package cn.com.duibaboot.ext.autoconfigure.security.dpefensivepolicy;

import cn.com.duiba.wolf.perf.timeprofile.RequestTool;
import cn.com.duiba.wolf.utils.UUIDUtils;
import cn.com.duibaboot.ext.autoconfigure.etcd.config.EtcdConstants;
import cn.com.duibaboot.ext.autoconfigure.security.exception.DuibaSecurityException;
import cn.com.duibaboot.ext.autoconfigure.web.login.LoginSuccessEvent;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import javax.servlet.DispatcherType;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.springframework.context.event.EventListener;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:cn/com/duibaboot/ext/autoconfigure/security/dpefensivepolicy/CsrfDefensivePolicy.class */
public class CsrfDefensivePolicy extends HandlerInterceptorAdapter {
    private static final String CSRF_HEADER = "X-Csrf-Token";
    private static final String CSRF_COOKIE = "csrf_token";
    public static final String CSRF_PASS_MARK = "CSRF_PASS_MARK";

    @EventListener({LoginSuccessEvent.class})
    public void csrfCookieListening(LoginSuccessEvent loginSuccessEvent) {
        Cookie cookie = new Cookie(CSRF_COOKIE, UUIDUtils.createUUID());
        cookie.setPath(EtcdConstants.PATH_SEPARATOR);
        cookie.setMaxAge(loginSuccessEvent.getExpirationTime().intValue());
        loginSuccessEvent.getResponse().addCookie(cookie);
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod) || DispatcherType.REQUEST != httpServletRequest.getDispatcherType() || ((Boolean) Optional.ofNullable(httpServletRequest.getAttribute(CSRF_PASS_MARK)).map(obj2 -> {
            return (Boolean) obj2;
        }).orElse(false)).booleanValue()) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        String cookieValue = getCookieValue(httpServletRequest);
        CsrfOff csrfOff = (CsrfOff) handlerMethod.getMethodAnnotation(CsrfOff.class);
        if (!isAjaxRequest(handlerMethod) || csrfOff != null || StringUtils.isBlank(cookieValue)) {
            return true;
        }
        String header = httpServletRequest.getHeader("referer");
        if (!StringUtils.isEmpty(header) && !header.startsWith(RequestTool.getServerPath(httpServletRequest))) {
            throw new DuibaSecurityException("invalid csrf token");
        }
        if (StringUtils.equals(cookieValue, httpServletRequest.getHeader(CSRF_HEADER))) {
            return true;
        }
        throw new DuibaSecurityException("invalid csrf token");
    }

    private boolean isAjaxRequest(HandlerMethod handlerMethod) {
        return (handlerMethod.getMethodAnnotation(ResponseBody.class) == null && handlerMethod.getBeanType().getAnnotation(RestController.class) == null && !handlerMethod.getMethod().getReturnType().equals(Void.TYPE)) ? false : true;
    }

    private List<String> getCookieValues(HttpServletRequest httpServletRequest) {
        ArrayList arrayList = new ArrayList();
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (CSRF_COOKIE.equals(cookie.getName())) {
                    arrayList.add(cookie.getValue());
                }
            }
        }
        return arrayList;
    }

    private String getCookieValue(HttpServletRequest httpServletRequest) {
        List<String> cookieValues = getCookieValues(httpServletRequest);
        if (cookieValues.isEmpty()) {
            return null;
        }
        return cookieValues.get(cookieValues.size() - 1);
    }
}
