package org.wso2.carbon.ui.valve;

import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
import org.wso2.carbon.base.ServerConfiguration;

/* loaded from: input_file:org/wso2/carbon/ui/valve/CSRFValve.class */
public class CSRFValve extends ValveBase {
    private static String[] csrfPatternList;
    private static String[] whiteList;
    private static String csrfRule;
    private static String REFERER_HEADER = "referer";
    private static String CSRF_VALVE_PROPERTY = "Security.CSRFPreventionConfig";
    private static String ENABLED_PROPERTY = CSRF_VALVE_PROPERTY + ".Enabled";
    private static String WHITE_LIST_PROPERTY = CSRF_VALVE_PROPERTY + ".WhiteList.Url";
    private static String RULE_PATTERN_PROPERTY = CSRF_VALVE_PROPERTY + ".Patterns.Pattern";
    private static String RULE_PROPERTY = CSRF_VALVE_PROPERTY + ".Rule";
    private static String RULE_ALLOW = "allow";
    private static String RULE_DENY = "deny";
    private static boolean csrfEnabled = false;

    private void loadConfiguration() {
        ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
        whiteList = serverConfiguration.getProperties(WHITE_LIST_PROPERTY);
        csrfPatternList = serverConfiguration.getProperties(RULE_PATTERN_PROPERTY);
        csrfRule = serverConfiguration.getFirstProperty(RULE_PROPERTY);
        if (whiteList.length <= 0 || csrfPatternList.length <= 0 || csrfRule == null || serverConfiguration.getFirstProperty(ENABLED_PROPERTY) == null || !Boolean.parseBoolean(serverConfiguration.getFirstProperty(ENABLED_PROPERTY))) {
            return;
        }
        csrfEnabled = true;
    }

    protected void initInternal() throws LifecycleException {
        super.initInternal();
        loadConfiguration();
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        if (csrfEnabled) {
            validatePatterns(request);
        }
        getNext().invoke(request, response);
    }

    private void validatePatterns(Request request) throws ServletException {
        String substring = request.getRequestURI().substring(request.getRequestURI().indexOf("/") + 1);
        if (RULE_ALLOW.equals(csrfRule) && !isContextStartWithGivenPatterns(substring)) {
            validateRefererHeader(request);
        } else if (RULE_DENY.equals(csrfRule) && isContextStartWithGivenPatterns(substring)) {
            validateRefererHeader(request);
        }
    }

    private boolean isContextStartWithGivenPatterns(String str) {
        boolean z = false;
        String[] strArr = csrfPatternList;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (str.startsWith(strArr[i])) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private void validateRefererHeader(Request request) throws ServletException {
        String header = request.getHeader(REFERER_HEADER);
        boolean z = false;
        if (header != null) {
            String[] strArr = whiteList;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (header.startsWith(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                throw new ServletException("Possible CSRF attack. Refer header : " + header);
            }
        }
    }
}
