package io.quarkus.csrf.reactive.runtime;

import io.vertx.core.http.Cookie;
import io.vertx.core.http.impl.CookieImpl;
import io.vertx.ext.web.RoutingContext;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import org.jboss.logging.Logger;
import org.jboss.resteasy.reactive.server.ServerResponseFilter;

/* loaded from: input_file:io/quarkus/csrf/reactive/runtime/CsrfResponseFilter.class */
public class CsrfResponseFilter {
    private static final Logger LOG = Logger.getLogger(CsrfResponseFilter.class);
    private static final String CSRF_TOKEN_KEY = "csrf_token";
    private static final String CSRF_TOKEN_BYTES_KEY = "csrf_token_bytes";

    @Inject
    Instance<CsrfReactiveConfig> config;

    @ServerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext, RoutingContext routingContext) {
        String str;
        if (containerRequestContext.getMethod().equals("GET") && isCsrfTokenRequired(routingContext, (CsrfReactiveConfig) this.config.get()) && getCookieToken(routingContext, (CsrfReactiveConfig) this.config.get()) == null) {
            if (((CsrfReactiveConfig) this.config.get()).tokenSignatureKey.isPresent()) {
                byte[] bArr = (byte[]) routingContext.get(CSRF_TOKEN_BYTES_KEY);
                if (bArr == null) {
                    throw new IllegalStateException("CSRF Filter should have set the property csrf_token, but it is null");
                }
                str = CsrfTokenUtils.signCsrfToken(bArr, ((CsrfReactiveConfig) this.config.get()).tokenSignatureKey.get());
            } else {
                String str2 = (String) routingContext.get(CSRF_TOKEN_KEY);
                if (str2 == null) {
                    throw new IllegalStateException("CSRF Filter should have set the property csrf_token, but it is null");
                }
                str = str2;
            }
            createCookie(str, routingContext, (CsrfReactiveConfig) this.config.get());
        }
    }

    private String getCookieToken(RoutingContext routingContext, CsrfReactiveConfig csrfReactiveConfig) {
        Cookie cookie = routingContext.getCookie(csrfReactiveConfig.cookieName);
        if (cookie != null) {
            return cookie.getValue();
        }
        LOG.debug("CSRF token cookie is not set");
        return null;
    }

    private boolean isCsrfTokenRequired(RoutingContext routingContext, CsrfReactiveConfig csrfReactiveConfig) {
        if (csrfReactiveConfig.createTokenPath.isPresent()) {
            return csrfReactiveConfig.createTokenPath.get().contains(routingContext.request().path());
        }
        return true;
    }

    private void createCookie(String str, RoutingContext routingContext, CsrfReactiveConfig csrfReactiveConfig) {
        CookieImpl cookieImpl = new CookieImpl(csrfReactiveConfig.cookieName, str);
        cookieImpl.setHttpOnly(true);
        cookieImpl.setSecure(csrfReactiveConfig.cookieForceSecure || routingContext.request().isSSL());
        cookieImpl.setMaxAge(csrfReactiveConfig.cookieMaxAge.toSeconds());
        cookieImpl.setPath(csrfReactiveConfig.cookiePath);
        if (csrfReactiveConfig.cookieDomain.isPresent()) {
            cookieImpl.setDomain(csrfReactiveConfig.cookieDomain.get());
        }
        routingContext.response().addCookie(cookieImpl);
    }
}
