package com.erudika.para.security;

import com.erudika.para.cache.Cache;
import com.erudika.para.utils.Config;
import com.erudika.para.utils.HttpUtils;
import com.erudika.para.utils.Utils;
import com.erudika.para.utils.filters.CORSFilter;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.inject.Inject;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.util.Assert;

/* loaded from: input_file:com/erudika/para/security/CachedCsrfTokenRepository.class */
public class CachedCsrfTokenRepository implements CsrfTokenRepository {
    private static final Logger logger = LoggerFactory.getLogger(CachedCsrfTokenRepository.class);
    private String parameterName = "_csrf";
    private final String headerName = "X-CSRF-TOKEN";
    private final String cookieName = Config.getConfigParam("security.csrf_cookie", "para-csrf-token");
    private final String authCookie = Config.getConfigParam("auth_cookie", "para".concat("-auth"));
    private final String anonIdentCookieName = this.cookieName + "-anonid";
    private final Map<String, Object[]> localCache = new ConcurrentHashMap();
    private Cache cache;

    public Cache getCache() {
        return this.cache;
    }

    @Inject
    public void setCache(Cache cache) {
        this.cache = cache;
    }

    public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String identifierFromCookie = getIdentifierFromCookie(httpServletRequest);
        if (StringUtils.isBlank(identifierFromCookie) && StringUtils.isBlank(HttpUtils.getStateParam(this.authCookie, httpServletRequest))) {
            identifierFromCookie = Utils.generateSecurityToken(16);
            storeAnonIdentCookie(identifierFromCookie, httpServletRequest, httpServletResponse);
        }
        if (identifierFromCookie != null) {
            CsrfToken loadToken = loadToken(httpServletRequest);
            if (loadToken == null) {
                if (HttpUtils.getStateParam(this.anonIdentCookieName, httpServletRequest) != null) {
                    loadToken = loadTokenFromCache(identifierFromCookie);
                    if (loadToken == null) {
                        HttpUtils.removeStateParam(this.cookieName, httpServletRequest, httpServletResponse);
                        HttpUtils.removeStateParam(this.anonIdentCookieName, httpServletRequest, httpServletResponse);
                        removeTokenFromCache(identifierFromCookie);
                        return;
                    }
                } else {
                    loadToken = generateToken(null);
                }
                storeTokenInCache(identifierFromCookie, loadToken);
            }
            storeTokenAsCookie(loadToken, httpServletRequest, httpServletResponse);
        }
    }

    public CsrfToken loadToken(HttpServletRequest httpServletRequest) {
        CsrfToken csrfToken = null;
        String identifierFromCookie = getIdentifierFromCookie(httpServletRequest);
        if (identifierFromCookie != null) {
            csrfToken = loadTokenFromCache(identifierFromCookie.concat(this.parameterName));
            String stateParam = HttpUtils.getStateParam(this.anonIdentCookieName, httpServletRequest);
            if (stateParam != null) {
                CsrfToken loadTokenFromCache = loadTokenFromCache(stateParam);
                if (!identifierFromCookie.equals(stateParam) && loadTokenFromCache != null && csrfToken != null) {
                    storeTokenInCache(identifierFromCookie, loadTokenFromCache);
                    csrfToken = loadTokenFromCache;
                }
            }
        }
        if (csrfToken != null && !StringUtils.isBlank(csrfToken.getToken()) && StringUtils.isBlank(getTokenFromCookie(httpServletRequest))) {
            csrfToken = null;
        }
        return csrfToken;
    }

    private void storeTokenInCache(String str, CsrfToken csrfToken) {
        if (!str.endsWith(this.parameterName)) {
            str = str.concat(this.parameterName);
        }
        if (Config.isCacheEnabled()) {
            this.cache.put(Config.getRootAppIdentifier(), str, csrfToken, Long.valueOf(Config.SESSION_TIMEOUT_SEC));
        } else {
            this.localCache.put(str, new Object[]{csrfToken, Long.valueOf(System.currentTimeMillis())});
        }
    }

    private CsrfToken loadTokenFromCache(String str) {
        if (!str.endsWith(this.parameterName)) {
            str = str.concat(this.parameterName);
        }
        CsrfToken csrfToken = null;
        if (Config.isCacheEnabled()) {
            csrfToken = (CsrfToken) this.cache.get(Config.getRootAppIdentifier(), str);
        } else {
            Object[] objArr = this.localCache.get(str);
            if (objArr != null && objArr.length == 2) {
                if (((Long) objArr[1]).longValue() + ((long) (Config.SESSION_TIMEOUT_SEC * 1000)) < System.currentTimeMillis()) {
                    removeTokenFromCache(str);
                } else {
                    csrfToken = (CsrfToken) objArr[0];
                }
            }
        }
        return csrfToken;
    }

    private void removeTokenFromCache(String str) {
        if (!str.endsWith(this.parameterName)) {
            str = str.concat(this.parameterName);
        }
        if (Config.isCacheEnabled()) {
            this.cache.remove(str);
        } else {
            this.localCache.remove(str);
        }
    }

    private String getIdentifierFromCookie(HttpServletRequest httpServletRequest) {
        String stateParam = HttpUtils.getStateParam(this.authCookie, httpServletRequest);
        String str = null;
        if (stateParam != null) {
            str = Utils.base64dec(Utils.urlDecode(Utils.base64dec(stateParam).split(":")[0]));
        }
        if (str == null) {
            str = HttpUtils.getStateParam(this.anonIdentCookieName, httpServletRequest);
        }
        return str;
    }

    private String getTokenFromCookie(HttpServletRequest httpServletRequest) {
        String stateParam = HttpUtils.getStateParam(this.cookieName, httpServletRequest);
        return !StringUtils.isBlank(stateParam) ? stateParam : CORSFilter.DEFAULT_EXPOSED_HEADERS;
    }

    private void storeTokenAsCookie(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isValidButNotInCookie(csrfToken, httpServletRequest)) {
            Cookie cookie = new Cookie(this.cookieName, csrfToken.getToken());
            cookie.setMaxAge(Config.SESSION_TIMEOUT_SEC);
            cookie.setHttpOnly(false);
            cookie.setSecure("https".equalsIgnoreCase(httpServletRequest.getScheme()));
            cookie.setPath("/");
            httpServletResponse.addCookie(cookie);
        }
    }

    private void storeAnonIdentCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie(this.anonIdentCookieName, str);
        cookie.setMaxAge(Config.SESSION_TIMEOUT_SEC);
        cookie.setHttpOnly(false);
        cookie.setSecure("https".equalsIgnoreCase(httpServletRequest.getScheme()));
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
    }

    private boolean isValidButNotInCookie(CsrfToken csrfToken, HttpServletRequest httpServletRequest) {
        return (csrfToken == null || StringUtils.isBlank(csrfToken.getToken()) || StringUtils.equals(getTokenFromCookie(httpServletRequest), csrfToken.getToken())) ? false : true;
    }

    public CsrfToken generateToken(HttpServletRequest httpServletRequest) {
        return new DefaultCsrfToken("X-CSRF-TOKEN", this.parameterName, Utils.generateSecurityToken());
    }

    public void setParameterName(String str) {
        Assert.hasLength(str, "parameterName cannot be null or empty");
        this.parameterName = str;
    }

    public void setHeaderName(String str) {
        Assert.hasLength(str, "parameterName cannot be null or empty");
        this.parameterName = str;
    }
}
