package net.sinodawn.framework.security.firewall;

import java.io.IOException;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import net.sinodawn.framework.security.exception.FirewallDeniedException;
import net.sinodawn.framework.utils.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@WebFilter
@Component
/* loaded from: input_file:net/sinodawn/framework/security/firewall/SecurityFirewallFilter.class */
public class SecurityFirewallFilter implements Filter {

    @Value("#{'${sino.security.access-host-list}'.split(',')}")
    private List<String> accessHostList;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!isAccessHostListEmpty()) {
            hostHeaderFirewall(servletRequest);
            csrfFirewall(servletRequest);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void hostHeaderFirewall(ServletRequest servletRequest) {
        String header = ((HttpServletRequest) servletRequest).getHeader("host");
        if (!StringUtils.isBlank(header) && !isAccessableHost(header)) {
            throw new FirewallDeniedException();
        }
    }

    private void csrfFirewall(ServletRequest servletRequest) {
        String header = ((HttpServletRequest) servletRequest).getHeader("referer");
        if (!StringUtils.isBlank(header) && !isAcccessableReferer(header)) {
            throw new FirewallDeniedException();
        }
    }

    private boolean isAccessHostListEmpty() {
        if (this.accessHostList == null || this.accessHostList.isEmpty()) {
            return true;
        }
        return this.accessHostList.size() == 1 && StringUtils.isBlank(this.accessHostList.get(0));
    }

    private boolean isAccessableHost(String str) {
        for (String str2 : this.accessHostList) {
            if (str2.equals(str)) {
                return true;
            }
            if (StringUtils.endsWith(str2, ":80") && StringUtils.removeEnd(str2, ":80").equals(str)) {
                return true;
            }
            if (StringUtils.endsWith(str, ":80") && str2.equals(StringUtils.removeEnd(str, ":80"))) {
                return true;
            }
        }
        return false;
    }

    private boolean isAcccessableReferer(String str) {
        for (String str2 : this.accessHostList) {
            if (StringUtils.startsWithIgnoreCase(str, "http://" + str2 + "/") || StringUtils.startsWithIgnoreCase(str, "https://" + str2 + "/")) {
                return true;
            }
            if (StringUtils.endsWith(str2, ":80")) {
                String removeEnd = StringUtils.removeEnd(str2, ":80");
                if (StringUtils.startsWithIgnoreCase(str, "http://" + removeEnd + "/") || StringUtils.startsWithIgnoreCase(str, "https://" + removeEnd + "/")) {
                    return true;
                }
            }
            if (!StringUtils.contains(str2, ":") && (StringUtils.startsWithIgnoreCase(str, "http://" + str2 + ":80/") || StringUtils.startsWithIgnoreCase(str, "https://" + str2 + ":80/"))) {
                return true;
            }
        }
        return false;
    }
}
