package org.eclipse.krazo.security;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.List;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.mvc.Controller;
import javax.mvc.security.Csrf;
import javax.mvc.security.CsrfProtected;
import javax.mvc.security.CsrfValidationException;
import javax.ws.rs.DELETE;
import javax.ws.rs.PATCH;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import org.apache.taglibs.standard.extra.spath.SPathParserConstants;
import org.eclipse.krazo.KrazoConfig;
import org.eclipse.krazo.core.Messages;
import org.eclipse.krazo.util.AnnotationUtils;
import org.eclipse.krazo.util.ServiceLoaders;

@Priority(3000)
@Controller
/* loaded from: input_file:WEB-INF/lib/krazo-core-1.0.0.jar:org/eclipse/krazo/security/CsrfValidateFilter.class */
public class CsrfValidateFilter implements ContainerRequestFilter {

    @Inject
    private CsrfTokenManager csrfTokenManager;

    @Inject
    private KrazoConfig krazoConfig;

    @Context
    private ResourceInfo resourceInfo;

    @Inject
    private Messages messages;
    private FormEntityProvider formEntityProvider = (FormEntityProvider) ServiceLoaders.list(FormEntityProvider.class).get(0);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.krazo.security.CsrfValidateFilter$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/krazo-core-1.0.0.jar:org/eclipse/krazo/security/CsrfValidateFilter$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$mvc$security$Csrf$CsrfOptions = new int[Csrf.CsrfOptions.values().length];

        static {
            try {
                $SwitchMap$javax$mvc$security$Csrf$CsrfOptions[Csrf.CsrfOptions.OFF.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$mvc$security$Csrf$CsrfOptions[Csrf.CsrfOptions.IMPLICIT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$mvc$security$Csrf$CsrfOptions[Csrf.CsrfOptions.EXPLICIT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (needsValidation(this.resourceInfo.getResourceMethod())) {
            CsrfToken orElseThrow = this.csrfTokenManager.getToken().orElseThrow(() -> {
                return new CsrfValidationException(this.messages.get("CsrfFailed", "missing token"));
            });
            if (orElseThrow.getValue().equals((String) containerRequestContext.getHeaders().getFirst(orElseThrow.getHeaderName()))) {
                return;
            }
            if (!isSupportedMediaType(containerRequestContext.getMediaType()) || !containerRequestContext.hasEntity()) {
                throw new CsrfValidationException(this.messages.get("UnableValidateCsrf", containerRequestContext.getMediaType()));
            }
            List list = (List) this.formEntityProvider.getForm(containerRequestContext).asMap().get(orElseThrow.getParamName());
            if (list == null || list.isEmpty()) {
                throw new CsrfValidationException(this.messages.get("CsrfFailed", "missing field"));
            }
            if (!orElseThrow.getValue().equals(list.get(0))) {
                throw new CsrfValidationException(this.messages.get("CsrfFailed", "mismatching tokens"));
            }
        }
    }

    protected static boolean isSupportedMediaType(MediaType mediaType) {
        return mediaType != null && mediaType.isCompatible(MediaType.APPLICATION_FORM_URLENCODED_TYPE);
    }

    private boolean needsValidation(Method method) {
        if (method == null || !performsWriteAccess(method)) {
            return false;
        }
        switch (AnonymousClass1.$SwitchMap$javax$mvc$security$Csrf$CsrfOptions[this.krazoConfig.getCsrfOptions().ordinal()]) {
            case 1:
                return false;
            case 2:
                return true;
            case SPathParserConstants.NCNAME /* 3 */:
                return AnnotationUtils.hasAnnotation(method, CsrfProtected.class) || AnnotationUtils.hasAnnotation(method.getDeclaringClass(), CsrfProtected.class);
            default:
                return false;
        }
    }

    private boolean performsWriteAccess(Method method) {
        return AnnotationUtils.hasAnnotation(method, POST.class) || AnnotationUtils.hasAnnotation(method, PATCH.class) || AnnotationUtils.hasAnnotation(method, PUT.class) || AnnotationUtils.hasAnnotation(method, DELETE.class);
    }
}
