package com.github.kaizen4j.shiro.csrf;

import com.github.kaizen4j.algorithm.encrypt.Des;
import com.github.kaizen4j.shiro.exception.InvalidCsrfTokenException;
import java.util.Objects;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:com/github/kaizen4j/shiro/csrf/CookieCsrfTokenRepository.class */
public class CookieCsrfTokenRepository implements CsrfTokenRepository {
    private static final Logger logger = LoggerFactory.getLogger(CookieCsrfTokenRepository.class);
    private static final String DEFAULT_SECRET_KEY = Hex.encodeHexString(CookieCsrfTokenRepository.class.getName().getBytes());
    private static final String DEFAULT_CSRF_PARAMETER_NAME = "_csrf";
    private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN";
    private static final String DEFAULT_CSRF_COOKIE_NAME = "XSRF-TOKEN";
    private static final int ONE_HOUR = 3600;
    private String cookiePath;
    private String parameterName = DEFAULT_CSRF_PARAMETER_NAME;
    private String headerName = DEFAULT_CSRF_HEADER_NAME;
    private String cookieName = DEFAULT_CSRF_COOKIE_NAME;
    private boolean cookieHttpOnly = true;
    private String secretKey = DEFAULT_SECRET_KEY;
    private int expireSeconds = ONE_HOUR;

    @Override // com.github.kaizen4j.shiro.csrf.CsrfTokenRepository
    public CsrfToken generateToken(HttpServletRequest httpServletRequest) {
        return new DefaultCsrfToken(this.headerName, this.parameterName, createNewToken());
    }

    @Override // com.github.kaizen4j.shiro.csrf.CsrfTokenRepository
    public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SimpleCookie simpleCookie = new SimpleCookie(this.cookieName);
        simpleCookie.setHttpOnly(this.cookieHttpOnly);
        simpleCookie.setSecure(httpServletRequest.isSecure());
        simpleCookie.setMaxAge(this.expireSeconds);
        simpleCookie.setValue(Objects.isNull(csrfToken) ? "" : csrfToken.getToken());
        if (StringUtils.isNotBlank(this.cookiePath)) {
            simpleCookie.setPath(this.cookiePath);
        } else {
            simpleCookie.setPath(getRequestContext(httpServletRequest));
        }
        simpleCookie.saveTo(httpServletRequest, httpServletResponse);
    }

    @Override // com.github.kaizen4j.shiro.csrf.CsrfTokenRepository
    public CsrfToken loadToken(HttpServletRequest httpServletRequest) {
        Cookie cookie = WebUtils.getCookie(httpServletRequest, this.cookieName);
        if (Objects.isNull(cookie)) {
            return null;
        }
        String value = cookie.getValue();
        if (StringUtils.isBlank(value)) {
            return null;
        }
        if (checkToken(value)) {
            return new DefaultCsrfToken(this.headerName, this.parameterName, value);
        }
        throw new InvalidCsrfTokenException("Invalid csrf token: " + value);
    }

    public void setParameterName(String str) {
        Assert.notNull(str, "parameterName is not null");
        this.parameterName = str;
    }

    public void setHeaderName(String str) {
        Assert.notNull(str, "headerName is not null");
        this.headerName = str;
    }

    public String getCookieName() {
        return this.cookieName;
    }

    public void setCookieName(String str) {
        this.cookieName = str;
    }

    public String getCookiePath() {
        return this.cookiePath;
    }

    public void setCookiePath(String str) {
        this.cookiePath = str;
    }

    public String getSecretKey() {
        return this.secretKey;
    }

    public void setSecretKey(String str) {
        this.secretKey = str;
    }

    public int getExpireSeconds() {
        return this.expireSeconds;
    }

    public void setExpireSeconds(int i) {
        this.expireSeconds = i;
    }

    public void setCookieHttpOnly(boolean z) {
        this.cookieHttpOnly = z;
    }

    public static CookieCsrfTokenRepository withHttpOnlyFalse() {
        CookieCsrfTokenRepository cookieCsrfTokenRepository = new CookieCsrfTokenRepository();
        cookieCsrfTokenRepository.setCookieHttpOnly(false);
        return cookieCsrfTokenRepository;
    }

    private String getRequestContext(HttpServletRequest httpServletRequest) {
        String contextPath = httpServletRequest.getContextPath();
        return contextPath.length() > 0 ? contextPath : "/";
    }

    private String createNewToken() {
        StringBuilder sb = new StringBuilder();
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(16);
        sb.append(randomAlphanumeric);
        sb.append("-");
        sb.append(Des.encrypt(randomAlphanumeric, this.secretKey));
        return sb.toString();
    }

    private boolean checkToken(String str) {
        try {
            String[] split = str.split("-", 2);
            return StringUtils.equals(split[0], Des.decrypt(split[1], this.secretKey));
        } catch (Exception e) {
            logger.error("Check csrf token [{}] error", str, e);
            return false;
        }
    }
}
