package com.appiancorp.security.csrf;

import com.appiancorp.security.auth.saml.SamlSpServiceUrlGenerator;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashMap;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:com/appiancorp/security/csrf/CsrfChannelProcessingFilter.class */
public class CsrfChannelProcessingFilter extends ChannelProcessingFilter {
    private static final Logger LOG = Logger.getLogger(CsrfChannelProcessingFilter.class);
    private final FormLoginFilter formLoginFilter;

    public CsrfChannelProcessingFilter(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> linkedHashMap, FormLoginFilter formLoginFilter) {
        ChannelDecisionManagerImpl channelDecisionManagerImpl = new ChannelDecisionManagerImpl();
        this.formLoginFilter = formLoginFilter;
        ArrayList arrayList = new ArrayList();
        arrayList.add(new CsrfChannelProcessor(formLoginFilter));
        arrayList.add(new CsrfMultipartChannelProcessor(formLoginFilter));
        channelDecisionManagerImpl.setChannelProcessors(arrayList);
        DefaultFilterInvocationSecurityMetadataSource defaultFilterInvocationSecurityMetadataSource = new DefaultFilterInvocationSecurityMetadataSource(linkedHashMap);
        super.setChannelDecisionManager(channelDecisionManagerImpl);
        super.setSecurityMetadataSource(defaultFilterInvocationSecurityMetadataSource);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getMethod().equals("POST") && isRequestToAssertionConsumer(httpServletRequest)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Skipped processing of request to SAML Assertion consumer [URI=" + httpServletRequest.getRequestURI() + "] for CSRF attacks.");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean z = httpServletRequest.getSession(false) != null;
        boolean z2 = authentication != null && authentication.isAuthenticated();
        if ((z && z2) || this.formLoginFilter.isLoginRequest(httpServletRequest, httpServletResponse)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Processing request [URI=" + httpServletRequest.getRequestURI() + "] for CSRF attacks.");
            }
            callSuperDoFilter(servletRequest, servletResponse, filterChain);
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Skipped processing of request [URI=" + httpServletRequest.getRequestURI() + "] for CSRF attacks since there's no active valid session.");
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    @VisibleForTesting
    void callSuperDoFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        super.doFilter(servletRequest, servletResponse, filterChain);
    }

    private boolean isRequestToAssertionConsumer(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getServletPath().equals(SamlSpServiceUrlGenerator.SAML_ASSERTION_CONSUMER_ENDPOINT);
    }
}
