package com.adobe.idp.um.auth.filter;

import com.adobe.idp.Context;
import com.adobe.idp.um.api.DirectoryManager;
import com.adobe.idp.um.api.UMConstants;
import com.adobe.idp.um.api.UMFactory;
import com.adobe.livecycle.design.client.ApplicationConstants;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/adobe/idp/um/auth/filter/CSRFFilter.class */
public class CSRFFilter implements Filter {
    private static final Logger logger = Logger.getLogger(CSRFFilter.class.getName());
    public static final String CSRF_FLAG = "lc.um.csrffilter.disabled";
    public static final String URI_LIST_NAME = "CSRF_ALLOWED_URIS_LIST_NAME";
    public static final String ALLOW_NULL_REFERER = "CSRF_ALLOW_NULL_REFERER";
    public static final String ALLOWED_REFERER_EXCEPTIONS = "CSRF_ALLOWED_REFERER_EXCEPTIONS";
    public static final String NULL_REFERER_EXCEPTIONS = "CSRF_NULL_REFERER_EXCEPTIONS";
    public static final String CHECK_GETS = "CSRF_CHECK_GETS";
    private List<URL> allowedReferers = new ArrayList();
    private List<String> allowedURIs = new ArrayList();
    private List<String> allowedRefererExceptions = new ArrayList();
    private List<String> globalAllowedRefererExceptions = new ArrayList();
    private List<String> nullExceptions = new ArrayList();
    private boolean checkGets = false;
    private boolean allowNull = false;
    private boolean initialized = false;
    String allowedURIsListName = null;
    String allowedRefererExceptionsListName = null;
    String context = null;
    String flag = null;
    private ParameterFilter parameterFilter = new ParameterFilter();

    public void destroy() {
        this.parameterFilter.destroy();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.flag == null) {
            this.flag = System.getProperty(CSRF_FLAG, "false");
        }
        if (Boolean.parseBoolean(this.flag)) {
            invokeNextFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        if (!this.initialized) {
            initialize(servletRequest, servletResponse, filterChain);
        }
        if (this.allowedReferers.size() == 0) {
            invokeNextFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("referer");
        String method = httpServletRequest.getMethod();
        String lowerCase = httpServletRequest.getRequestURI().toLowerCase();
        if (checkMethod(method) || checkAllowedURIs(httpServletRequest, httpServletResponse) || checkReferer(header, lowerCase, httpServletRequest, httpServletResponse)) {
            invokeNextFilter(httpServletRequest, httpServletResponse, filterChain);
        } else {
            httpServletResponse.sendError(403, "Please contact your System administrator.");
        }
    }

    private void invokeNextFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.parameterFilter.isEnabled()) {
            this.parameterFilter.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean checkMethod(String str) {
        return "get".equals(str.trim().toLowerCase()) && !this.checkGets;
    }

    private boolean checkAllowedURIs(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String lowerCase = httpServletRequest.getRequestURI().toLowerCase();
        if (this.allowedURIs.size() <= 0) {
            return false;
        }
        for (int i = 0; i < this.allowedURIs.size(); i++) {
            if (Pattern.matches(this.allowedURIs.get(i), lowerCase)) {
                return true;
            }
        }
        return false;
    }

    private boolean checkReferer(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (str == null) {
            if (this.allowNull) {
                return true;
            }
            if (!str2.endsWith("/")) {
                str2 = str2 + "/";
            }
            for (int i = 0; i < this.nullExceptions.size(); i++) {
                if (str2.equals(this.nullExceptions.get(i))) {
                    return true;
                }
            }
            logger.warning("Blocked request for resource:" + str2 + " due to null referer. More information is available at http://www.adobe.com/go/learn_dep_hardening_10");
            return false;
        }
        try {
            str = str.toLowerCase();
        } catch (Exception e) {
        }
        if (str.startsWith("app:/")) {
            return true;
        }
        URL url = new URL(str);
        for (int i2 = 0; i2 < this.allowedReferers.size(); i2++) {
            URL url2 = this.allowedReferers.get(i2);
            boolean z = url2.getProtocol().equalsIgnoreCase(url.getProtocol()) && url2.getHost().equalsIgnoreCase(url.getHost());
            if (url2.getPort() != 0) {
                if (url2.getPort() == url.getPort()) {
                    z = z && url2.getPort() == url.getPort();
                } else {
                    int port = url2.getPort();
                    if (url2.getPort() == -1) {
                        if ("http".equalsIgnoreCase(url2.getProtocol())) {
                            port = 80;
                        } else if ("https".equalsIgnoreCase(url2.getProtocol())) {
                            port = 443;
                        }
                    }
                    int port2 = url.getPort();
                    if (url.getPort() == -1) {
                        if ("http".equalsIgnoreCase(url.getProtocol())) {
                            port2 = 80;
                        }
                        if ("https".equalsIgnoreCase(url.getProtocol())) {
                            port2 = 443;
                        }
                    }
                    z = z && port == port2;
                }
            }
            if (z) {
                if (this.allowedRefererExceptions.size() <= 0) {
                    return true;
                }
                boolean z2 = false;
                String str3 = null;
                String lowerCase = url.getPath().toLowerCase();
                Iterator<String> it = this.allowedRefererExceptions.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    if (Pattern.matches(next, lowerCase)) {
                        z2 = true;
                        str3 = next;
                        break;
                    }
                }
                if (!z2) {
                    return true;
                }
                logger.warning("Blocked request for resource:" + str2 + " due to referer exception:" + str3 + ". More information is available at http://www.adobe.com/go/learn_dep_hardening_10");
            }
        }
        logger.warning("Blocked request for resource:" + str2 + " due to invalid referer:" + str + ". More information is available at http://www.adobe.com/go/learn_dep_hardening_10");
        return false;
    }

