package org.wso2.carbon.ui.filters;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.ui.filters.csrf.CSRFConstants;
import org.wso2.carbon.ui.filters.csrf.CSRFFilterConfig;
import org.wso2.carbon.ui.filters.csrf.CSRFProtector;
import org.wso2.carbon.ui.filters.csrf.CSRFResponseWrapper;

/* loaded from: input_file:org/wso2/carbon/ui/filters/CSRFPreventionFilter.class */
public class CSRFPreventionFilter implements Filter {
    private CSRFProtector protector;

    public void init(FilterConfig filterConfig) throws ServletException {
        CSRFFilterConfig cSRFFilterConfig = new CSRFFilterConfig();
        ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
        cSRFFilterConfig.setEnabled(serverConfiguration.getFirstProperty(CSRFConstants.ConfigurationProperties.ENABLED) == null ? false : Boolean.parseBoolean(serverConfiguration.getFirstProperty(CSRFConstants.ConfigurationProperties.ENABLED)));
        cSRFFilterConfig.setSkipUrlPattern(serverConfiguration.getFirstProperty(CSRFConstants.ConfigurationProperties.SKIP_URL_PATTERN));
        this.protector = new CSRFProtector(cSRFFilterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!this.protector.getConfig().isEnabled() || !(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.protector.skipUrl(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        CSRFResponseWrapper cSRFResponseWrapper = new CSRFResponseWrapper(httpServletResponse);
        this.protector.applyProtection(httpServletRequest, cSRFResponseWrapper);
        filterChain.doFilter(httpServletRequest, cSRFResponseWrapper);
        this.protector.enforceProtection(httpServletRequest, cSRFResponseWrapper);
    }

    public void destroy() {
    }
}
