package org.jboss.dashboard.ui.controller.requestChain;

import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.jboss.dashboard.annotation.config.Config;
import org.jboss.dashboard.commons.cdi.CDIBeanLocator;
import org.jboss.dashboard.ui.components.URLMarkupGenerator;
import org.jboss.dashboard.workspace.Parameters;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/dashboard-ui-core-6.5.1-SNAPSHOT.jar:org/jboss/dashboard/ui/controller/requestChain/CSRFTokenProcessor.class */
public class CSRFTokenProcessor extends AbstractChainProcessor {
    protected boolean enabled;
    protected URLMarkupGenerator urlMarkupGenerator;
    protected SessionInitializer sessionInitializer;
    protected CSRFTokenGenerator csrfTokenGenerator;

    public static CSRFTokenProcessor lookup() {
        return (CSRFTokenProcessor) CDIBeanLocator.get().lookupBeanByType(CSRFTokenProcessor.class);
    }

    public CSRFTokenProcessor() {
    }

    @Inject
    public CSRFTokenProcessor(@Config("true") boolean z, URLMarkupGenerator uRLMarkupGenerator, SessionInitializer sessionInitializer, CSRFTokenGenerator cSRFTokenGenerator) {
        this.enabled = z;
        this.urlMarkupGenerator = uRLMarkupGenerator;
        this.sessionInitializer = sessionInitializer;
        this.csrfTokenGenerator = cSRFTokenGenerator;
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.jboss.dashboard.ui.controller.requestChain.RequestChainProcessor
    public boolean processRequest() throws Exception {
        if (!this.enabled) {
            return true;
        }
        HttpServletRequest httpRequest = getHttpRequest();
        if (this.sessionInitializer.isNewSession(httpRequest) || this.urlMarkupGenerator.isInternalRequest(httpRequest)) {
            return true;
        }
        String parameter = httpRequest.getParameter(this.csrfTokenGenerator.getTokenName());
        String parameter2 = httpRequest.getParameter(Parameters.AJAX_ACTION);
        String servletPath = httpRequest.getServletPath();
        boolean z = (parameter2 != null && Boolean.parseBoolean(parameter2)) || !(servletPath.startsWith(FriendlyUrlProcessor.FRIENDLY_MAPPING) || servletPath.startsWith(JspUrlProcessor.JSP_MAPPING) || servletPath.startsWith(KPIProcessor.KPI_MAPPING));
        if (parameter == null && z) {
            throw new ServletException("CSRF token missing.");
        }
        if (parameter == null || this.csrfTokenGenerator.isValidToken(parameter)) {
            return true;
        }
        throw new ServletException("CSRF token validation broken.");
    }
}
