package nablarch.common.web.token;

import javax.servlet.http.HttpSession;
import nablarch.common.web.WebConfig;
import nablarch.common.web.WebConfigFinder;
import nablarch.core.repository.SystemRepository;
import nablarch.fw.ExecutionContext;
import nablarch.fw.web.HttpRequest;
import nablarch.fw.web.servlet.NablarchHttpServletRequestWrapper;
import nablarch.fw.web.servlet.ServletExecutionContext;

/* loaded from: input_file:nablarch/common/web/token/TokenUtil.class */
public final class TokenUtil {
    private static final String TOKEN_GENERATOR_NAME = "tokenGenerator";

    private TokenUtil() {
    }

    public static String generateToken(NablarchHttpServletRequestWrapper nablarchHttpServletRequestWrapper) {
        WebConfig webConfig = WebConfigFinder.getWebConfig();
        String str = (String) nablarchHttpServletRequestWrapper.getAttribute(webConfig.getDoubleSubmissionTokenRequestAttributeName());
        if (str == null) {
            str = getTokenGenerator().generate();
            nablarchHttpServletRequestWrapper.setAttribute(webConfig.getDoubleSubmissionTokenRequestAttributeName(), str);
            HttpSession nativeSession = getNativeSession(nablarchHttpServletRequestWrapper);
            synchronized (nativeSession) {
                nativeSession.setAttribute(webConfig.getDoubleSubmissionTokenSessionAttributeName(), str);
            }
        }
        return str;
    }

    private static HttpSession getNativeSession(NablarchHttpServletRequestWrapper nablarchHttpServletRequestWrapper) {
        return nablarchHttpServletRequestWrapper.m33getSession(true).getDelegate();
    }

    public static TokenGenerator getTokenGenerator() {
        TokenGenerator tokenGenerator = (TokenGenerator) SystemRepository.getObject(TOKEN_GENERATOR_NAME);
        return tokenGenerator != null ? tokenGenerator : new RandomTokenGenerator();
    }

    public static synchronized boolean isValidToken(HttpRequest httpRequest, ExecutionContext executionContext) throws ClassCastException {
        boolean z;
        WebConfig webConfig = WebConfigFinder.getWebConfig();
        String[] mo10getParam = httpRequest.mo10getParam(webConfig.getDoubleSubmissionTokenParameterName());
        HttpSession nativeSession = getNativeSession(executionContext);
        if (nativeSession == null) {
            return false;
        }
        if (mo10getParam == null || mo10getParam.length != 1) {
            z = false;
        } else {
            String str = mo10getParam[0];
            String str2 = (String) nativeSession.getAttribute(webConfig.getDoubleSubmissionTokenSessionAttributeName());
            z = str2 != null && str2.equals(str);
        }
        nativeSession.removeAttribute(webConfig.getDoubleSubmissionTokenSessionAttributeName());
        return z;
    }

    private static HttpSession getNativeSession(ExecutionContext executionContext) {
        return ((ServletExecutionContext) executionContext).getNativeHttpSession(false);
    }
}
