package org.owasp.csrfguard.token.service;

import java.time.LocalDateTime;
import java.time.temporal.TemporalAmount;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.owasp.csrfguard.CsrfGuard;
import org.owasp.csrfguard.CsrfGuardException;
import org.owasp.csrfguard.CsrfValidator;
import org.owasp.csrfguard.ProtectionResult;
import org.owasp.csrfguard.session.LogicalSession;
import org.owasp.csrfguard.token.TokenUtils;
import org.owasp.csrfguard.token.businessobject.TokenBO;
import org.owasp.csrfguard.token.mapper.TokenMapper;
import org.owasp.csrfguard.token.storage.Token;
import org.owasp.csrfguard.token.storage.TokenHolder;
import org.owasp.csrfguard.token.storage.impl.PageTokenValue;
import org.owasp.csrfguard.token.transferobject.TokenTO;
import org.owasp.csrfguard.util.CsrfGuardUtils;
import org.owasp.csrfguard.util.MessageConstants;

/* loaded from: input_file:org/owasp/csrfguard/token/service/TokenService.class */
public class TokenService {
    private final CsrfGuard csrfGuard;

    public TokenService(CsrfGuard csrfGuard) {
        this.csrfGuard = csrfGuard;
    }

    public void invalidate(LogicalSession logicalSession) {
        this.csrfGuard.getTokenHolder().remove(logicalSession.getKey());
        logicalSession.invalidate();
    }

    public String getMasterToken(String str) {
        return getMasterToken(this.csrfGuard.getTokenHolder(), str);
    }

    public Map<String, String> getPageTokens(String str) {
        return new HashMap(this.csrfGuard.getTokenHolder().getPageTokens(str));
    }

    public String generateTokensIfAbsent(String str, String str2, String str3) {
        TokenHolder tokenHolder = this.csrfGuard.getTokenHolder();
        if (this.csrfGuard.isTokenPerPageEnabled()) {
            ProtectionResult isProtectedPageAndMethod = new CsrfValidator().isProtectedPageAndMethod(str3, str2);
            if (isProtectedPageAndMethod.isProtected()) {
                return tokenHolder.createPageTokenIfAbsent(str, isProtectedPageAndMethod.getResourceIdentifier(), TokenUtils::generateRandomToken);
            }
        }
        return tokenHolder.createMasterTokenIfAbsent(str, TokenUtils::generateRandomToken);
    }

    public void createMasterTokenIfAbsent(String str) {
        this.csrfGuard.getTokenHolder().createMasterTokenIfAbsent(str, TokenUtils::generateRandomToken);
    }

    public void generateProtectedPageTokens(String str) {
        HashMap hashMap = (HashMap) this.csrfGuard.getProtectedPages().stream().collect(Collectors.toMap(Function.identity(), str2 -> {
            return TokenUtils.generateRandomToken();
        }, (str3, str4) -> {
            return str4;
        }, HashMap::new));
        TokenHolder tokenHolder = this.csrfGuard.getTokenHolder();
        tokenHolder.createMasterTokenIfAbsent(str, TokenUtils::generateRandomToken);
        tokenHolder.setPageTokens(str, hashMap);
    }

    public TokenTO rotateUsedToken(String str, String str2, TokenBO tokenBO) {
        TokenHolder tokenHolder = this.csrfGuard.getTokenHolder();
        String generateRandomToken = TokenUtils.generateRandomToken();
        if (tokenBO.isUsedMasterToken()) {
            tokenHolder.setMasterToken(str, generateRandomToken);
            tokenBO.setUpdatedMasterToken(generateRandomToken);
        } else {
            tokenHolder.setPageToken(str, str2, generateRandomToken);
            tokenBO.setUpdatedPageToken(str2, generateRandomToken);
        }
        return TokenMapper.toTransferObject(tokenBO);
    }

    public void rotateAllTokens(String str) {
        TokenHolder tokenHolder = this.csrfGuard.getTokenHolder();
        tokenHolder.setMasterToken(str, TokenUtils.generateRandomToken());
        tokenHolder.rotateAllPageTokens(str, TokenUtils::generateRandomToken);
    }

    public String getTokenValue(String str, String str2) {
        TokenHolder tokenHolder = this.csrfGuard.getTokenHolder();
        return this.csrfGuard.isTokenPerPageEnabled() ? tokenHolder.createPageTokenIfAbsent(str, str2, TokenUtils::generateRandomToken) : tokenHolder.createMasterTokenIfAbsent(str, TokenUtils::generateRandomToken);
    }

    public TokenBO verifyToken(HttpServletRequest httpServletRequest, String str, String str2, String str3) throws CsrfGuardException {
        String tokenName = this.csrfGuard.getTokenName();
        boolean z = this.csrfGuard.isAjaxEnabled() && CsrfGuardUtils.isAjaxRequest(httpServletRequest);
        String header = z ? httpServletRequest.getHeader(tokenName) : httpServletRequest.getParameter(tokenName);
        if (Objects.isNull(header)) {
            throw new CsrfGuardException(MessageConstants.REQUEST_MISSING_TOKEN_MSG);
        }
        return this.csrfGuard.isTokenPerPageEnabled() ? verifyPageToken(str2, str3, header, str, z) : verifyMasterToken(str3, header);
    }

    private String getMasterToken(TokenHolder tokenHolder, String str) {
        Token token = tokenHolder.getToken(str);
        if (Objects.nonNull(token)) {
            return token.getMasterToken();
        }
        return null;
    }

    private TokenBO verifyPageToken(String str, String str2, String str3, String str4, boolean z) throws CsrfGuardException {
        TokenBO updatedPageToken;
        TokenHolder tokenHolder = this.csrfGuard.getTokenHolder();
        PageTokenValue timedPageToken = tokenHolder.getToken(str).getTimedPageToken(str4);
        if (timedPageToken == null) {
            String generateRandomToken = TokenUtils.generateRandomToken();
            tokenHolder.setPageToken(str, str4, generateRandomToken);
            updatedPageToken = verifyMasterToken(str2, str3).setUpdatedPageToken(str4, generateRandomToken);
        } else {
            String value = timedPageToken.getValue();
            if (value.equals(str3)) {
                updatedPageToken = new TokenBO().setUsedPageToken(str3);
            } else {
                if (!initIsWithinTimeTolerance(this.csrfGuard, z, timedPageToken)) {
                    if (str2.equals(value)) {
                        tokenHolder.setMasterToken(str, TokenUtils.generateRandomToken());
                    }
                    tokenHolder.regenerateUsedPageToken(str, str3, TokenUtils::generateRandomToken);
                    throw new CsrfGuardException(MessageConstants.MISMATCH_PAGE_TOKEN_MSG);
                }
                updatedPageToken = verifyMasterToken(str2, str3).setUpdatedPageToken(str4, value);
            }
        }
        return updatedPageToken;
    }

    private boolean initIsWithinTimeTolerance(CsrfGuard csrfGuard, boolean z, PageTokenValue pageTokenValue) {
        return z && !csrfGuard.isTokenPerPagePrecreate() && pageTokenValue.getCreationTime().plus((TemporalAmount) this.csrfGuard.getPageTokenSynchronizationTolerance()).isAfter(LocalDateTime.now());
    }

    private TokenBO verifyMasterToken(String str, String str2) throws CsrfGuardException {
        if (str.equals(str2)) {
            return new TokenBO().setUsedMasterToken(str2);
        }
        throw new CsrfGuardException(MessageConstants.MISMATCH_MASTER_TOKEN_MSG);
    }
}
