package com.alibaba.citrus.turbine.util;

import com.alibaba.citrus.service.pull.ToolFactory;
import com.alibaba.citrus.springext.support.parser.AbstractSingleBeanDefinitionParser;
import com.alibaba.citrus.springext.util.SpringExtUtil;
import com.alibaba.citrus.util.Assert;
import com.alibaba.citrus.util.ClassLoaderUtil;
import com.alibaba.citrus.util.CollectionUtil;
import com.alibaba.citrus.util.ServiceNotFoundException;
import com.alibaba.citrus.util.StringUtil;
import java.util.LinkedList;
import java.util.List;
import java.util.Random;
import java.util.concurrent.atomic.AtomicInteger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.ecs.html.Input;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.ParserContext;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.9.jar:com/alibaba/citrus/turbine/util/CsrfToken.class */
public class CsrfToken {
    public static final String DEFAULT_TOKEN_KEY = "_csrf_token";
    public static final int DEFAULT_MAX_TOKENS = 8;
    public static final String CSRF_TOKEN_SEPARATOR = "/";
    private final HttpServletRequest request;
    private static final AtomicInteger counter = new AtomicInteger();
    private static final ThreadLocal<Configuration> contextTokenConfigurationHolder = new ThreadLocal<>();
    private static Logger log = LoggerFactory.getLogger((Class<?>) CsrfToken.class);
    private static final Generator generator = new DefaultGenerator();
    private static final Generator generatorOverride = getGeneratorOverride();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.9.jar:com/alibaba/citrus/turbine/util/CsrfToken$Configuration.class */
    public static class Configuration {
        private final String tokenKey;
        private final int maxTokens;

        public Configuration(String str, int i) {
            this.tokenKey = StringUtil.trimToNull(str);
            this.maxTokens = i;
        }

        public String getTokenKey() {
            return this.tokenKey;
        }

        public int getMaxTokens() {
            return this.maxTokens;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.9.jar:com/alibaba/citrus/turbine/util/CsrfToken$DefaultGenerator.class */
    static class DefaultGenerator implements Generator {
        private final long seed = new Random().nextLong();

        DefaultGenerator() {
        }

        @Override // com.alibaba.citrus.turbine.util.CsrfToken.Generator
        public String generateUniqueToken() {
            return StringUtil.longToString(CsrfToken.counter.getAndIncrement()) + StringUtil.longToString(this.seed + System.currentTimeMillis());
        }

        @Override // com.alibaba.citrus.turbine.util.CsrfToken.Generator
        public String generateLongLiveToken(HttpSession httpSession) {
            return StringUtil.bytesToString(DigestUtils.md5(httpSession.getCreationTime() + ((HttpSession) Assert.assertNotNull(httpSession, "session", new Object[0])).getId()));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.9.jar:com/alibaba/citrus/turbine/util/CsrfToken$DefinitionParser.class */
    public static class DefinitionParser extends AbstractSingleBeanDefinitionParser<Factory> {
        @Override // org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser
        protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder beanDefinitionBuilder) {
            SpringExtUtil.attributesToProperties(element, beanDefinitionBuilder, "tokenKey");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.9.jar:com/alibaba/citrus/turbine/util/CsrfToken$Factory.class */
    public static class Factory implements ToolFactory {
        private HttpServletRequest request;

        @Autowired
        public void setRequest(HttpServletRequest httpServletRequest) {
            this.request = httpServletRequest;
        }

        @Override // com.alibaba.citrus.service.pull.ToolFactory
        public boolean isSingleton() {
            return true;
        }

        @Override // com.alibaba.citrus.service.pull.ToolFactory
        public Object createTool() throws Exception {
            return new CsrfToken(this.request);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/citrus-webx-all-3.0.9.jar:com/alibaba/citrus/turbine/util/CsrfToken$Generator.class */
    public interface Generator {
        String generateUniqueToken();

        String generateLongLiveToken(HttpSession httpSession);
    }

    public CsrfToken(HttpServletRequest httpServletRequest) {
        this.request = (HttpServletRequest) Assert.assertNotNull(httpServletRequest, "request", new Object[0]);
    }

    public static String getKey() {
        String str = null;
        Configuration configuration = contextTokenConfigurationHolder.get();
        if (configuration != null) {
            str = configuration.getTokenKey();
        }
        if (str == null) {
            str = DEFAULT_TOKEN_KEY;
        }
        return str;
    }

    public static int getMaxTokens() {
        int i = -1;
        Configuration configuration = contextTokenConfigurationHolder.get();
        if (configuration != null) {
            i = configuration.getMaxTokens();
        }
        if (i <= 0) {
            i = 8;
        }
        return i;
    }

    public static void setContextTokenConfiguration(String str, int i) {
        contextTokenConfigurationHolder.set(new Configuration(str, i));
    }

    public static void resetContextTokenConfiguration() {
        contextTokenConfigurationHolder.remove();
    }

    public Input getHiddenField() {
        return getLongLiveHiddenField();
    }

    @Deprecated
    public Input getHiddenField(boolean z) {
        return z ? getLongLiveHiddenField() : getUniqueHiddenField();
    }

    public Input getUniqueHiddenField() {
        return new Input("hidden", getKey(), getUniqueToken());
    }

    public Input getLongLiveHiddenField() {
        return new Input("hidden", getKey(), getLongLiveToken());
    }

    public String getUniqueToken() {
        HttpSession session = this.request.getSession();
        String key = getKey();
        String str = (String) this.request.getAttribute(key);
        int maxTokens = getMaxTokens();
        if (str == null) {
            LinkedList<String> tokensInSession = getTokensInSession(session, key);
            str = getGenerator().generateUniqueToken();
            this.request.setAttribute(key, str);
            tokensInSession.addLast(str);
            while (tokensInSession.size() > maxTokens) {
                tokensInSession.removeFirst();
            }
            setTokensInSession(session, key, tokensInSession);
        }
        return str;
    }

    public String getLongLiveToken() {
        return getLongLiveTokenInSession(this.request.getSession());
    }

    public static LinkedList<String> getTokensInSession(HttpSession httpSession, String str) {
        return CollectionUtil.createLinkedList(StringUtil.split((String) httpSession.getAttribute(str), "/"));
    }

    public static void setTokensInSession(HttpSession httpSession, String str, List<String> list) {
        if (list.isEmpty()) {
            httpSession.removeAttribute(str);
        } else {
            httpSession.setAttribute(str, StringUtil.join(list, "/"));
        }
    }

    public static String getLongLiveTokenInSession(HttpSession httpSession) {
        return getGenerator().generateLongLiveToken(httpSession);
    }

    public String toString() {
        try {
            return getUniqueToken();
        } catch (IllegalStateException e) {
            return "<No thread-bound request>";
        }
    }

    public static boolean check(HttpServletRequest httpServletRequest) {
        return StringUtil.trimToNull(httpServletRequest.getParameter(getKey())) != null;
    }

    private static Generator getGeneratorOverride() {
        try {
            return (Generator) Generator.class.cast(ClassLoaderUtil.newServiceInstance("csrfTokenGeneratorOverride", (Class<?>) CsrfToken.class));
        } catch (ServiceNotFoundException e) {
            return null;
        } catch (Exception e2) {
            log.warn("Failure in CsrfToken.getGeneratorOverride()", (Throwable) e2);
            return null;
        }
    }

    private static Generator getGenerator() {
        return generatorOverride != null ? generatorOverride : generator;
    }
}
