package com.enginframe.server.filter;

import com.enginframe.common.utils.Utils;
import com.enginframe.server.webservices.ActiveSessions;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.owasp.csrfguard.CsrfGuardFilter;

/* JADX WARN: Classes with same name are omitted:
  input_file:kernel/ef_root/WEBAPP/WEB-INF/lib/ef.jar:com/enginframe/server/filter/CsrfTokenFilter.class
 */
/* loaded from: input_file:kernel/ef_root/agent/agent.jar:com/enginframe/server/filter/CsrfTokenFilter.class */
public class CsrfTokenFilter implements Filter {
    private boolean csrfTokenCheckEnabled;
    private CsrfGuardFilter owaspCsrfGuardFilter;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.csrfTokenCheckEnabled = Boolean.valueOf(Utils.getEfFilterCsrfTokenCheck()).booleanValue();
        this.owaspCsrfGuardFilter = new CsrfGuardFilter();
        this.owaspCsrfGuardFilter.init(filterConfig);
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isCsrfCheckRequired(servletRequest)) {
            this.owaspCsrfGuardFilter.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean isCsrfCheckRequired(ServletRequest servletRequest) {
        return isCsrfTokenCheckEnabled() && (servletRequest instanceof HttpServletRequest) && !isWsSession((HttpServletRequest) servletRequest);
    }

    private boolean isCsrfTokenCheckEnabled() {
        return this.csrfTokenCheckEnabled;
    }

    private boolean isWsSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        return (session == null || session.getAttribute(ActiveSessions.SESSION_ATTRIBUTE_WS_SESSION) == null) ? false : true;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
        this.owaspCsrfGuardFilter.destroy();
        this.owaspCsrfGuardFilter = null;
    }
}
