package com.vaadin.fusion.auth;

import com.vaadin.flow.internal.springcsrf.SpringCsrfTokenUtil;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Optional;
import java.util.stream.Stream;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/vaadin/fusion/auth/CsrfChecker.class */
public class CsrfChecker {
    private static final String VAADIN_CSRF_TOKEN_HEADER_NAME = "X-CSRF-Token";
    private static final String VAADIN_CSRF_COOKIE_NAME = "csrfToken";
    private boolean csrfProtectionEnabled = true;

    private static Logger getLogger() {
        return LoggerFactory.getLogger(FusionAccessChecker.class);
    }

    public boolean validateCsrfTokenInRequest(HttpServletRequest httpServletRequest) {
        if (isSpringCsrfTokenPresent(httpServletRequest) || !isCsrfProtectionEnabled()) {
            return true;
        }
        String csrfTokenInCookie = getCsrfTokenInCookie(httpServletRequest);
        if (csrfTokenInCookie == null) {
            if (!getLogger().isInfoEnabled()) {
                return false;
            }
            getLogger().info("Unable to verify CSRF token for endpoint request, got null token in cookie");
            return false;
        }
        if (!compareCsrfTokens(csrfTokenInCookie, getCsrfTokenInRequest(httpServletRequest))) {
            return true;
        }
        if (!getLogger().isInfoEnabled()) {
            return false;
        }
        getLogger().info("Invalid CSRF token in endpoint request");
        return false;
    }

    private boolean compareCsrfTokens(String str, String str2) {
        return str2 == null || !MessageDigest.isEqual(str.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8));
    }

    String getCsrfTokenInRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(VAADIN_CSRF_TOKEN_HEADER_NAME);
    }

    String getCsrfTokenInCookie(HttpServletRequest httpServletRequest) {
        return (String) ((Stream) Optional.ofNullable(httpServletRequest.getCookies()).map((v0) -> {
            return Arrays.stream(v0);
        }).orElse(Stream.empty())).filter(cookie -> {
            return cookie.getName().equals(VAADIN_CSRF_COOKIE_NAME);
        }).findFirst().map((v0) -> {
            return v0.getValue();
        }).orElse(null);
    }

    public void setCsrfProtection(boolean z) {
        this.csrfProtectionEnabled = z;
    }

    public boolean isCsrfProtectionEnabled() {
        return this.csrfProtectionEnabled;
    }

    boolean isSpringCsrfTokenPresent(ServletRequest servletRequest) {
        return SpringCsrfTokenUtil.getSpringCsrfToken(servletRequest).isPresent();
    }
}
