package org.apache.catalina.filters;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.LogFacade;
import org.apache.catalina.servlets.WebdavStatus;

/* loaded from: input_file:org/apache/catalina/filters/CsrfFilter.class */
public class CsrfFilter implements Filter {
    private static Logger logger = LogFacade.getLogger();
    private Set<String> ignoreRequestMethods = new HashSet();
    private Set<String> ignoreRequestUrls = new HashSet();
    private Pattern allowHostPattern = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("ignoreMethods");
        if (null != initParameter) {
            for (String str : initParameter.split(",")) {
                if (null != initParameter && initParameter.trim().length() > 0) {
                    this.ignoreRequestMethods.add(str.trim().toUpperCase());
                }
            }
        }
        String initParameter2 = filterConfig.getInitParameter("ignoreUrls");
        if (null != initParameter2) {
            for (String str2 : initParameter2.split(",")) {
                if (null != str2 && str2.trim().length() > 0) {
                    this.ignoreRequestUrls.add(str2.trim());
                }
            }
        }
        String initParameter3 = filterConfig.getInitParameter("allowHostPattern");
        if (null != initParameter3) {
            try {
                this.allowHostPattern = Pattern.compile(initParameter3);
            } catch (Exception e) {
                logger.log(Level.SEVERE, "allowHostPattern is invalidate!");
            }
        }
        if (null == this.allowHostPattern) {
            this.allowHostPattern = Pattern.compile("127\\.0\\.0\\.1|localhost");
        }
    }

    public void destroy() {
    }

    private boolean isIgnoreUrl(String str) {
        Iterator<String> it = this.ignoreRequestUrls.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean isIgnoreMethod(String str) {
        return this.ignoreRequestMethods.contains(str.toUpperCase());
    }

    private boolean isAllowHost(String str, String str2) {
        if (null == str2) {
            return null != this.allowHostPattern && this.allowHostPattern.matcher(str).matches();
        }
        try {
            String host = new URL(str2).getHost();
            if (host.startsWith(str)) {
                return true;
            }
            if (null != this.allowHostPattern) {
                return this.allowHostPattern.matcher(host).matches();
            }
            return false;
        } catch (Exception e) {
            logger.log(Level.SEVERE, "Invalid Referrer", (Throwable) e);
            return null != this.allowHostPattern && this.allowHostPattern.matcher(str).matches();
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Host");
        String header2 = httpServletRequest.getHeader("Referer");
        String method = httpServletRequest.getMethod();
        if (isIgnoreUrl(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (isIgnoreMethod(method)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (null != header) {
            header = header.replace(":" + httpServletRequest.getServerPort(), CorsFilter.DEFAULT_EXPOSED_HEADERS);
        }
        if (isAllowHost(header, header2)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        httpServletResponse.setStatus(WebdavStatus.SC_FORBIDDEN);
        logger.log(Level.WARNING, "检测到CSRF攻击：" + ((Object) httpServletRequest.getRequestURL()));
        out(httpServletRequest, httpServletResponse, "\\u68c0\\u6d4b\\u5230csrf\\u653b\\u51fb");
    }

    protected void out(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setIntHeader("javascript", 1);
        httpServletResponse.setContentType("text/html;charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.print("<script>");
        writer.print("alert(\"" + str + "\");");
        writer.print("</script>");
        writer.flush();
        writer.close();
    }
}
