package org.eclipse.krazo.security;

import jakarta.annotation.Priority;
import jakarta.inject.Inject;
import jakarta.mvc.Controller;
import jakarta.mvc.security.Csrf;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.core.MultivaluedMap;
import org.eclipse.krazo.KrazoConfig;

@Controller
@Priority(3000)
/* loaded from: input_file:org/eclipse/krazo/security/CsrfProtectFilter.class */
public class CsrfProtectFilter implements ContainerResponseFilter {

    @Inject
    private CsrfTokenManager csrfTokenManager;

    @Inject
    private KrazoConfig krazoConfig;

    @Override // jakarta.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        if (isCsrfEnabled()) {
            CsrfToken orCreateToken = this.csrfTokenManager.getOrCreateToken();
            MultivaluedMap<String, Object> headers = containerResponseContext.getHeaders();
            if (headers.containsKey(orCreateToken.getHeaderName())) {
                return;
            }
            headers.putSingle(orCreateToken.getHeaderName(), orCreateToken.getValue());
        }
    }

    private boolean isCsrfEnabled() {
        return this.krazoConfig.getCsrfOptions() != Csrf.CsrfOptions.OFF;
    }
}
