package spring.ajax.client.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import spring.ajax.client.anno.CSRF;

/* loaded from: input_file:spring/ajax/client/interceptor/CSRFProtectInterceptor.class */
public class CSRFProtectInterceptor implements HandlerInterceptor {
    public static final String CSRF_TOKEN = "csrf_token";

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute(CSRF_TOKEN) == null) {
            synchronized (session) {
                if (session.getAttribute(CSRF_TOKEN) == null) {
                    session.setAttribute(CSRF_TOKEN, System.nanoTime() + "");
                }
            }
            return true;
        }
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (handlerMethod.hasMethodAnnotation(CSRF.class)) {
            return session.getAttribute(CSRF_TOKEN).equals(httpServletRequest.getHeader(((CSRF) handlerMethod.getMethodAnnotation(CSRF.class)).tokenHeader()));
        }
        return true;
    }
}
