package com.alibaba.citrus.turbine.pipeline.valve;

import com.alibaba.citrus.logconfig.support.SecurityLogger;
import com.alibaba.citrus.service.pipeline.PipelineContext;
import com.alibaba.citrus.service.pipeline.support.AbstractValve;
import com.alibaba.citrus.service.pipeline.support.AbstractValveDefinitionParser;
import com.alibaba.citrus.springext.util.SpringExtUtil;
import com.alibaba.citrus.turbine.TurbineRunData;
import com.alibaba.citrus.turbine.util.CsrfToken;
import com.alibaba.citrus.turbine.util.CsrfTokenCheckException;
import com.alibaba.citrus.turbine.util.TurbineUtil;
import com.alibaba.citrus.util.ObjectUtil;
import com.alibaba.citrus.util.StringUtil;
import java.util.LinkedList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.ParserContext;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alibaba/citrus/turbine/pipeline/valve/CheckCsrfTokenValve.class */
public class CheckCsrfTokenValve extends AbstractValve {
    private final SecurityLogger log = new SecurityLogger();

    @Autowired
    private HttpServletRequest request;
    private String tokenKey;
    private int maxTokens;
    private String expiredPage;

    /* loaded from: input_file:com/alibaba/citrus/turbine/pipeline/valve/CheckCsrfTokenValve$DefinitionParser.class */
    public static class DefinitionParser extends AbstractValveDefinitionParser<CheckCsrfTokenValve> {
        protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder beanDefinitionBuilder) {
            SpringExtUtil.attributesToProperties(element, beanDefinitionBuilder, "tokenKey", "maxTokens", "expiredPage", "logName");
        }
    }

    public String getTokenKey() {
        return this.tokenKey;
    }

    public void setTokenKey(String str) {
        this.tokenKey = StringUtil.trimToNull(str);
    }

    public int getMaxTokens() {
        return this.maxTokens;
    }

    public void setMaxTokens(int i) {
        this.maxTokens = i;
    }

    public String getExpiredPage() {
        return this.expiredPage;
    }

    public void setExpiredPage(String str) {
        this.expiredPage = str;
    }

    public String getLogName() {
        return this.log.getLogger().getName();
    }

    public void setLogName(String str) {
        this.log.setLogName(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.alibaba.citrus.springext.support.BeanSupport
    public void init() {
        this.tokenKey = (String) ObjectUtil.defaultIfNull(this.tokenKey, CsrfToken.DEFAULT_TOKEN_KEY);
    }

    @Override // com.alibaba.citrus.service.pipeline.Valve
    public void invoke(PipelineContext pipelineContext) throws Exception {
        TurbineRunData turbineRunData = TurbineUtil.getTurbineRunData(this.request);
        String trimToNull = StringUtil.trimToNull(turbineRunData.getParameters().getString(this.tokenKey));
        if (trimToNull != null) {
            HttpSession session = turbineRunData.getRequest().getSession();
            if (!trimToNull.equals(CsrfToken.getLongLiveTokenInSession(session))) {
                LinkedList<String> tokensInSession = CsrfToken.getTokensInSession(session, this.tokenKey);
                if (tokensInSession.contains(trimToNull)) {
                    tokensInSession.remove(trimToNull);
                    CsrfToken.setTokensInSession(session, this.tokenKey, tokensInSession);
                } else {
                    requestExpired(turbineRunData, trimToNull, tokensInSession);
                }
            }
        }
        try {
            CsrfToken.setContextTokenConfiguration(this.tokenKey, this.maxTokens);
            pipelineContext.invokeNext();
        } finally {
            CsrfToken.resetContextTokenConfiguration();
        }
    }

    private void requestExpired(TurbineRunData turbineRunData, String str, List<String> list) {
        this.log.getLogger().warn("CsrfToken \"{}\" does not match: requested token is {}, but the session tokens are {}.", new Object[]{this.tokenKey, str, list});
        if (this.expiredPage != null) {
            turbineRunData.setRedirectTarget(this.expiredPage);
        } else if (this.expiredPage == null) {
            throw new CsrfTokenCheckException(turbineRunData.getRequest().getRequestURL().toString());
        }
    }
}
