package org.springframework.security.web.csrf;

import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.util.RequestMatcher;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:WEB-INF/lib/terasoluna-gfw-security-web-1.1.0-20140522.100120-261.jar:org/springframework/security/web/csrf/CsrfFilter.class */
public final class CsrfFilter extends OncePerRequestFilter {
    private final CsrfTokenRepository tokenRepository;
    private final Log logger = LogFactory.getLog(getClass());
    private RequestMatcher requireCsrfProtectionMatcher = new DefaultRequiresCsrfMatcher();
    private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();

    /* loaded from: input_file:WEB-INF/lib/terasoluna-gfw-security-web-1.1.0-20140522.100120-261.jar:org/springframework/security/web/csrf/CsrfFilter$DefaultRequiresCsrfMatcher.class */
    private static final class DefaultRequiresCsrfMatcher implements RequestMatcher {
        private Pattern allowedMethods;

        private DefaultRequiresCsrfMatcher() {
            this.allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
        }

        @Override // org.springframework.security.web.util.RequestMatcher
        public boolean matches(HttpServletRequest httpServletRequest) {
            return !this.allowedMethods.matcher(httpServletRequest.getMethod()).matches();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/terasoluna-gfw-security-web-1.1.0-20140522.100120-261.jar:org/springframework/security/web/csrf/CsrfFilter$SaveOnAccessCsrfToken.class */
    private static final class SaveOnAccessCsrfToken implements CsrfToken {
        private transient CsrfTokenRepository tokenRepository;
        private transient HttpServletRequest request;
        private transient HttpServletResponse response;
        private final CsrfToken delegate;

        public SaveOnAccessCsrfToken(CsrfTokenRepository csrfTokenRepository, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, CsrfToken csrfToken) {
            this.tokenRepository = csrfTokenRepository;
            this.request = httpServletRequest;
            this.response = httpServletResponse;
            this.delegate = csrfToken;
        }

        @Override // org.springframework.security.web.csrf.CsrfToken
        public String getHeaderName() {
            return this.delegate.getHeaderName();
        }

        @Override // org.springframework.security.web.csrf.CsrfToken
        public String getParameterName() {
            return this.delegate.getParameterName();
        }

        @Override // org.springframework.security.web.csrf.CsrfToken
        public String getToken() {
            saveTokenIfNecessary();
            return this.delegate.getToken();
        }

        public String toString() {
            return "SaveOnAccessCsrfToken [delegate=" + this.delegate + "]";
        }

        public int hashCode() {
            return (31 * 1) + (this.delegate == null ? 0 : this.delegate.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            SaveOnAccessCsrfToken saveOnAccessCsrfToken = (SaveOnAccessCsrfToken) obj;
            return this.delegate == null ? saveOnAccessCsrfToken.delegate == null : this.delegate.equals(saveOnAccessCsrfToken.delegate);
        }

        private void saveTokenIfNecessary() {
            if (this.tokenRepository == null) {
                return;
            }
            synchronized (this) {
                if (this.tokenRepository != null) {
                    this.tokenRepository.saveToken(this.delegate, this.request, this.response);
                    this.tokenRepository = null;
                    this.request = null;
                    this.response = null;
                }
            }
        }
    }

    public CsrfFilter(CsrfTokenRepository csrfTokenRepository) {
        Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
        this.tokenRepository = csrfTokenRepository;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        CsrfToken loadToken = this.tokenRepository.loadToken(httpServletRequest);
        if (loadToken == null) {
            loadToken = new SaveOnAccessCsrfToken(this.tokenRepository, httpServletRequest, httpServletResponse, this.tokenRepository.generateToken(httpServletRequest));
        }
        httpServletRequest.setAttribute(CsrfToken.class.getName(), loadToken);
        httpServletRequest.setAttribute(loadToken.getParameterName(), loadToken);
        if (!this.requireCsrfProtectionMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader(loadToken.getHeaderName());
        if (header == null) {
            header = httpServletRequest.getParameter(loadToken.getParameterName());
        }
        if (loadToken.getToken().equals(header)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Invalid CSRF token found for " + UrlUtils.buildFullRequestUrl(httpServletRequest));
        }
        this.accessDeniedHandler.handle(httpServletRequest, httpServletResponse, new InvalidCsrfTokenException(loadToken, header));
    }

    public void setRequireCsrfProtectionMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requireCsrfProtectionMatcher cannot be null");
        this.requireCsrfProtectionMatcher = requestMatcher;
    }

    public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        Assert.notNull(accessDeniedHandler, "accessDeniedHandler cannot be null");
        this.accessDeniedHandler = accessDeniedHandler;
    }
}
