package com.caucho.filters;

import com.caucho.config.Configurable;
import com.caucho.util.L10N;
import com.caucho.util.LruCache;
import com.caucho.util.RandomUtil;
import java.io.IOException;
import java.util.HashSet;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.BeanFactory;

/* loaded from: input_file:BOOT-INF/lib/resin-4.0.65.jar:com/caucho/filters/CsrfFilter.class */
public class CsrfFilter implements Filter {
    private static final L10N L = new L10N(CsrfFilter.class);
    private static final Logger log = Logger.getLogger(CsrfFilter.class.getName());
    public static final String PARAMETER = "cr_csrf";
    public static final String NONCE_MAP = "caucho.resin.csrf.nonce";
    private HashSet<String> _allowSet = new HashSet<>();
    private int _lruSize = 8;

    /* loaded from: input_file:BOOT-INF/lib/resin-4.0.65.jar:com/caucho/filters/CsrfFilter$CsrfResponse.class */
    static class CsrfResponse extends CauchoResponseWrapper {
        private String _nonce;

        CsrfResponse(HttpServletResponse httpServletResponse, String str) {
            super(httpServletResponse);
            this._nonce = str;
        }

        @Override // com.caucho.server.http.ResponseWrapper, javax.servlet.http.HttpServletResponse
        public String encodeUrl(String str) {
            return encodeURL(str);
        }

        @Override // com.caucho.server.http.ResponseWrapper, javax.servlet.http.HttpServletResponse
        public String encodeURL(String str) {
            return super.encodeURL(rewriteUrl(str));
        }

        @Override // com.caucho.server.http.ResponseWrapper, javax.servlet.http.HttpServletResponse
        public String encodeRedirectUrl(String str) {
            return encodeRedirectURL(str);
        }

        @Override // com.caucho.server.http.ResponseWrapper, javax.servlet.http.HttpServletResponse
        public String encodeRedirectURL(String str) {
            return super.encodeRedirectURL(rewriteUrl(str));
        }

        String rewriteUrl(String str) {
            int indexOf = str.indexOf(63);
            int indexOf2 = str.indexOf(35);
            return indexOf < 0 ? str + "?" + CsrfFilter.PARAMETER + "=" + this._nonce : indexOf2 < 0 ? str + BeanFactory.FACTORY_BEAN_PREFIX + CsrfFilter.PARAMETER + "=" + this._nonce : str.substring(0, indexOf2) + BeanFactory.FACTORY_BEAN_PREFIX + CsrfFilter.PARAMETER + "=" + this._nonce + str.substring(indexOf2);
        }
    }

    @Configurable
    public void addAllow(String str) {
        this._allowSet.add(str);
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        LruCache lruCache = (LruCache) session.getAttribute(NONCE_MAP);
        if (lruCache == null) {
            LruCache lruCache2 = new LruCache(this._lruSize);
            synchronized (session) {
                if (session.getAttribute(NONCE_MAP) == null) {
                    session.setAttribute(NONCE_MAP, lruCache2);
                }
                lruCache = (LruCache) session.getAttribute(NONCE_MAP);
            }
        }
        String servletPath = httpServletRequest.getServletPath();
        if (httpServletRequest.getPathInfo() != null) {
            servletPath = servletPath + httpServletRequest.getPathInfo();
        }
        if (!this._allowSet.contains(servletPath)) {
            if (lruCache.get(httpServletRequest.getParameter(PARAMETER)) == null) {
                httpServletResponse.sendError(403);
                return;
            }
        }
        String generateNonce = generateNonce();
        lruCache.put(generateNonce, generateNonce);
        CsrfResponse csrfResponse = new CsrfResponse(httpServletResponse, generateNonce);
        try {
            filterChain.doFilter(servletRequest, csrfResponse);
            csrfResponse.close();
        } catch (Throwable th) {
            csrfResponse.close();
            throw th;
        }
    }

    private String generateNonce() {
        long randomLong = RandomUtil.getRandomLong();
        StringBuilder sb = new StringBuilder();
        fillBase64(sb, randomLong);
        fillBase64(sb, randomLong >> 6);
        fillBase64(sb, randomLong >> 12);
        fillBase64(sb, randomLong >> 18);
        fillBase64(sb, randomLong >> 24);
        fillBase64(sb, randomLong >> 30);
        fillBase64(sb, randomLong >> 36);
        fillBase64(sb, randomLong >> 42);
        fillBase64(sb, randomLong >> 48);
        fillBase64(sb, randomLong >> 54);
        fillBase64(sb, randomLong >> 60);
        return sb.toString();
    }

    private void fillBase64(StringBuilder sb, long j) {
        int i = (int) (j & 63);
        if (i < 26) {
            sb.append((char) (97 + i));
            return;
        }
        if (i < 52) {
            sb.append((char) ((65 + i) - 26));
            return;
        }
        if (i < 62) {
            sb.append((char) ((48 + i) - 52));
        } else if (i == 62) {
            sb.append('_');
        } else {
            sb.append('-');
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
