package com.erudika.para.security;

import com.erudika.para.cache.Cache;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.HttpUtils;
import com.erudika.para.utils.Utils;
import java.util.HashMap;
import java.util.Map;
import javax.inject.Inject;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/para-server-1.34.0.jar:com/erudika/para/security/CachedCsrfTokenRepository.class */
public class CachedCsrfTokenRepository implements CsrfTokenRepository {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CachedCsrfTokenRepository.class);
    private String parameterName = CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME;
    private final String headerName = "X-CSRF-TOKEN";
    private final String cookieName = Config.getConfigParam("security.csrf_cookie", "para-csrf-token");
    private final Map<String, Object[]> localCache = new HashMap();
    private Cache cache;

    public Cache getCache() {
        return this.cache;
    }

    @Inject
    public void setCache(Cache cache) {
        this.cache = cache;
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String identifierFromCookie = getIdentifierFromCookie(httpServletRequest);
        if (identifierFromCookie != null) {
            String concat = identifierFromCookie.concat(this.parameterName);
            CsrfToken loadToken = loadToken(httpServletRequest);
            if (loadToken == null) {
                loadToken = generateToken(null);
                if (Config.isCacheEnabled()) {
                    this.cache.put(Config.getRootAppIdentifier(), concat, loadToken, Long.valueOf(Config.SESSION_TIMEOUT_SEC));
                } else {
                    this.localCache.put(concat, new Object[]{loadToken, Long.valueOf(System.currentTimeMillis())});
                }
            }
            storeTokenAsCookie(loadToken, httpServletRequest, httpServletResponse);
        }
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public CsrfToken loadToken(HttpServletRequest httpServletRequest) {
        CsrfToken csrfToken = null;
        String identifierFromCookie = getIdentifierFromCookie(httpServletRequest);
        if (identifierFromCookie != null) {
            String concat = identifierFromCookie.concat(this.parameterName);
            if (Config.isCacheEnabled()) {
                csrfToken = (CsrfToken) this.cache.get(Config.getRootAppIdentifier(), concat);
            } else {
                Object[] objArr = this.localCache.get(concat);
                if (objArr != null && objArr.length == 2) {
                    if (((Long) objArr[1]).longValue() + ((long) (Config.SESSION_TIMEOUT_SEC * 1000)) < System.currentTimeMillis()) {
                        this.localCache.remove(concat);
                    } else {
                        csrfToken = (CsrfToken) objArr[0];
                    }
                }
            }
        }
        return csrfToken;
    }

    private String getIdentifierFromCookie(HttpServletRequest httpServletRequest) {
        String stateParam = HttpUtils.getStateParam(Config.getConfigParam("auth_cookie", Config.PARA.concat("-auth")), httpServletRequest);
        String str = null;
        if (stateParam != null) {
            str = Utils.base64dec(Utils.base64dec(stateParam).split(":")[0]);
        }
        return str;
    }

    private String getTokenFromCookie(HttpServletRequest httpServletRequest) {
        String stateParam = HttpUtils.getStateParam(this.cookieName, httpServletRequest);
        return !StringUtils.isBlank(stateParam) ? stateParam : "";
    }

    private void storeTokenAsCookie(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isValidButNotInCookie(csrfToken, httpServletRequest)) {
            Cookie cookie = new Cookie(this.cookieName, csrfToken.getToken());
            cookie.setMaxAge(Config.SESSION_TIMEOUT_SEC);
            cookie.setHttpOnly(false);
            cookie.setSecure("https".equalsIgnoreCase(httpServletRequest.getScheme()));
            cookie.setPath("/");
            httpServletResponse.addCookie(cookie);
        }
    }

    private boolean isValidButNotInCookie(CsrfToken csrfToken, HttpServletRequest httpServletRequest) {
        return (csrfToken == null || StringUtils.isBlank(csrfToken.getToken()) || StringUtils.equals(getTokenFromCookie(httpServletRequest), csrfToken.getToken())) ? false : true;
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public CsrfToken generateToken(HttpServletRequest httpServletRequest) {
        return new DefaultCsrfToken("X-CSRF-TOKEN", this.parameterName, Utils.generateSecurityToken());
    }

    public void setParameterName(String str) {
        Assert.hasLength(str, "parameterName cannot be null or empty");
        this.parameterName = str;
    }

    public void setHeaderName(String str) {
        Assert.hasLength(str, "parameterName cannot be null or empty");
        this.parameterName = str;
    }
}
