package jodd.servlet;

import java.io.Serializable;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.PageContext;
import jodd.util.RandomStringUtil;

/* loaded from: input_file:jodd/servlet/CsrfShield.class */
public class CsrfShield {
    public static final String CSRF_TOKEN_NAME = "_csrf_token";
    public static final String CSRF_TOKEN_SET = "_csrf_token_set";
    protected static int timeToLive = 600;
    protected static int maxTokensPerSession = 20;

    /* loaded from: input_file:jodd/servlet/CsrfShield$Token.class */
    public static class Token implements Serializable {
        protected final String value;
        protected final long validUntil;

        public Token(String str) {
            this(str, 0L);
        }

        public Token(String str, long j) {
            this.value = str;
            this.validUntil = j <= 0 ? Long.MAX_VALUE : System.currentTimeMillis() + (j * 1000);
        }

        public boolean isExpired() {
            return System.currentTimeMillis() > this.validUntil;
        }

        public String getValue() {
            return this.value;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return this.value.equals(((Token) obj).value);
        }

        public int hashCode() {
            return this.value.hashCode();
        }
    }

    public static void setTimeToLive(int i) {
        timeToLive = i;
    }

    public static void setMaxTokensPerSession(int i) {
        maxTokensPerSession = i;
    }

    public static String prepareCsrfToken(PageContext pageContext) {
        return prepareCsrfToken(pageContext.getSession());
    }

    public static String prepareCsrfToken() {
        return prepareCsrfToken(ServletUtil.getPageContextFromThread());
    }

    public static String prepareCsrfToken(HttpSession httpSession) {
        return prepareCsrfToken(httpSession, timeToLive);
    }

    public static String prepareCsrfToken(HttpSession httpSession, int i) {
        String randomAlphaNumeric;
        Set set = (Set) httpSession.getAttribute(CSRF_TOKEN_SET);
        if (set == null) {
            set = new HashSet();
            httpSession.setAttribute(CSRF_TOKEN_SET, set);
        }
        do {
            randomAlphaNumeric = RandomStringUtil.randomAlphaNumeric(32);
            assureSize(set);
        } while (!set.add(new Token(randomAlphaNumeric, i)));
        return randomAlphaNumeric;
    }

    protected static void assureSize(Set<Token> set) {
        if (set.size() < maxTokensPerSession) {
            return;
        }
        long j = Long.MAX_VALUE;
        Token token = null;
        Iterator<Token> it = set.iterator();
        while (it.hasNext()) {
            Token next = it.next();
            if (next.isExpired()) {
                it.remove();
            } else if (next.validUntil < j) {
                j = next.validUntil;
                token = next;
            }
        }
        if (token == null || set.size() < maxTokensPerSession) {
            return;
        }
        set.remove(token);
    }

    public static boolean checkCsrfToken(HttpServletRequest httpServletRequest) {
        return checkCsrfToken(httpServletRequest, CSRF_TOKEN_NAME);
    }

    public static boolean checkCsrfToken(HttpServletRequest httpServletRequest, String str) {
        return checkCsrfToken(httpServletRequest.getSession(), httpServletRequest.getParameter(str));
    }

    public static boolean checkCsrfToken(HttpSession httpSession, String str) {
        Set set = (Set) httpSession.getAttribute(CSRF_TOKEN_SET);
        if (set == null && str == null) {
            return true;
        }
        if (set == null || str == null) {
            return false;
        }
        boolean z = false;
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Token token = (Token) it.next();
            if (token.isExpired()) {
                it.remove();
            } else if (token.getValue().equals(str)) {
                it.remove();
                z = true;
            }
        }
        return z;
    }
}
