package org.glassfish.ozark.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method;
import java.net.URLDecoder;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.mvc.annotation.CsrfValid;
import javax.mvc.security.Csrf;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.POST;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.ReaderInterceptor;
import javax.ws.rs.ext.ReaderInterceptorContext;
import org.glassfish.ozark.core.Messages;
import org.glassfish.ozark.util.AnnotationUtils;

@Priority(3000)
/* loaded from: input_file:org/glassfish/ozark/security/CsrfValidateInterceptor.class */
public class CsrfValidateInterceptor implements ReaderInterceptor {
    private static final int BUFFER_SIZE = 4096;
    private static final String DEFAULT_CHARSET = "UTF-8";

    @Inject
    private Csrf csrf;

    @Context
    private Configuration config;

    @Context
    private ResourceInfo resourceInfo;

    @Inject
    private Messages messages;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.glassfish.ozark.security.CsrfValidateInterceptor$1, reason: invalid class name */
    /* loaded from: input_file:org/glassfish/ozark/security/CsrfValidateInterceptor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$mvc$security$Csrf$CsrfOptions = new int[Csrf.CsrfOptions.values().length];

        static {
            try {
                $SwitchMap$javax$mvc$security$Csrf$CsrfOptions[Csrf.CsrfOptions.OFF.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$mvc$security$Csrf$CsrfOptions[Csrf.CsrfOptions.IMPLICIT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$mvc$security$Csrf$CsrfOptions[Csrf.CsrfOptions.EXPLICIT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public Object aroundReadFrom(ReaderInterceptorContext readerInterceptorContext) throws IOException, WebApplicationException {
        if (needsValidation(this.resourceInfo.getResourceMethod())) {
            if (this.csrf.getToken().equals((String) readerInterceptorContext.getHeaders().getFirst(this.csrf.getName()))) {
                return readerInterceptorContext.proceed();
            }
            MediaType mediaType = readerInterceptorContext.getMediaType();
            if (!mediaType.equals(MediaType.APPLICATION_FORM_URLENCODED_TYPE)) {
                throw new ForbiddenException(this.messages.get("UnableValidateCsrf", readerInterceptorContext.getMediaType()));
            }
            InputStream inputStream = readerInterceptorContext.getInputStream();
            ByteArrayInputStream copyStream = inputStream instanceof ByteArrayInputStream ? (ByteArrayInputStream) inputStream : copyStream(inputStream);
            boolean z = false;
            String str = (String) mediaType.getParameters().get("charset");
            String[] split = toString(copyStream, str != null ? str : DEFAULT_CHARSET).split("\\&");
            int i = 0;
            while (true) {
                if (i >= split.length) {
                    break;
                }
                String[] split2 = split[i].split("=");
                if (!this.csrf.getName().equals(URLDecoder.decode(split2[0], DEFAULT_CHARSET))) {
                    i++;
                } else {
                    if (!this.csrf.getToken().equals(URLDecoder.decode(split2[1], DEFAULT_CHARSET))) {
                        throw new ForbiddenException(this.messages.get("CsrfFailed", "mismatching tokens"));
                    }
                    z = true;
                }
            }
            if (!z) {
                throw new ForbiddenException(this.messages.get("CsrfFailed", "missing field"));
            }
            copyStream.reset();
            readerInterceptorContext.setInputStream(copyStream);
        }
        return readerInterceptorContext.proceed();
    }

    private ByteArrayInputStream copyStream(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Throwable th = null;
        try {
            byte[] bArr = new byte[BUFFER_SIZE];
            while (true) {
                int read = inputStream.read(bArr);
                if (read < 0) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            return byteArrayInputStream;
        } catch (Throwable th3) {
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th3;
        }
    }

    private String toString(ByteArrayInputStream byteArrayInputStream, String str) throws UnsupportedEncodingException {
        int read;
        int i = 0;
        byte[] bArr = new byte[byteArrayInputStream.available()];
        do {
            read = byteArrayInputStream.read(bArr, i, bArr.length - i);
            i = read;
        } while (read >= 0);
        byteArrayInputStream.reset();
        return new String(bArr, str);
    }

    private boolean needsValidation(Method method) {
        if (method == null || !AnnotationUtils.hasAnnotation(method, POST.class) || this.config.getProperty("javax.mvc.security.CsrfProtection") == null) {
            return false;
        }
        switch (AnonymousClass1.$SwitchMap$javax$mvc$security$Csrf$CsrfOptions[((Csrf.CsrfOptions) this.config.getProperty("javax.mvc.security.CsrfProtection")).ordinal()]) {
            case 1:
                return false;
            case 2:
                return true;
            case 3:
                return AnnotationUtils.hasAnnotation(method, CsrfValid.class);
            default:
                return false;
        }
    }
}
