package org.kuali.kfs.krad.service.impl;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.kuali.kfs.coreservice.framework.CoreFrameworkServiceLocator;
import org.kuali.kfs.coreservice.framework.parameter.ParameterService;
import org.kuali.kfs.krad.service.CsrfService;
import org.kuali.kfs.krad.util.CsrfValidator;
import org.kuali.rice.core.api.CoreApiServiceLocator;
import org.kuali.rice.core.api.config.property.ConfigurationService;

/* loaded from: input_file:WEB-INF/lib/kfs-kns-2019-02-07.jar:org/kuali/kfs/krad/service/impl/CsrfServiceImpl.class */
public class CsrfServiceImpl implements CsrfService {
    private ConfigurationService configurationService;
    private ParameterService parameterService;

    @Override // org.kuali.kfs.krad.service.CsrfService
    public boolean validateCsrfIfNecessary(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest == null || httpServletResponse == null) {
            throw new IllegalArgumentException("request and response must not be null");
        }
        return !isEnabled() || isExemptPath(httpServletRequest) || CsrfValidator.validateCsrf(httpServletRequest, httpServletResponse);
    }

    protected boolean isExemptPath(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        String[] exemptPaths = exemptPaths();
        if (exemptPaths == null) {
            return false;
        }
        for (String str : exemptPaths) {
            if (requestURI.contains(str)) {
                return true;
            }
        }
        return false;
    }

    protected String[] exemptPaths() {
        String parameterValueAsString = getParameterService().getParameterValueAsString("KR-SYS", "All", "CSRF_EXEMPT_PATHS");
        if (parameterValueAsString == null) {
            parameterValueAsString = getConfigurationService().getPropertyValueAsString("csrf.exempt.paths");
        }
        if (StringUtils.isBlank(parameterValueAsString)) {
            return null;
        }
        return parameterValueAsString.split(",");
    }

    protected boolean isEnabled() {
        Boolean parameterValueAsBoolean = getParameterService().getParameterValueAsBoolean("KR-SYS", "All", "CSRF_ENABLED_IND");
        if (parameterValueAsBoolean == null) {
            parameterValueAsBoolean = Boolean.valueOf(getConfigurationService().getPropertyValueAsBoolean("csrf.enabled", true));
        }
        return parameterValueAsBoolean.booleanValue();
    }

    @Override // org.kuali.kfs.krad.service.CsrfService
    public String getSessionToken(HttpServletRequest httpServletRequest) {
        return CsrfValidator.getSessionToken(httpServletRequest);
    }

    public ConfigurationService getConfigurationService() {
        if (this.configurationService == null) {
            this.configurationService = CoreApiServiceLocator.getKualiConfigurationService();
        }
        return this.configurationService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    public ParameterService getParameterService() {
        if (this.parameterService == null) {
            this.parameterService = CoreFrameworkServiceLocator.getParameterService();
        }
        return this.parameterService;
    }

    public void setParameterService(ParameterService parameterService) {
        this.parameterService = parameterService;
    }
}
