package org.artifactory.webapp.servlet;

import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.artifactory.common.ConstantValues;
import org.artifactory.security.AccessLogger;
import org.artifactory.util.HttpUtils;
import org.artifactory.util.SessionUtils;
import org.jfrog.client.util.PathUtils;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/artifactory/webapp/servlet/ArtifactoryCsrfFilter.class */
public class ArtifactoryCsrfFilter extends DelayedFilterBase {
    private final String HEADER_NAME = "X-Requested-With";
    private static final Set<String> METHODS_TO_IGNORE;
    private static final Set<String> PATHS_TO_IGNORE;

    @Override // org.artifactory.webapp.servlet.DelayedFilterBase
    public void initLater(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (shouldSkipFilter(servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (METHODS_TO_IGNORE.contains(httpServletRequest.getMethod()) || shouldIgnorePath(PathUtils.trimTrailingSlashes(httpServletRequest.getRequestURI()))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        Authentication authentication = SessionUtils.getAuthentication(httpServletRequest);
        if (authentication == null || (httpServletRequest.getHeader("X-Requested-With") != null && StringUtils.equals(httpServletRequest.getHeader("X-Requested-With"), getCsrfHeaderValue()))) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            AccessLogger.deniedAuthentication(true, authentication, "Cross-Site Request Forgery");
            HttpUtils.sendErrorResponse((HttpServletResponse) servletResponse, 403, "Request was blocked. Please refer to access.log");
        }
    }

    private String getCsrfHeaderValue() {
        String string = ConstantValues.csrfProtectionHeaderValue.getString();
        return StringUtils.isNotEmpty(string) ? string : "artUI";
    }

    public void destroy() {
    }

    private boolean shouldIgnorePath(String str) {
        if (str != null) {
            Stream<String> stream = PATHS_TO_IGNORE.stream();
            Objects.requireNonNull(str);
            if (stream.anyMatch(str::endsWith)) {
                return true;
            }
        }
        return false;
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("GET");
        hashSet.add("OPTIONS");
        hashSet.add("HEAD");
        METHODS_TO_IGNORE = Collections.unmodifiableSet(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add("ui/builds/exportLicenses");
        hashSet2.add("ui/saml/loginResponse");
        PATHS_TO_IGNORE = Collections.unmodifiableSet(hashSet2);
    }
}
