package org.zaproxy.zap.extension.anticsrf;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.configuration.ConversionException;
import org.apache.commons.configuration.HierarchicalConfiguration;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.common.AbstractParam;
import org.zaproxy.zap.extension.api.ZapApiIgnore;

/* loaded from: input_file:org/zaproxy/zap/extension/anticsrf/AntiCsrfParam.class */
public class AntiCsrfParam extends AbstractParam {
    private static final String ALL_TOKENS_KEY = "anticsrf.tokens.token";
    private static final String TOKEN_NAME_KEY = "name";
    private static final String TOKEN_ENABLED_KEY = "enabled";
    private static final String CONFIRM_REMOVE_TOKEN_KEY = "anticsrf.confirmRemoveToken";
    private List<AntiCsrfParamToken> tokens = null;
    private List<String> enabledTokensNames = null;
    private boolean confirmRemoveToken = true;
    private static final Logger logger = Logger.getLogger(AntiCsrfParam.class);
    private static final String ANTI_CSRF_BASE_KEY = "anticsrf";
    private static final String[] DEFAULT_TOKENS_NAMES = {ANTI_CSRF_BASE_KEY, "CSRFToken", "__RequestVerificationToken", "csrfmiddlewaretoken", "authenticity_token", "OWASP_CSRFTOKEN", "anoncsrf", "csrf_token", "_csrf", "_csrfSecret"};

    @Override // org.parosproxy.paros.common.AbstractParam
    protected void parse() {
        try {
            List<HierarchicalConfiguration> configurationsAt = getConfig().configurationsAt(ALL_TOKENS_KEY);
            this.tokens = new ArrayList(configurationsAt.size());
            this.enabledTokensNames = new ArrayList(configurationsAt.size());
            ArrayList arrayList = new ArrayList(configurationsAt.size());
            for (HierarchicalConfiguration hierarchicalConfiguration : configurationsAt) {
                String string = hierarchicalConfiguration.getString("name", Constant.USER_AGENT);
                if (!Constant.USER_AGENT.equals(string) && !arrayList.contains(string)) {
                    boolean z = hierarchicalConfiguration.getBoolean(TOKEN_ENABLED_KEY, true);
                    this.tokens.add(new AntiCsrfParamToken(string, z));
                    arrayList.add(string);
                    if (z) {
                        this.enabledTokensNames.add(string);
                    }
                }
            }
        } catch (ConversionException e) {
            logger.error("Error while loading anti CSRF tokens: " + e.getMessage(), e);
            this.tokens = new ArrayList(DEFAULT_TOKENS_NAMES.length);
            this.enabledTokensNames = new ArrayList(DEFAULT_TOKENS_NAMES.length);
        }
        addMissingTokens();
        this.confirmRemoveToken = getBoolean(CONFIRM_REMOVE_TOKEN_KEY, true);
    }

    private void addMissingTokens() {
        List asList = Arrays.asList(DEFAULT_TOKENS_NAMES);
        if (getTokensNames().containsAll(asList)) {
            return;
        }
        asList.forEach(str -> {
            addToken(str);
        });
        setTokens(this.tokens);
    }

    @ZapApiIgnore
    public List<AntiCsrfParamToken> getTokens() {
        return this.tokens;
    }

    @ZapApiIgnore
    public void setTokens(List<AntiCsrfParamToken> list) {
        this.tokens = new ArrayList(list);
        getConfig().clearTree(ALL_TOKENS_KEY);
        ArrayList arrayList = new ArrayList(list.size());
        int size = list.size();
        for (int i = 0; i < size; i++) {
            String str = "anticsrf.tokens.token(" + i + ").";
            AntiCsrfParamToken antiCsrfParamToken = list.get(i);
            getConfig().setProperty(str + "name", antiCsrfParamToken.getName());
            getConfig().setProperty(str + TOKEN_ENABLED_KEY, Boolean.valueOf(antiCsrfParamToken.isEnabled()));
            if (antiCsrfParamToken.isEnabled()) {
                arrayList.add(antiCsrfParamToken.getName());
            }
        }
        arrayList.trimToSize();
        this.enabledTokensNames = arrayList;
    }

    public void addToken(String str) {
        if (str == null || str.isEmpty() || !this.tokens.stream().noneMatch(antiCsrfParamToken -> {
            return str.equals(antiCsrfParamToken.getName());
        })) {
            return;
        }
        this.tokens.add(new AntiCsrfParamToken(str));
        this.enabledTokensNames.add(str);
    }

    public void removeToken(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        Iterator<AntiCsrfParamToken> it = this.tokens.iterator();
        while (it.hasNext()) {
            AntiCsrfParamToken next = it.next();
            if (str.equals(next.getName())) {
                it.remove();
                if (next.isEnabled()) {
                    this.enabledTokensNames.remove(str);
                    return;
                }
                return;
            }
        }
    }

    @ZapApiIgnore
    public List<String> getTokensNames() {
        return this.enabledTokensNames;
    }

    @ZapApiIgnore
    public boolean isConfirmRemoveToken() {
        return this.confirmRemoveToken;
    }

    @ZapApiIgnore
    public void setConfirmRemoveToken(boolean z) {
        this.confirmRemoveToken = z;
        getConfig().setProperty(CONFIRM_REMOVE_TOKEN_KEY, Boolean.valueOf(this.confirmRemoveToken));
    }
}
