package nablarch.fw.web.handler;

import nablarch.common.web.WebConfig;
import nablarch.common.web.WebConfigFinder;
import nablarch.common.web.session.SessionUtil;
import nablarch.core.log.Logger;
import nablarch.core.log.LoggerManager;
import nablarch.fw.ExecutionContext;
import nablarch.fw.web.HttpRequest;
import nablarch.fw.web.HttpRequestHandler;
import nablarch.fw.web.HttpResponse;
import nablarch.fw.web.handler.csrf.BadRequestVerificationFailureHandler;
import nablarch.fw.web.handler.csrf.CsrfTokenGenerator;
import nablarch.fw.web.handler.csrf.HttpMethodVerificationTargetMatcher;
import nablarch.fw.web.handler.csrf.UUIDv4CsrfTokenGenerator;
import nablarch.fw.web.handler.csrf.VerificationFailureHandler;
import nablarch.fw.web.handler.csrf.VerificationTargetMatcher;

/* loaded from: input_file:nablarch/fw/web/handler/CsrfTokenVerificationHandler.class */
public class CsrfTokenVerificationHandler implements HttpRequestHandler {
    public static final String REQUEST_REGENERATE_KEY = "nablarch_request_for_csrf_token_to_be_regenerated";
    private static final Logger LOGGER = LoggerManager.get(CsrfTokenVerificationHandler.class);
    private CsrfTokenGenerator csrfTokenGenerator = new UUIDv4CsrfTokenGenerator();
    private VerificationTargetMatcher verificationTargetMatcher = new HttpMethodVerificationTargetMatcher();
    private VerificationFailureHandler verificationFailureHandler = new BadRequestVerificationFailureHandler();

    @Override // nablarch.fw.web.HttpRequestHandler
    public HttpResponse handle(HttpRequest httpRequest, ExecutionContext executionContext) {
        String sessionAssociatedToken = getSessionAssociatedToken(executionContext);
        if (isTargetOfVerification(httpRequest)) {
            String userSentToken = getUserSentToken(httpRequest);
            if (!verifyToken(userSentToken, sessionAssociatedToken)) {
                return this.verificationFailureHandler.handle(httpRequest, executionContext, userSentToken, sessionAssociatedToken);
            }
        }
        HttpResponse httpResponse = (HttpResponse) executionContext.handleNext(httpRequest);
        Object requestScopedVar = executionContext.getRequestScopedVar(REQUEST_REGENERATE_KEY);
        if (requestScopedVar != null) {
            if (Boolean.TRUE.equals(requestScopedVar)) {
                generateAndSaveToken(executionContext);
            } else if (LOGGER.isWarnEnabled()) {
                LOGGER.logWarn("A request scoped variable named 'nablarch_request_for_csrf_token_to_be_regenerated' has unexpected value. 'nablarch_request_for_csrf_token_to_be_regenerated' must be Bolean.TRUE.", new Object[0]);
            }
        }
        return httpResponse;
    }

    private boolean isTargetOfVerification(HttpRequest httpRequest) {
        return this.verificationTargetMatcher.match(httpRequest);
    }

    private boolean verifyToken(String str, String str2) {
        return str != null && str.equals(str2);
    }

    private String getUserSentToken(HttpRequest httpRequest) {
        WebConfig webConfig = WebConfigFinder.getWebConfig();
        String header = httpRequest.getHeader(webConfig.getCsrfTokenHeaderName());
        if (header != null) {
            return header;
        }
        String[] mo9getParam = httpRequest.mo9getParam(webConfig.getCsrfTokenParameterName());
        if (mo9getParam == null || mo9getParam.length <= 0) {
            return null;
        }
        return mo9getParam[0];
    }

    private String getSessionAssociatedToken(ExecutionContext executionContext) {
        String str = (String) SessionUtil.orNull(executionContext, WebConfigFinder.getWebConfig().getCsrfTokenSessionStoredVarName());
        if (str == null) {
            str = generateAndSaveToken(executionContext);
        }
        return str;
    }

    private String generateAndSaveToken(ExecutionContext executionContext) {
        WebConfig webConfig = WebConfigFinder.getWebConfig();
        String csrfTokenSessionStoredVarName = webConfig.getCsrfTokenSessionStoredVarName();
        String generateToken = this.csrfTokenGenerator.generateToken();
        String csrfTokenSavedStoreName = webConfig.getCsrfTokenSavedStoreName();
        if (csrfTokenSavedStoreName != null) {
            SessionUtil.put(executionContext, csrfTokenSessionStoredVarName, generateToken, csrfTokenSavedStoreName);
        } else {
            SessionUtil.put(executionContext, csrfTokenSessionStoredVarName, generateToken);
        }
        return generateToken;
    }

    public void setCsrfTokenGenerator(CsrfTokenGenerator csrfTokenGenerator) {
        this.csrfTokenGenerator = csrfTokenGenerator;
    }

    public void setVerificationTargetMatcher(VerificationTargetMatcher verificationTargetMatcher) {
        this.verificationTargetMatcher = verificationTargetMatcher;
    }

    public void setVerificationFailureHandler(VerificationFailureHandler verificationFailureHandler) {
        this.verificationFailureHandler = verificationFailureHandler;
    }
}
