    }

    public void setRefererWhitelist(String str) {
        this.refererWhitelist = str;
    }
}
