package org.apache.hadoop.security.http;

import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.http.HttpStatus;
import org.eclipse.jetty.server.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Public
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/security/http/RestCsrfPreventionFilter.class */
public class RestCsrfPreventionFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(RestCsrfPreventionFilter.class);
    public static final String HEADER_USER_AGENT = "User-Agent";
    public static final String BROWSER_USER_AGENT_PARAM = "browser-useragents-regex";
    public static final String CUSTOM_HEADER_PARAM = "custom-header";
    public static final String CUSTOM_METHODS_TO_IGNORE_PARAM = "methods-to-ignore";
    static final String BROWSER_USER_AGENTS_DEFAULT = "^Mozilla.*,^Opera.*";
    public static final String HEADER_DEFAULT = "X-XSRF-HEADER";
    static final String METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
    private String headerName = HEADER_DEFAULT;
    private Set<String> methodsToIgnore = null;
    private Set<Pattern> browserUserAgents;

    /* loaded from: input_file:org/apache/hadoop/security/http/RestCsrfPreventionFilter$HttpInteraction.class */
    public interface HttpInteraction {
        String getHeader(String str);

        String getMethod();

        void proceed() throws IOException, ServletException;

        void sendError(int i, String str) throws IOException;
    }

    /* loaded from: input_file:org/apache/hadoop/security/http/RestCsrfPreventionFilter$ServletFilterHttpInteraction.class */
    private static final class ServletFilterHttpInteraction implements HttpInteraction {
        private final FilterChain chain;
        private final HttpServletRequest httpRequest;
        private final HttpServletResponse httpResponse;

        public ServletFilterHttpInteraction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
            this.httpRequest = httpServletRequest;
            this.httpResponse = httpServletResponse;
            this.chain = filterChain;
        }

        @Override // org.apache.hadoop.security.http.RestCsrfPreventionFilter.HttpInteraction
        public String getHeader(String str) {
            return this.httpRequest.getHeader(str);
        }

        @Override // org.apache.hadoop.security.http.RestCsrfPreventionFilter.HttpInteraction
        public String getMethod() {
            return this.httpRequest.getMethod();
        }

        @Override // org.apache.hadoop.security.http.RestCsrfPreventionFilter.HttpInteraction
        public void proceed() throws IOException, ServletException {
            this.chain.doFilter(this.httpRequest, this.httpResponse);
        }

        @Override // org.apache.hadoop.security.http.RestCsrfPreventionFilter.HttpInteraction
        public void sendError(int i, String str) throws IOException {
            if (this.httpResponse instanceof Response) {
                this.httpResponse.setStatusWithReason(i, str);
            }
            this.httpResponse.sendError(i, str);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(CUSTOM_HEADER_PARAM);
        if (initParameter != null) {
            this.headerName = initParameter;
        }
        String initParameter2 = filterConfig.getInitParameter(CUSTOM_METHODS_TO_IGNORE_PARAM);
        if (initParameter2 != null) {
            parseMethodsToIgnore(initParameter2);
        } else {
            parseMethodsToIgnore(METHODS_TO_IGNORE_DEFAULT);
        }
        String initParameter3 = filterConfig.getInitParameter(BROWSER_USER_AGENT_PARAM);
        if (initParameter3 == null) {
            initParameter3 = BROWSER_USER_AGENTS_DEFAULT;
        }
        parseBrowserUserAgents(initParameter3);
        LOG.info("Adding cross-site request forgery (CSRF) protection, headerName = {}, methodsToIgnore = {}, browserUserAgents = {}", new Object[]{this.headerName, this.methodsToIgnore, this.browserUserAgents});
    }

    void parseBrowserUserAgents(String str) {
        String[] split = str.split(",");
        this.browserUserAgents = new HashSet();
        for (String str2 : split) {
            this.browserUserAgents.add(Pattern.compile(str2));
        }
    }

    void parseMethodsToIgnore(String str) {
        String[] split = str.split(",");
        this.methodsToIgnore = new HashSet();
        for (String str2 : split) {
            this.methodsToIgnore.add(str2);
        }
    }

    protected boolean isBrowser(String str) {
        if (str == null) {
            return false;
        }
        Iterator<Pattern> it = this.browserUserAgents.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    public void handleHttpInteraction(HttpInteraction httpInteraction) throws IOException, ServletException {
        if (isBrowser(httpInteraction.getHeader("User-Agent")) && !this.methodsToIgnore.contains(httpInteraction.getMethod()) && httpInteraction.getHeader(this.headerName) == null) {
            httpInteraction.sendError(HttpStatus.SC_BAD_REQUEST, "Missing Required Header for CSRF Vulnerability Protection");
        } else {
            httpInteraction.proceed();
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        handleHttpInteraction(new ServletFilterHttpInteraction((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain));
    }

    public void destroy() {
    }

    public static Map<String, String> getFilterParams(Configuration configuration, String str) {
        return configuration.getPropsWithPrefix(str);
    }
}
