package org.apache.geronimo.console.filter;

import java.io.IOException;
import java.io.InputStream;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/console-filter-2.1.6.jar:org/apache/geronimo/console/filter/XSRFHandler.class */
public class XSRFHandler {
    private static final Log log = LogFactory.getLog(XSRFHandler.class);
    private static final String XSRF_UNIQUEID = "formId";
    private static final String XSRF_JS_FILENAME = "/XSRF.js";
    private static final String XSRF_JS_UNIQUEID = "<%XSRF_UNIQUEID%>";
    private Map<String, String> sessionMap = Collections.synchronizedMap(new HashMap());
    private Random random = new Random();
    private String xsrfJS = getFile(XSRF_JS_FILENAME);

    public XSRFHandler() {
        log.debug("loaded xsrf file");
    }

    public boolean isInvalidSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(true);
        String session2 = getSession(session);
        if (session.isNew() || session2 == null) {
            String createSession = createSession(session.getId());
            session.setAttribute(XSRF_UNIQUEID, createSession);
            log.info("Created session for uid=" + httpServletRequest.getRemoteUser() + " with sessionId=" + session.getId() + ", uniqueId=" + createSession);
            return false;
        }
        if (httpServletRequest.getQueryString() == null && !httpServletRequest.getParameterNames().hasMoreElements()) {
            log.debug("Skipped check due to no QueryString or ParameterNames for requestURI=" + httpServletRequest.getRequestURI());
            return false;
        }
        String str = (String) session.getAttribute(XSRF_UNIQUEID);
        String parameter = httpServletRequest.getParameter(XSRF_UNIQUEID);
        log.debug("XSRF checking requestURI=" + httpServletRequest.getRequestURI());
        if (str == null) {
            log.warn("Blocked due to missing HttpSession data.");
            return true;
        }
        if (parameter == null) {
            log.warn("Blocked due to missing HttpServletRequest parameter.");
            return true;
        }
        if (parameter.equals(session2)) {
            log.debug("Validated sessionId=" + session.getId() + ", uniqueId=" + session2 + ", requestURI=" + httpServletRequest.getRequestURI());
            return false;
        }
        log.warn("Blocked due to invalid HttpServletRequest parameter.");
        return true;
    }

    public void destroySession(HttpSessionEvent httpSessionEvent) {
        String id = httpSessionEvent.getSession().getId();
        log.info("Removed destroyed sessionId=" + id);
        removeSession(id);
    }

    public void clearSessions() {
        log.debug("Cleaning out sessionMap");
        this.sessionMap.clear();
    }

    private String createSession(String str) {
        String str2 = null;
        if (str != null) {
            str2 = String.valueOf(this.random.nextLong());
            this.sessionMap.put(str, str2);
        }
        return str2;
    }

    private String getSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            return this.sessionMap.get(session.getId());
        }
        return null;
    }

    private String getSession(HttpSession httpSession) {
        if (httpSession != null) {
            return this.sessionMap.get(httpSession.getId());
        }
        return null;
    }

    private void removeSession(String str) {
        if (str != null) {
            this.sessionMap.remove(str);
        }
    }

    public String getReplacement(HttpServletRequest httpServletRequest) throws IOException {
        String session = getSession(httpServletRequest);
        if (this.xsrfJS == null) {
            log.error("No JavaScript to append to the response!");
            return null;
        }
        if (session != null) {
            return this.xsrfJS.replace(XSRF_JS_UNIQUEID, session);
        }
        log.debug("HttpSession is null!");
        return null;
    }

    private String getFile(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        InputStream resourceAsStream = getClass().getResourceAsStream(str);
        if (resourceAsStream == null) {
            log.error("Could not load required resource=" + str);
            return null;
        }
        while (true) {
            try {
                try {
                    int read = resourceAsStream.read();
                    if (read <= 0) {
                        break;
                    }
                    stringBuffer.append((char) read);
                } catch (IOException e) {
                    log.error("Could not read resource=" + str, e);
                    try {
                        resourceAsStream.close();
                    } catch (IOException e2) {
                    }
                }
            } catch (Throwable th) {
                try {
                    resourceAsStream.close();
                } catch (IOException e3) {
                }
                throw th;
            }
        }
        try {
            resourceAsStream.close();
        } catch (IOException e4) {
        }
        return stringBuffer.toString();
    }
}
