package com.google.gerrit.httpd;

import com.google.common.base.Strings;
import com.google.gerrit.extensions.registration.DynamicItem;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.config.AuthConfig;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.util.URIUtil;

@Singleton
/* loaded from: input_file:com/google/gerrit/httpd/XsrfCookieFilter.class */
public class XsrfCookieFilter implements Filter {
    private final Provider<CurrentUser> user;
    private final DynamicItem<WebSession> session;
    private final AuthConfig authConfig;

    @Inject
    XsrfCookieFilter(Provider<CurrentUser> provider, DynamicItem<WebSession> dynamicItem, AuthConfig authConfig) {
        this.user = provider;
        this.session = dynamicItem;
        this.authConfig = authConfig;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        setXsrfTokenCookie((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, this.user.get().isIdentifiedUser() ? this.session.get() : null);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void setXsrfTokenCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WebSession webSession) {
        String xGerritAuth = webSession != null ? webSession.getXGerritAuth() : null;
        Cookie cookie = new Cookie(XsrfConstants.XSRF_COOKIE_NAME, Strings.nullToEmpty(xGerritAuth));
        cookie.setPath("/");
        cookie.setSecure(this.authConfig.getCookieSecure() && isSecure(httpServletRequest));
        cookie.setMaxAge(xGerritAuth != null ? -1 : 0);
        httpServletResponse.addCookie(cookie);
    }

    private boolean isSecure(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isSecure() || URIUtil.HTTPS.equals(httpServletRequest.getScheme());
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
