package org.jahia.modules.tools.csrf;

import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.jahia.bin.filters.AbstractServletFilter;
import org.jahia.settings.SettingsBean;

/* loaded from: input_file:org/jahia/modules/tools/csrf/ToolsAccessTokenFilter.class */
public class ToolsAccessTokenFilter extends AbstractServletFilter {
    private static final String CSRF_TOKENS_ATTR = "toolAccessTokens";
    public static final String CSRF_TOKEN_ATTR = "toolAccessToken";
    private static final int MAX_TOKENS = 5000;
    private int tokenExpiration = 20;
    private static final Pattern TOOLS_REGEXP = Pattern.compile("^(/[^/]+|)/tools/.*");
    private static final String TOKEN_URI = "/token";
    private static final String TOKEN_METHOD = "POST";
    private static final String TOKEN_CONTENT_TYPE = "application/json";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getPathInfo() != null && TOOLS_REGEXP.matcher(httpServletRequest.getPathInfo()).matches()) {
            if (servletRequest.getParameterMap().size() > 0) {
                validateToken(httpServletRequest);
            } else {
                String generateAndStoreToken = generateAndStoreToken(httpServletRequest);
                if (httpServletRequest.getMethod().equals(TOKEN_METHOD) && httpServletRequest.getRequestURI().endsWith(TOKEN_URI)) {
                    HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                    PrintWriter writer = httpServletResponse.getWriter();
                    httpServletResponse.setContentType(TOKEN_CONTENT_TYPE);
                    httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
                    writer.print("{\"token\":\"" + generateAndStoreToken + "\"}");
                    writer.flush();
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void validateToken(HttpServletRequest httpServletRequest) throws ServletException {
        if (SettingsBean.getInstance().isDevelopmentMode()) {
            return;
        }
        String parameter = httpServletRequest.getParameter(CSRF_TOKEN_ATTR);
        if (parameter == null || getCache(httpServletRequest).get(parameter) == null || getCache(httpServletRequest).get(parameter).longValue() < System.currentTimeMillis() - ((this.tokenExpiration * 60) * 1000)) {
            throw new ServletException("Missing token: " + ((Object) httpServletRequest.getRequestURL()) + (StringUtils.isNotEmpty(httpServletRequest.getQueryString()) ? "?" + httpServletRequest.getQueryString() : ""));
        }
        httpServletRequest.setAttribute(CSRF_TOKEN_ATTR, parameter);
    }

    private String generateAndStoreToken(HttpServletRequest httpServletRequest) {
        String uuid = UUID.randomUUID().toString();
        HashMap<String, Long> cache = getCache(httpServletRequest);
        cache.put(uuid, Long.valueOf(System.currentTimeMillis()));
        if (cache.size() > MAX_TOKENS) {
            cache.remove(cache.entrySet().stream().min(Map.Entry.comparingByValue()).orElseThrow(ArrayIndexOutOfBoundsException::new).getKey());
        }
        httpServletRequest.getSession().setAttribute(CSRF_TOKENS_ATTR, cache);
        httpServletRequest.setAttribute(CSRF_TOKEN_ATTR, uuid);
        return uuid;
    }

    private HashMap<String, Long> getCache(HttpServletRequest httpServletRequest) {
        HashMap<String, Long> hashMap = (HashMap) httpServletRequest.getSession().getAttribute(CSRF_TOKENS_ATTR);
        if (hashMap == null) {
            hashMap = new HashMap<>();
            httpServletRequest.getSession().setAttribute(CSRF_TOKENS_ATTR, hashMap);
        }
        return hashMap;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void setTokenExpiration(int i) {
        this.tokenExpiration = i;
    }
}
