package org.kuali.kfs.krad.service.impl;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.kuali.kfs.core.api.config.property.ConfigurationService;
import org.kuali.kfs.krad.service.CsrfService;
import org.kuali.kfs.krad.util.CsrfValidator;
import org.kuali.kfs.krad.util.KRADConstants;

/* loaded from: input_file:WEB-INF/lib/kfs-core-finp-11378-c-SNAPSHOT.jar:org/kuali/kfs/krad/service/impl/CsrfServiceImpl.class */
public class CsrfServiceImpl implements CsrfService {
    private ConfigurationService configurationService;

    @Override // org.kuali.kfs.krad.service.CsrfService
    public boolean validateCsrfIfNecessary(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Validate.isTrue(httpServletRequest != null, "request must be provided", new Object[0]);
        Validate.isTrue(httpServletResponse != null, "response must be provided", new Object[0]);
        return !isEnabled() || isExemptPath(httpServletRequest) || CsrfValidator.validateCsrf(httpServletRequest, httpServletResponse);
    }

    private boolean isExemptPath(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        Iterator<String> it = exemptPaths().iterator();
        while (it.hasNext()) {
            if (requestURI.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    private List<String> exemptPaths() {
        String propertyValueAsString = this.configurationService.getPropertyValueAsString(KRADConstants.Config.CSRF_EXEMPT_PATHS);
        return StringUtils.isBlank(propertyValueAsString) ? List.of() : Arrays.asList(propertyValueAsString.split(","));
    }

    private boolean isEnabled() {
        return this.configurationService.getPropertyValueAsBoolean(KRADConstants.Config.CSRF_ENABLED, true);
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
