package org.fenixedu.bennu.spring.security;

import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.fenixedu.bennu.core.security.SkipCSRF;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:org/fenixedu/bennu/spring/security/CSRFInterceptor.class */
public class CSRFInterceptor implements HandlerInterceptor {
    private static final Set<String> METHODS_TO_FILTER = ImmutableSet.of("");
    private final CSRFTokenRepository tokenRepository;

    public CSRFInterceptor(CSRFTokenRepository cSRFTokenRepository) {
        this.tokenRepository = cSRFTokenRepository;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!METHODS_TO_FILTER.contains(httpServletRequest.getMethod().toLowerCase()) || !shouldValidateCSRFToken(obj)) {
            return true;
        }
        CSRFToken token = this.tokenRepository.getToken(httpServletRequest);
        String findToken = findToken(token, httpServletRequest);
        if (!Strings.isNullOrEmpty(findToken) && findToken.equals(token.getToken())) {
            return true;
        }
        httpServletResponse.sendError(400, "CSRF Token not present or incorrect!");
        return false;
    }

    private boolean shouldValidateCSRFToken(Object obj) {
        return !((HandlerMethod) obj).getMethod().isAnnotationPresent(SkipCSRF.class);
    }

    private String findToken(CSRFToken cSRFToken, HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(cSRFToken.getParameterName());
        if (Strings.isNullOrEmpty(parameter)) {
            parameter = httpServletRequest.getHeader(cSRFToken.getHeaderName());
        }
        return parameter;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
    }
}
