package cn.com.do1.common.framebase.security;

import java.io.IOException;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.mina.proxy.handlers.http.HttpProxyConstants;
import org.apache.tomcat.util.http.ServerCookie;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: classes.dex */
public class CSRFFilter extends OncePerRequestFilter {
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String method = httpServletRequest.getMethod();
        Map parameterMap = httpServletRequest.getParameterMap();
        if (!HttpProxyConstants.GET.equalsIgnoreCase(method) || (!(parameterMap == null || parameterMap.isEmpty()) || CSRFTokenManager.hasTokenInRequest(httpServletRequest))) {
            if (CSRFTokenManager.getToken4Session(httpServletRequest.getSession()).equals(CSRFTokenManager.getToken(httpServletRequest))) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } else {
                httpServletResponse.sendError(403, "请求缺少令牌信息");
                return;
            }
        }
        if (!CSRFTokenManager.hasTokenInSession(httpServletRequest.getSession()) && CSRFTokenManager.getToken(httpServletRequest) == null) {
            Cookie cookie = new Cookie("CSRF", CSRFTokenManager.getToken4Session(httpServletRequest.getSession()));
            cookie.setPath("/");
            StringBuffer stringBuffer = new StringBuffer();
            ServerCookie.appendCookieValue(stringBuffer, cookie.getVersion(), cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), cookie.getComment(), cookie.getMaxAge(), cookie.getSecure());
            stringBuffer.append(";HttpOnly");
            httpServletResponse.addHeader("Set-Cookie", stringBuffer.toString());
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
