package org.jboss.dashboard.ui.controller.requestChain;

import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.jboss.dashboard.annotation.config.Config;
import org.jboss.dashboard.commons.cdi.CDIBeanLocator;
import org.jboss.dashboard.workspace.Parameters;
import org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnectionFactory;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/dashboard-ui-core-6.3.1-SNAPSHOT.jar:org/jboss/dashboard/ui/controller/requestChain/CSRFTokenProcessor.class */
public class CSRFTokenProcessor extends AbstractChainProcessor {

    @Inject
    @Config(BaseWrapperManagedConnectionFactory.TRACK_STATEMENTS_TRUE)
    protected boolean enabled;

    public static CSRFTokenProcessor lookup() {
        return (CSRFTokenProcessor) CDIBeanLocator.getBeanByType(CSRFTokenProcessor.class);
    }

    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.jboss.dashboard.ui.controller.requestChain.RequestChainProcessor
    public boolean processRequest() throws Exception {
        if (!this.enabled) {
            return true;
        }
        HttpServletRequest httpRequest = getHttpRequest();
        if (SessionInitializer.isNewSession(httpRequest)) {
            return true;
        }
        CSRFTokenGenerator lookup = CSRFTokenGenerator.lookup();
        String parameter = httpRequest.getParameter(lookup.getTokenName());
        if (parameter != null) {
            if (!lookup.isValidToken(parameter)) {
                throw new ServletException("CSRF token validation broken.");
            }
            lookup.generateToken();
            return true;
        }
        String parameter2 = httpRequest.getParameter(Parameters.AJAX_ACTION);
        String servletPath = httpRequest.getServletPath();
        boolean z = parameter2 != null && Boolean.parseBoolean(parameter2);
        boolean startsWith = servletPath.startsWith(FriendlyUrlProcessor.FRIENDLY_MAPPING);
        boolean startsWith2 = servletPath.startsWith(JspUrlProcessor.JSP_MAPPING);
        boolean startsWith3 = servletPath.startsWith(KPIProcessor.KPI_MAPPING);
        if (z || !(startsWith || startsWith2 || startsWith3)) {
            throw new ServletException("CSRF token missing.");
        }
        return true;
    }
}
