package com.atlassian.plugins.rest.common.security.jersey;

import com.atlassian.plugins.rest.common.security.XsrfCheckFailedException;
import com.atlassian.sal.api.web.context.HttpContext;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.google.common.collect.ImmutableSet;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.MediaType;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-rest-module-2.9.17.jar:com/atlassian/plugins/rest/common/security/jersey/XsrfResourceFilter.class */
public class XsrfResourceFilter implements ResourceFilter, ContainerRequestFilter {
    public static final String TOKEN_HEADER = "X-Atlassian-Token";
    public static final String NO_CHECK = "no-check";
    private HttpContext httpContext;
    private XsrfTokenValidator xsrfTokenValidator;
    private static final Set<String> XSRFABLE_TYPES = new HashSet(Arrays.asList("application/x-www-form-urlencoded", "multipart/form-data", "text/plain"));

    public void setHttpContext(HttpContext httpContext) {
        this.httpContext = httpContext;
    }

    public void setXsrfTokenValidator(XsrfTokenValidator xsrfTokenValidator) {
        this.xsrfTokenValidator = xsrfTokenValidator;
    }

    @Override // com.sun.jersey.spi.container.ContainerRequestFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        String headerValue;
        if (isXsrfable(containerRequest) && ((headerValue = containerRequest.getHeaderValue("X-Atlassian-Token")) == null || !ImmutableSet.of("no-check", "nocheck").contains(headerValue.toLowerCase(Locale.ENGLISH)))) {
            HttpServletRequest httpServletRequest = null;
            if (this.httpContext != null) {
                httpServletRequest = this.httpContext.getRequest();
            }
            if (!isXsrfTokenValid(httpServletRequest)) {
                throw new XsrfCheckFailedException();
            }
        }
        return containerRequest;
    }

    private boolean isXsrfable(ContainerRequest containerRequest) {
        String method = containerRequest.getMethod();
        return method.equals("GET") || (method.equals("POST") && XSRFABLE_TYPES.contains(mediaTypeToString(containerRequest.getMediaType())));
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerRequestFilter getRequestFilter() {
        return this;
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerResponseFilter getResponseFilter() {
        return null;
    }

    private static String mediaTypeToString(MediaType mediaType) {
        return mediaType.getType().toLowerCase(Locale.ENGLISH) + "/" + mediaType.getSubtype().toLowerCase(Locale.ENGLISH);
    }

    protected boolean isXsrfTokenValid(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            return false;
        }
        return this.xsrfTokenValidator.validateFormEncodedToken(httpServletRequest);
    }
}
