package vivid.trace.jira.servlets;

import io.vavr.control.Option;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import vivid.lib.atlassian.Atlassian;
import vivid.lib.messages.VTE34InvalidXSRFToken;
import vivid.lib.rest.Rest;
import vivid.trace.components.Factory;

/* loaded from: input_file:vivid/trace/jira/servlets/ValidateXsrfToken.class */
public class ValidateXsrfToken {
    private static final String ATLASSIAN_XSRF_TOKEN_COOKIE_KEY = "atlassian.xsrf.token";

    private ValidateXsrfToken() {
    }

    public static Collection<String> getXsrfTokenFromServletRequest(HttpServletRequest httpServletRequest) {
        return (Collection) Arrays.stream(httpServletRequest.getCookies()).filter(cookie -> {
            return ATLASSIAN_XSRF_TOKEN_COOKIE_KEY.equalsIgnoreCase(cookie.getName());
        }).map((v0) -> {
            return v0.getValue();
        }).collect(Collectors.toList());
    }

    private static boolean skipXsrfTokenValidation(HttpServletRequest httpServletRequest) {
        return Atlassian.X_ATLASSIAN_XSRF_NO_CHECK_HEADER_VALUE.equals(httpServletRequest.getHeader(Atlassian.X_ATLASSIAN_XSRF_NO_CHECK_HEADER_KEY));
    }

    public static Option<Response> validateXsrfToken(HttpServletRequest httpServletRequest, Factory factory) {
        if (skipXsrfTokenValidation(httpServletRequest)) {
            return Option.none();
        }
        Iterator<String> it = getXsrfTokenFromServletRequest(httpServletRequest).iterator();
        while (it.hasNext()) {
            if (factory.xsrfTokenGenerator.validateToken(httpServletRequest, it.next())) {
                return Option.none();
            }
        }
        return Option.of(Rest.responseWithMessage(Response.Status.FORBIDDEN, VTE34InvalidXSRFToken.message(factory.i18nResolverAdapterOption)));
    }
}
