package io.leopard.web4j.nobug.csrf;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.method.HandlerMethod;

/* loaded from: input_file:io/leopard/web4j/nobug/csrf/CsrfServiceImpl.class */
public class CsrfServiceImpl implements CsrfService {
    public static final String publicKey = "csrfTokenKeyxx123";
    public static final String PARAMETER_NAME_CSRF_TOKEN = "csrf-token";
    private static boolean enable = true;
    private static final CsrfDao csrfDao = new CsrfDaoImpl();
    private static final TokenVerifier tokenVerifier = new TokenVerifier(csrfDao);
    protected Log logger = LogFactory.getLog(getClass());
    private final CsrfChecker csrfChecker = new CsrfCheckerImpl();

    @Override // io.leopard.web4j.nobug.csrf.CsrfService
    public boolean isEnable() {
        return enable;
    }

    public static void setEnable(boolean z) {
        enable = z;
    }

    public static void setOnlyLog(boolean z) {
        tokenVerifier.setOnlyLog(z);
    }

    @Override // io.leopard.web4j.nobug.csrf.CsrfService
    public void check(HandlerMethod handlerMethod, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.csrfChecker.isSafe(handlerMethod, httpServletRequest, httpServletResponse, tokenVerifier)) {
            return;
        }
        String name = handlerMethod.getMethod().getReturnType().getName();
        if ("io.leopard.web4j.view.JsonView".equals(name)) {
            checkByJsonView(handlerMethod, httpServletRequest, httpServletResponse);
        } else if ("io.leopard.web4j.view.UpdatedRedirectView".equals(name)) {
            tokenVerifier.verify(httpServletRequest, httpServletResponse);
        } else {
            tokenVerifier.verify(httpServletRequest, httpServletResponse);
        }
    }

    protected void checkByJsonView(HandlerMethod handlerMethod, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isNotEmpty(httpServletRequest.getParameter("callback"))) {
            tokenVerifier.verify(httpServletRequest, httpServletResponse);
            return;
        }
        if (isNotEmpty(httpServletRequest.getParameter("var"))) {
            tokenVerifier.verify(httpServletRequest, httpServletResponse);
            return;
        }
        String parameter = httpServletRequest.getParameter(PARAMETER_NAME_CSRF_TOKEN);
        if (!isNotEmpty(parameter) || "null".equals(parameter)) {
            return;
        }
        tokenVerifier.verify(httpServletRequest, httpServletResponse);
    }

    private boolean isNotEmpty(String str) {
        return str != null && str.length() > 0;
    }

    @Override // io.leopard.web4j.nobug.csrf.CsrfService
    public String makeToken(String str, long j) {
        long currentTimeMillis = System.currentTimeMillis();
        return csrfDao.encrypt(currentTimeMillis + " " + str + " " + publicKey).substring(0, 10) + "-" + csrfDao.encrypt(currentTimeMillis + " " + j + " " + publicKey).substring(0, 10) + "-" + currentTimeMillis;
    }
}
