package keywhiz.auth.xsrf;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import keywhiz.auth.cookie.CookieConfig;
import keywhiz.auth.cookie.SessionCookie;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:keywhiz/auth/xsrf/XsrfServletFilter.class */
public class XsrfServletFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(XsrfServletFilter.class);
    private static final Set<String> EXCLUDED_PATHS = ImmutableSet.of("/admin/login", "/admin/logout");
    private final String sessionCookieName;
    private final String xsrfHeaderName;

    @Inject
    public XsrfServletFilter(@SessionCookie CookieConfig cookieConfig, @Xsrf String str) {
        this.sessionCookieName = cookieConfig.getName();
        this.xsrfHeaderName = str;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (EXCLUDED_PATHS.contains(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String header = httpServletRequest.getHeader(this.xsrfHeaderName);
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals(this.sessionCookieName)) {
                    str = cookie.getValue();
                }
            }
        }
        if (Strings.isNullOrEmpty(header)) {
            logger.warn("Request missing {} header", this.xsrfHeaderName);
            ((HttpServletResponse) servletResponse).sendError(401);
        } else if (Strings.isNullOrEmpty(str)) {
            logger.warn("Request missing {} cookie", this.sessionCookieName);
            ((HttpServletResponse) servletResponse).sendError(401);
        } else if (XsrfProtection.isValid(header, str)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            logger.warn("Invalid {} header in request: {}", this.xsrfHeaderName, header);
            ((HttpServletResponse) servletResponse).sendError(401);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
