package de.tsl2.nano.h5;

import de.tsl2.nano.core.ENV;
import de.tsl2.nano.core.ManagedException;
import de.tsl2.nano.core.secure.Crypt;
import de.tsl2.nano.core.util.DateUtil;
import de.tsl2.nano.core.util.StringUtil;
import de.tsl2.nano.h5.NanoHTTPD;
import java.net.InetAddress;
import java.util.Date;
import java.util.Map;
import org.eclipse.jdt.internal.core.JavadocConstants;

/* loaded from: input_file:de/tsl2/nano/h5/WebSecurity.class */
public class WebSecurity {
    private static final String SEP = "---";
    private String antiCSRFKey;
    private static final String ENV_PREF = "app.session.";
    private static final String PREF_ANTICSRF = "app.session.anticsrf";
    public static final String HIDDEN_NAME = "hiddentoken";
    public static final String DEF_ALG = "AES";

    public static boolean useAntiCSRFToken() {
        return ((Boolean) ENV.get(PREF_ANTICSRF, true)).booleanValue();
    }

    public String createAntiCSRFToken(NanoH5Session nanoH5Session) {
        try {
            return Crypt.encrypt(nanoH5Session.getKey() + SEP + (nanoH5Session.getWorkingObject() != null ? nanoH5Session.getWorkingObject().getId() : "NOTHING") + SEP + System.currentTimeMillis(), getAntiCSRFKey(), (String) ENV.get("app.session.anticsrf.algorithm", DEF_ALG));
        } catch (Exception e) {
            if (nanoH5Session != null) {
                nanoH5Session.close();
            }
            ManagedException.forward(e);
            return null;
        }
    }

    private String getAntiCSRFKey() {
        if (this.antiCSRFKey == null) {
            this.antiCSRFKey = Crypt.generatePassword((byte) 16);
        }
        return this.antiCSRFKey;
    }

    public void checkAntiCSRFToken(NanoH5Session nanoH5Session, String str) {
        if (useAntiCSRFToken()) {
            String[] split = Crypt.decrypt(str, getAntiCSRFKey(), (String) ENV.get("app.session.anticsrf.algorithm", DEF_ALG)).split("[-]{3}");
            boolean z = false;
            if (split[0].equals(nanoH5Session.getKey())) {
                if (new Date(Long.valueOf(split[2]).longValue() + ((Integer) ENV.get("app.session.anticsrf.maxage.milliseconds", 3600000)).intValue()).before(new Date())) {
                    z = true;
                } else if (((Boolean) ENV.get("app.session.anticsrf.check.form", false)).booleanValue() && !split[1].equals(nanoH5Session.getWorkingObject().getId())) {
                    z = true;
                }
            } else {
                z = true;
            }
            if (z) {
                nanoH5Session.close();
                throw new IllegalStateException("request outdated or unauthorized! closing session!");
            }
        }
    }

    public NanoHTTPD.Response addSessionHeader(NanoH5Session nanoH5Session, NanoHTTPD.Response response) {
        if (nanoH5Session != null) {
            addSessionID(nanoH5Session, response);
        }
        String[] split = ((String) ENV.get("app.session.httpheader", "X-XSS-Protection: 1; mode=block, X-Frame-Options: sameorigin, X-Content-Type-Options: nosniff;")).split("\\s*[,:]\\s*");
        for (int i = 0; i < split.length; i += 2) {
            response.addHeader(split[i].trim(), split[i + 1].trim());
        }
        return response;
    }

    public static Object getSessionID(Map<String, String> map, InetAddress inetAddress) {
        return map.containsKey("if-none-match") ? map.get("if-none-match") : map.containsKey("cookie") ? StringUtil.substring(map.get("cookie"), "session-id=", ";") : inetAddress;
    }

    protected void addSessionID(NanoH5Session nanoH5Session, NanoHTTPD.Response response) {
        if (nanoH5Session.getKey() != null) {
            String str = (String) ENV.get("app.session.id", "Cookie");
            String str2 = "Max-Age=" + (((Long) ENV.get("session.timeout.millis", Long.valueOf(30 * DateUtil.T_MINUTE))).longValue() / 1000) + ";";
            if (str.equals("Cookie")) {
                response.addHeader("Set-Cookie", "session-id=" + nanoH5Session.getKey() + ";" + (((Boolean) ENV.get("app.ssl.activate", false)).booleanValue() ? "secure; " : ";") + str2 + ((String) ENV.get("app.session.cookie.parameter", "SameSite=Strict; HttpOnly;")));
            } else if (str.equals("ETag")) {
                addETag(nanoH5Session.getKey(), response, str2);
            }
        }
    }

    public void addETag(String str, NanoHTTPD.Response response, String str2) {
        response.addHeader("ETag", JavadocConstants.ANCHOR_PREFIX_END + str + JavadocConstants.ANCHOR_PREFIX_END);
        response.addHeader("Cache-Control", str2);
    }
}
