package org.jboss.errai.bus.server.servlet;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.http.client.methods.HttpDelete;
import org.jboss.errai.common.server.FilterCacheUtil;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/errai-bus-4.5.0-SNAPSHOT.jar:org/jboss/errai/bus/server/servlet/CSRFTokenFilter.class */
public class CSRFTokenFilter implements Filter {
    private static Logger log = LoggerFactory.getLogger((Class<?>) CSRFTokenFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String obj;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        ensureSessionHasToken(httpServletRequest.getSession(false));
        String upperCase = httpServletRequest.getMethod().toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case 70454:
                if (upperCase.equals("GET")) {
                    z = 3;
                    break;
                }
                break;
            case 79599:
                if (upperCase.equals("PUT")) {
                    z = true;
                    break;
                }
                break;
            case 2461856:
                if (upperCase.equals("POST")) {
                    z = false;
                    break;
                }
                break;
            case 2012838315:
                if (upperCase.equals(HttpDelete.METHOD_NAME)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                if (CSRFTokenCheck.INSTANCE.isInsecure(httpServletRequest, log)) {
                    CSRFTokenCheck.INSTANCE.prepareResponse(httpServletRequest, (HttpServletResponse) servletResponse, log);
                    return;
                }
                break;
            case true:
                break;
            default:
                filterChain.doFilter(servletRequest, servletResponse);
                return;
        }
        HttpServletResponse noCache = FilterCacheUtil.noCache(FilterCacheUtil.getCharResponseWrapper((HttpServletResponse) servletResponse));
        filterChain.doFilter(httpServletRequest, noCache);
        HttpSession session = httpServletRequest.getSession(false);
        String contentType = noCache.getContentType();
        if (session == null || contentType == null || !contentType.toLowerCase().startsWith("text/html")) {
            obj = noCache.toString();
        } else {
            CSRFTokenCheck.INSTANCE.prepareSession(session, log);
            Document parse = Jsoup.parse(noCache.toString());
            parse.head().prepend("<script>var erraiCSRFToken = '" + CSRFTokenCheck.getToken(session) + "';</script>");
            obj = parse.html();
        }
        servletResponse.setContentLength(obj.getBytes("UTF-8").length);
        servletResponse.getWriter().print(obj);
    }

    private void ensureSessionHasToken(HttpSession httpSession) {
        if (httpSession != null) {
            CSRFTokenCheck.INSTANCE.prepareSession(httpSession, log);
        }
    }
}
