package com.cloudera.server.web.cmf.csrf;

import com.cloudera.cmf.service.ReplicationUtils;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.CurrentUserManager;
import com.cloudera.server.cmf.components.RequestRecastService;
import com.google.common.base.Objects;
import com.google.common.collect.ImmutableList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/cloudera/server/web/cmf/csrf/CsrfRefererInterceptor.class */
public class CsrfRefererInterceptor extends HandlerInterceptorAdapter {
    private static final Logger LOG = LoggerFactory.getLogger(CsrfRefererInterceptor.class);
    private static final List<String> STATE_CHANGING_METHODS = ImmutableList.builder().add("POST").add("PUT").add("DELETE").build();
    private static final String INTERNAL_HIVE_EXPORT_CMD_URI = "/cmf/services/replication/hiveExport";
    private final ScmParamTrackerStore scmPts;
    private final CurrentUserManager currentUserMgr;

    @Autowired
    public CsrfRefererInterceptor(ScmParamTrackerStore scmParamTrackerStore, CurrentUserManager currentUserManager) {
        this.scmPts = scmParamTrackerStore;
        this.currentUserMgr = currentUserManager;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!((Boolean) this.scmPts.get(ScmParams.REFERER_CHECK)).booleanValue() || StringUtils.isNotBlank(httpServletRequest.getHeader(RequestRecastService.REQUEST_RECAST_HEADER)) || !STATE_CHANGING_METHODS.contains(httpServletRequest.getMethod())) {
            return true;
        }
        if (Objects.equal(httpServletRequest.getRequestURI(), INTERNAL_HIVE_EXPORT_CMD_URI) && this.currentUserMgr.isInternallyManagedUser()) {
            return true;
        }
        String header = httpServletRequest.getHeader("Referer");
        if (!isBadReferer(header, getServerUrl(httpServletRequest))) {
            return true;
        }
        LOG.warn("Rejecting request originating from {} for {} with referrer {}", new Object[]{httpServletRequest.getRemoteAddr(), httpServletRequest.getRequestURL().toString(), header});
        httpServletResponse.sendError(403, "Invalid request. Please check Cloudera Manager Server logs for more details.");
        return false;
    }

    private String getServerUrl(HttpServletRequest httpServletRequest) {
        return StringUtils.substringBefore(httpServletRequest.getRequestURL().toString(), httpServletRequest.getRequestURI()) + ReplicationUtils.PATH_SEPARATOR;
    }

    private boolean isBadReferer(String str, String str2) {
        if (str == null) {
            return true;
        }
        if (str.startsWith(str2)) {
            return false;
        }
        String str3 = (String) this.scmPts.get(ScmParams.FRONTEND_URL);
        return StringUtils.isBlank(str3) || !str.startsWith(str3);
    }
}
