package act.security;

import act.Act;
import act.app.ActionContext;
import act.app.App;
import act.conf.AppConfig;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.reflect.Method;
import org.osgl.exception.UnexpectedException;
import org.osgl.http.H;
import org.osgl.inject.BeanSpec;
import org.osgl.util.S;

/* loaded from: input_file:act/security/CSRF.class */
public class CSRF {

    @Target({ElementType.METHOD, ElementType.TYPE})
    @Documented
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:act/security/CSRF$Disable.class */
    public @interface Disable {
    }

    @Target({ElementType.METHOD, ElementType.TYPE})
    @Documented
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:act/security/CSRF$Enable.class */
    public @interface Enable {
    }

    /* loaded from: input_file:act/security/CSRF$Spec.class */
    public static class Spec {
        public static final Spec DUMB = new Spec() { // from class: act.security.CSRF.Spec.1
            @Override // act.security.CSRF.Spec
            public void preCheck(ActionContext actionContext) {
            }

            @Override // act.security.CSRF.Spec
            public void check(ActionContext actionContext, H.Session session) {
            }

            @Override // act.security.CSRF.Spec
            public void setCookieAndRenderArgs(ActionContext actionContext) {
            }
        };
        public static final Spec DEFAULT = new Spec();
        private App app;
        private Boolean enabled;
        private String paramName;
        private String headerName;
        private String cookieName;
        private String cookieDomain;
        private CSRFProtector csrfProtector;

        private Spec() {
            this((Boolean) null);
        }

        private Spec(Boolean bool) {
            this.app = Act.app();
            AppConfig<?> config = this.app.config();
            this.enabled = Boolean.valueOf(null == bool ? config.csrfEnabled() : bool.booleanValue());
            if (this.enabled.booleanValue()) {
                this.paramName = config.csrfParamName();
                this.headerName = config.csrfHeaderName();
                this.cookieName = config.csrfCookieName();
                this.cookieDomain = config.cookieDomain();
                this.csrfProtector = config.csrfProtector();
            }
        }

        private boolean effective() {
            return (DUMB == this || DEFAULT == this) ? false : true;
        }

        public void preCheck(ActionContext actionContext) {
            if (this.enabled.booleanValue() && !actionContext.req().method().safe() && S.blank(retrieveCsrfToken(actionContext))) {
                raiseCsrfNotVerified(actionContext);
            }
        }

        public void check(ActionContext actionContext, H.Session session) {
            if (this.enabled.booleanValue()) {
                try {
                    if (!this.csrfProtector.verifyToken((String) actionContext.attribute(ActionContext.ATTR_CSR_TOKEN_PREFETCH), session, this.app)) {
                        actionContext.removeAttribute(ActionContext.ATTR_CSR_TOKEN_PREFETCH);
                        raiseCsrfNotVerified(actionContext);
                    }
                } catch (UnexpectedException e) {
                    Act.LOGGER.warn(e, "Error checking CSRF token");
                    raiseCsrfNotVerified(actionContext);
                }
            }
        }

        public Spec chain(Spec spec) {
            return effective() ? this : spec;
        }

        public void setCookieAndRenderArgs(ActionContext actionContext) {
            if (this.enabled.booleanValue()) {
                String retrieveCsrfToken = retrieveCsrfToken(actionContext);
                if (S.blank(retrieveCsrfToken)) {
                    retrieveCsrfToken = this.csrfProtector.retrieveToken(actionContext.session(), this.cookieName, this.app);
                }
                if (S.blank(retrieveCsrfToken) || justLoggedIn(actionContext)) {
                    H.Session session = actionContext.session();
                    this.csrfProtector.clearExistingToken(session, this.cookieName);
                    retrieveCsrfToken = this.app.encrypt(this.csrfProtector.generateToken(session, this.app));
                    H.Cookie cookie = new H.Cookie(this.cookieName, retrieveCsrfToken);
                    cookie.secure(actionContext.config().sessionSecure());
                    cookie.domain(this.cookieDomain);
                    cookie.path("/");
                    actionContext.resp().addCookie(cookie);
                    this.csrfProtector.outputToken(retrieveCsrfToken, this.cookieName, this.cookieDomain, actionContext);
                }
                actionContext.renderArg(this.paramName, (Object) retrieveCsrfToken);
            }
        }

        private String retrieveCsrfToken(ActionContext actionContext) {
            String str = (String) actionContext.attribute(ActionContext.ATTR_CSR_TOKEN_PREFETCH);
            if (S.blank(str)) {
                str = actionContext.req().header(this.headerName);
            }
            if (S.blank(str)) {
                str = actionContext.paramVal(this.paramName);
            }
            if (S.notBlank(str)) {
                actionContext.attribute(ActionContext.ATTR_CSR_TOKEN_PREFETCH, (Object) str);
            }
            return str;
        }

        private static boolean justLoggedIn(ActionContext actionContext) {
            return ((Boolean) actionContext.attribute(ActionContext.ATTR_WAS_UNAUTHENTICATED)).booleanValue() && actionContext.isLoggedIn();
        }

        private static void raiseCsrfNotVerified(ActionContext actionContext) {
            actionContext.removeAttribute(ActionContext.ATTR_CSR_TOKEN_PREFETCH);
            actionContext.csrfFailureHandler().handle(actionContext);
        }
    }

    public static String token(ActionContext actionContext) {
        return (String) actionContext.renderArg(actionContext.config().csrfParamName());
    }

    public static String formField(ActionContext actionContext) {
        String csrfParamName = actionContext.config().csrfParamName();
        return S.newBuffer("<input type='hidden' name='").a(csrfParamName).a("' value='").a(actionContext.renderArg(csrfParamName)).a("'>").toString();
    }

    public static Spec spec(Class cls) {
        return spec(BeanSpec.of(cls, Act.injector()));
    }

    public static Spec spec(Method method) {
        return spec(BeanSpec.of(Method.class, method.getDeclaredAnnotations(), Act.injector()));
    }

    private static Spec spec(BeanSpec beanSpec) {
        return null != beanSpec.getAnnotation(Enable.class) ? new Spec(true) : null != beanSpec.getAnnotation(Disable.class) ? new Spec(false) : Spec.DEFAULT;
    }
}
