package org.wso2.carbon.ui.filters.csrf;

import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.text.StrSubstitutor;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.ui.filters.csrf.CSRFConstants;

/* loaded from: input_file:org/wso2/carbon/ui/filters/csrf/CSRFProtector.class */
public class CSRFProtector {
    private static final Log log = LogFactory.getLog(CSRFProtector.class);
    private static final String JS_TEMPLATE = "/web/admin/js/csrf.js";
    private CSRFFilterConfig config;
    private Pattern skipUrlPattern;
    private StringBuilder jsTemplate;

    public CSRFProtector(CSRFFilterConfig cSRFFilterConfig) {
        this.config = cSRFFilterConfig;
        initSkipUrlPattern(cSRFFilterConfig.getSkipUrlPattern());
        loadJSTemplate();
    }

    public boolean skipUrl(String str) {
        if (this.skipUrlPattern != null) {
            return this.skipUrlPattern.matcher(str).matches();
        }
        return false;
    }

    public void applyProtection(HttpServletRequest httpServletRequest, CSRFResponseWrapper cSRFResponseWrapper) throws CSRFException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || !"POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return;
        }
        String parameter = httpServletRequest.getParameter(CSRFConstants.CSRF_TOKEN);
        String cSRFTokenFromSession = getCSRFTokenFromSession(session);
        if (cSRFTokenFromSession == null || !cSRFTokenFromSession.equals(parameter)) {
            throw new CSRFException("A potential CSRF attack from " + httpServletRequest.getRequestURI());
        }
    }

    public void enforceProtection(HttpServletRequest httpServletRequest, CSRFResponseWrapper cSRFResponseWrapper) throws IOException {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            if (getCSRFTokenFromSession(session) == null) {
                setCSRFTokenForSession(session);
            }
            cSRFResponseWrapper.setContent(CSRFConstants.HTML_HEAD_PATTERN.matcher(new String(cSRFResponseWrapper.getContent())).replaceAll("<script type=\"text/javascript\">\n" + Matcher.quoteReplacement(getInjectingJS(getCSRFTokenFromSession(session))) + "\n</script>\n</head>"));
            cSRFResponseWrapper.write();
        }
    }

    public CSRFFilterConfig getConfig() {
        return this.config;
    }

    private void initSkipUrlPattern(String str) {
        if (StringUtils.isNotBlank(str)) {
            this.skipUrlPattern = Pattern.compile(str);
        }
    }

    private void loadJSTemplate() {
        this.jsTemplate = new StringBuilder();
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(JS_TEMPLATE);
            while (true) {
                try {
                    int read = resourceAsStream.read();
                    if (read <= 0) {
                        break;
                    } else {
                        this.jsTemplate.append((char) read);
                    }
                } finally {
                }
            }
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (IOException e) {
            log.error("Failed to load CSRF javascript template", e);
        }
    }

    private String getCSRFTokenFromSession(HttpSession httpSession) {
        return (String) httpSession.getAttribute(CSRFConstants.CSRF_TOKEN);
    }

    private void setCSRFTokenForSession(HttpSession httpSession) {
        try {
            httpSession.setAttribute(CSRFConstants.CSRF_TOKEN, generateCSRFToken());
        } catch (NoSuchAlgorithmException e) {
            log.error("CSRF Token generation failed.", e);
        }
    }

    private String getInjectingJS(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(CSRFConstants.JSTemplateToken.CSRF_TOKEN_NAME, CSRFConstants.CSRF_TOKEN);
        hashMap.put(CSRFConstants.JSTemplateToken.CSRF_TOKEN_VALUE, str);
        return new StrSubstitutor(hashMap).replace(this.jsTemplate.toString());
    }

    private static String generateCSRFToken() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[16];
        StringBuilder sb = new StringBuilder();
        SecureRandom.getInstance(CSRFConstants.CSRF_TOKEN_PRNG).nextBytes(bArr);
        for (int i = 0; i < bArr.length; i++) {
            byte b = (byte) ((bArr[i] & 240) >> 4);
            byte b2 = (byte) (bArr[i] & 15);
            if (b < 10) {
                sb.append((char) (48 + b));
            } else {
                sb.append((char) (65 + (b - 10)));
            }
            if (b2 < 10) {
                sb.append((char) (48 + b2));
            } else {
                sb.append((char) (65 + (b2 - 10)));
            }
        }
        return sb.toString();
    }
}