    public void initialize(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        this.context = ((HttpServletRequest) servletRequest).getContextPath();
        try {
            List allowedReferers = getDirectoryManager().getAllowedReferers();
            if (allowedReferers.size() > 0) {
                toLowerCaseURLs(allowedReferers, this.allowedReferers, false);
                logger.info("Fetched allowed referer list for servlet:" + this.context);
            }
        } catch (Exception e) {
            this.allowedReferers = new ArrayList();
        }
        if (this.allowedURIsListName != null) {
            try {
                List allowedURIsList = getDirectoryManager().getAllowedURIsList(this.allowedURIsListName);
                if (allowedURIsList.size() > 0) {
                    toLowerCase(allowedURIsList, this.allowedURIs, false);
                    logger.info("Fetched allowed URI's list for servlet:" + this.context);
                }
            } catch (Exception e2) {
                this.allowedURIs = new ArrayList();
            }
        }
        if (this.allowedRefererExceptionsListName != null) {
            try {
                List allowedRefererExceptions = getDirectoryManager().getAllowedRefererExceptions(this.allowedRefererExceptionsListName);
                if (allowedRefererExceptions.size() > 0) {
                    toLowerCase(allowedRefererExceptions, this.allowedRefererExceptions, false);
                    logger.info("Fetched allowed referer exceptions list for servlet:" + this.context);
                }
            } catch (Exception e3) {
                this.allowedRefererExceptions = new ArrayList();
            }
        }
        try {
            List allowedRefererExceptions2 = getDirectoryManager().getAllowedRefererExceptions(UMConstants.LC_GLOBAL_ALLOWED_REFERER_EXCEPTION);
            if (allowedRefererExceptions2.size() > 0) {
                toLowerCase(allowedRefererExceptions2, this.globalAllowedRefererExceptions, false);
                logger.info("Fetched Global Allowed referer exceptions list for servlet:" + this.context);
            }
        } catch (Exception e4) {
            this.globalAllowedRefererExceptions = new ArrayList();
        }
        this.allowedRefererExceptions.addAll(this.globalAllowedRefererExceptions);
        this.initialized = true;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(ALLOW_NULL_REFERER);
        if (initParameter == null) {
            this.allowNull = false;
        } else if (initParameter.trim().toLowerCase().equals("true")) {
            this.allowNull = true;
        } else {
            this.allowNull = false;
        }
        this.allowedURIsListName = filterConfig.getInitParameter(URI_LIST_NAME);
        this.allowedRefererExceptionsListName = filterConfig.getInitParameter(ALLOWED_REFERER_EXCEPTIONS);
        String initParameter2 = filterConfig.getInitParameter(NULL_REFERER_EXCEPTIONS);
        if (initParameter2 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(initParameter2, ApplicationConstants.REFERENCES_DELIMIETER);
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (!nextToken.trim().equals("")) {
                    if (!nextToken.trim().endsWith("/")) {
                        nextToken = nextToken.trim() + "/";
                    }
                    this.nullExceptions.add(nextToken.trim().toLowerCase());
                }
            }
        }
        String initParameter3 = filterConfig.getInitParameter(CHECK_GETS);
        if (initParameter3 != null) {
            this.checkGets = Boolean.parseBoolean(initParameter3);
        }
        this.parameterFilter.init(filterConfig);
    }

    private void toLowerCase(List list, List list2, boolean z) {
        for (int i = 0; i < list.size(); i++) {
            String lowerCase = ((String) list.get(i)).toLowerCase();
            if (!lowerCase.trim().equals("")) {
                if (!lowerCase.trim().endsWith("/") && z) {
                    lowerCase = lowerCase.trim() + "/";
                }
                list2.add(lowerCase.trim());
            }
        }
    }

    private void toLowerCaseURLs(List<String> list, List<URL> list2, boolean z) {
        for (int i = 0; i < list.size(); i++) {
            String lowerCase = list.get(i).toLowerCase();
            if (!lowerCase.trim().equals("")) {
                if (!lowerCase.trim().endsWith("/") && z) {
                    lowerCase = lowerCase.trim() + "/";
                }
                try {
                    list2.add(new URL(lowerCase.trim()));
                } catch (Exception e) {
                    logger.log(Level.INFO, "Failed to add " + lowerCase.trim() + " to Allowed Referer URL's list due to " + e.getMessage());
                }
            }
        }
    }

    protected DirectoryManager getDirectoryManager() {
        return UMFactory.getInstance().getDirectoryManager(new Context());
    }
}
