package org.apache.wiki.http.filter;

import java.io.IOException;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.wiki.api.core.Session;
import org.apache.wiki.api.spi.Wiki;

/* loaded from: input_file:WEB-INF/lib/jspwiki-http-2.12.0.jar:org/apache/wiki/http/filter/CsrfProtectionFilter.class */
public class CsrfProtectionFilter implements Filter {
    private static final Logger LOG = LogManager.getLogger((Class<?>) CsrfProtectionFilter.class);
    public static final String ANTICSRF_PARAM = "X-XSRF-TOKEN";

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isPost((HttpServletRequest) servletRequest)) {
            if (!requestContainsValidCsrfToken(servletRequest, Wiki.session().find(Wiki.engine().find(servletRequest.getServletContext(), (Properties) null), (HttpServletRequest) servletRequest))) {
                LOG.error("Incorrect {} param with value '{}' received for {}", ANTICSRF_PARAM, servletRequest.getParameter(ANTICSRF_PARAM), ((HttpServletRequest) servletRequest).getPathInfo());
                ((HttpServletResponse) servletResponse).sendRedirect("/error/Forbidden.html");
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public static boolean isCsrfProtectedPost(HttpServletRequest httpServletRequest) {
        if (!isPost(httpServletRequest)) {
            return false;
        }
        return requestContainsValidCsrfToken(httpServletRequest, Wiki.session().find(Wiki.engine().find(httpServletRequest.getServletContext(), (Properties) null), httpServletRequest));
    }

    private static boolean requestContainsValidCsrfToken(ServletRequest servletRequest, Session session) {
        return session.antiCsrfToken().equals(servletRequest.getParameter(ANTICSRF_PARAM));
    }

    static boolean isPost(HttpServletRequest httpServletRequest) {
        return "POST".equalsIgnoreCase(httpServletRequest.getMethod());
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
