package com.appiancorp.security.csrf;

import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.channel.ChannelEntryPoint;
import org.springframework.security.web.access.channel.ChannelProcessor;

/* loaded from: input_file:com/appiancorp/security/csrf/CsrfChannelProcessor.class */
public class CsrfChannelProcessor implements ChannelProcessor {
    private static final Logger LOG = Logger.getLogger(CsrfChannelProcessor.class);
    private final FormLoginFilter formLoginFilter;
    private ChannelEntryPoint entryPoint = new CsrfChannelEntryPoint();
    private String secureKeyword = "REQUIRES_CSRF_CHANNEL";

    public CsrfChannelProcessor(FormLoginFilter formLoginFilter) {
        this.formLoginFilter = formLoginFilter;
    }

    public void decide(FilterInvocation filterInvocation, Collection<ConfigAttribute> collection) throws IOException, ServletException {
        Iterator<ConfigAttribute> it = collection.iterator();
        while (it.hasNext()) {
            if (supports(it.next())) {
                HttpServletRequest httpRequest = filterInvocation.getHttpRequest();
                HttpServletResponse httpResponse = filterInvocation.getHttpResponse();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Deciding CSRF validity for request [URI=" + httpRequest.getRequestURI() + ",query=" + httpRequest.getQueryString() + ",method=" + httpRequest.getMethod() + ",content-type=" + httpRequest.getContentType() + "]");
                }
                boolean z = false;
                try {
                    z = this.formLoginFilter.isLoginRequest(httpRequest, httpResponse) ? CsrfTokenManager.loginTokensMatch(httpRequest) : CsrfTokenManager.get(httpRequest.getSession(false)).isValid(httpRequest);
                } catch (Exception e) {
                    LOG.error(e.getMessage(), e);
                }
                if (!z) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Rejected: Request [URI=" + httpRequest.getRequestURI() + ",query=" + httpRequest.getQueryString() + ",method=" + httpRequest.getMethod() + ",content-type=" + httpRequest.getContentType() + "] has been rejected since it's considered a possible CSRF attack.");
                    }
                    this.entryPoint.commence(httpRequest, filterInvocation.getResponse());
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug("Aproved: Request [URI=" + httpRequest.getRequestURI() + ",query=" + httpRequest.getQueryString() + ",method=" + httpRequest.getMethod() + ",content-type=" + httpRequest.getContentType() + "] has been aproved against CSRF attacks.");
                }
            }
        }
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return (configAttribute == null || configAttribute.getAttribute() == null || !configAttribute.getAttribute().equals(getSecureKeyword())) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ChannelEntryPoint getEntryPoint() {
        return this.entryPoint;
    }

    protected String getSecureKeyword() {
        return this.secureKeyword;
    }

    protected void setEntryPoint(ChannelEntryPoint channelEntryPoint) {
        this.entryPoint = channelEntryPoint;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSecureKeyword(String str) {
        this.secureKeyword = str;
    }
}
