package no.nav.sbl.dialogarena.common.web.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/sbl/dialogarena/common/web/security/CsrfDoubleSubmitCookieFilter.class */
public class CsrfDoubleSubmitCookieFilter implements Filter {
    public static final String IGNORED_URLS_INIT_PARAMETER_NAME = "ignoredUrls";
    private String[] ignoredUrls;
    private static final Logger LOG = LoggerFactory.getLogger(CsrfDoubleSubmitCookieFilter.class);
    private static final Set<String> ALLOWED_METHODS = new HashSet(Arrays.asList("GET", "HEAD", "OPTIONS"));

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(IGNORED_URLS_INIT_PARAMETER_NAME);
        this.ignoredUrls = initParameter != null ? initParameter.split(",") : new String[0];
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        Stream stream = Arrays.stream(this.ignoredUrls);
        substring.getClass();
        if (stream.noneMatch(substring::startsWith)) {
            if (ALLOWED_METHODS.contains(httpServletRequest.getMethod())) {
                if (httpServletRequest.getCookies() == null || Arrays.stream(httpServletRequest.getCookies()).noneMatch(cookie -> {
                    return cookie.getName().equals("NAV_CSRF_PROTECTION");
                })) {
                    httpServletResponse.addCookie(createCsrfProtectionCookie(httpServletRequest));
                }
            } else if (!cookieMatcherHeader(httpServletRequest)) {
                LOG.warn("Feil i CSRF-sjekk. Bruker du dette filteret må du i frontend sørge for å sende med NAV_CSRF_PROTECTION-cookien som en header med navn NAV_CSRF_PROTECTION og verdien til cookien. Er headeren satt? " + StringUtils.isNotBlank(httpServletRequest.getHeader("NAV_CSRF_PROTECTION")));
                httpServletResponse.sendError(401, "Mangler NAV_CSRF_PROTECTION-cookie!! Du må inkludere cookie-verdien i en header med navn NAV_CSRF_PROTECTION");
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean cookieMatcherHeader(HttpServletRequest httpServletRequest) {
        return ((Boolean) streamNullSafe(httpServletRequest.getCookies()).filter(cookie -> {
            return cookie.getName().equals("NAV_CSRF_PROTECTION");
        }).map((v0) -> {
            return v0.getValue();
        }).findFirst().map(str -> {
            return Boolean.valueOf(str.equals(httpServletRequest.getHeader("NAV_CSRF_PROTECTION")));
        }).orElse(false)).booleanValue();
    }

    private static <T> Stream<T> streamNullSafe(T[] tArr) {
        return tArr != null ? Arrays.stream(tArr) : Stream.empty();
    }

    private Cookie createCsrfProtectionCookie(HttpServletRequest httpServletRequest) {
        Cookie cookie = new Cookie("NAV_CSRF_PROTECTION", UUID.randomUUID().toString());
        cookie.setSecure(true);
        cookie.setPath("/");
        cookie.setMaxAge(604800);
        cookie.setDomain(httpServletRequest.getServerName());
        return cookie;
    }

    public void destroy() {
    }
}
