package org.lastaflute.web.token;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Locale;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import org.dbflute.helper.message.ExceptionMessageBuilder;
import org.dbflute.optional.OptionalThing;
import org.lastaflute.core.direction.FwAssistantDirector;
import org.lastaflute.core.message.MessageManager;
import org.lastaflute.core.message.UserMessages;
import org.lastaflute.web.LastaWebKey;
import org.lastaflute.web.direction.FwWebDirection;
import org.lastaflute.web.ruts.config.ActionExecute;
import org.lastaflute.web.servlet.request.RequestManager;
import org.lastaflute.web.token.exception.DoubleSubmitMessageNotFoundException;
import org.lastaflute.web.token.exception.DoubleSubmitVerifyTokenBeforeValidationException;
import org.lastaflute.web.token.exception.DoubleSubmittedRequestException;
import org.lastaflute.web.util.LaActionExecuteUtil;
import org.lastaflute.web.util.LaActionRuntimeUtil;
import org.lastaflute.web.validation.ActionValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/lastaflute/web/token/SimpleDoubleSubmitManager.class */
public class SimpleDoubleSubmitManager implements DoubleSubmitManager {
    protected static final String ERRORS_APP_DOUBLE_SUBMIT_REQUEST = "errors.app.double.submit.request";

    @Resource
    protected FwAssistantDirector assistantDirector;

    @Resource
    protected MessageManager messageManager;

    @Resource
    protected RequestManager requestManager;
    protected boolean allowsVerifyTokenBeforeValidation;
    protected long previousTimeMillis;
    private static final Logger logger = LoggerFactory.getLogger(SimpleDoubleSubmitManager.class);
    protected static final Object DOUBLE_SUBMITTED_OBJ = new Object();
    protected static final Object SINGLE_SUBMITTED_OBJ = new Object();

    @PostConstruct
    public synchronized void initialize() {
        DoubleSubmitResourceProvider assistDoubleSubmitResourceProvider = assistWebDirection().assistDoubleSubmitResourceProvider();
        this.allowsVerifyTokenBeforeValidation = assistDoubleSubmitResourceProvider != null && assistDoubleSubmitResourceProvider.allowsVerifyTokenBeforeValidation();
        showBootLogging();
    }

    protected FwWebDirection assistWebDirection() {
        return this.assistantDirector.assistWebDirection();
    }

    protected void showBootLogging() {
        if (logger.isInfoEnabled()) {
            logger.info("[DoubleSubmit Manager]");
            logger.info(" allowsVerifyTokenBeforeValidation: " + this.allowsVerifyTokenBeforeValidation);
        }
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public synchronized String saveToken(Class<?> cls) {
        if (cls == null) {
            throw new IllegalArgumentException("The argument 'groupType' should not be null.");
        }
        checkDoubleSubmitPreconditionExists(cls);
        DoubleSubmitTokenMap doubleSubmitTokenMap = (DoubleSubmitTokenMap) getSessionTokenMap().orElseGet(() -> {
            DoubleSubmitTokenMap doubleSubmitTokenMap2 = new DoubleSubmitTokenMap();
            this.requestManager.getSessionManager().setAttribute(getTransactionTokenKey(), doubleSubmitTokenMap2);
            return doubleSubmitTokenMap2;
        });
        String generateToken = generateToken(cls);
        showSavingToken(cls, generateToken);
        doubleSubmitTokenMap.put(cls, generateToken);
        return generateToken;
    }

    protected void checkDoubleSubmitPreconditionExists(Class<?> cls) {
        Locale userLocale = this.requestManager.getUserLocale();
        if (this.messageManager.findMessage(userLocale, getDoubleSubmitMessageKey()).isPresent()) {
            return;
        }
        throwDoubleSubmitMessageNotFoundException(cls, userLocale);
    }

    protected String throwDoubleSubmitMessageNotFoundException(Class<?> cls, Locale locale) {
        ExceptionMessageBuilder exceptionMessageBuilder = new ExceptionMessageBuilder();
        exceptionMessageBuilder.addNotice("Not found the double submit message in message resource.");
        exceptionMessageBuilder.addItem("Advice");
        exceptionMessageBuilder.addElement("The message key should exist in your message resource,");
        exceptionMessageBuilder.addElement("when you control double submit by transaction token.");
        exceptionMessageBuilder.addElement("For example: (..._message.properties)");
        exceptionMessageBuilder.addElement("  " + getDoubleSubmitMessageKey() + " = double submit might be requested");
        exceptionMessageBuilder.addItem("Requested Action");
        exceptionMessageBuilder.addElement(LaActionRuntimeUtil.hasActionRuntime() ? LaActionRuntimeUtil.getActionRuntime() : null);
        exceptionMessageBuilder.addItem("Token Group");
        exceptionMessageBuilder.addElement(cls.getName());
        exceptionMessageBuilder.addItem("User Locale");
        exceptionMessageBuilder.addElement(locale);
        exceptionMessageBuilder.addItem("NotFound MessageKey");
        exceptionMessageBuilder.addElement(getDoubleSubmitMessageKey());
        throw new DoubleSubmitMessageNotFoundException(exceptionMessageBuilder.buildExceptionMessage());
    }

    protected String getDoubleSubmitMessageKey() {
        return "errors.app.double.submit.request";
    }

    protected void showSavingToken(Class<?> cls, String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("...Saving double-submit token: group={}, token={}", cls.getSimpleName(), str);
        }
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public synchronized String generateToken(Class<?> cls) {
        assertArgumentNotNull("groupType", cls);
        return buildHex(prepareSessionIdBytes(), prepareCurrentBytes(), prepareGroupTypeBytes(cls));
    }

    protected String buildHex(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        MessageDigest messageDigest = getMessageDigest();
        messageDigest.update(bArr);
        messageDigest.update(bArr2);
        messageDigest.update(bArr3);
        return toHex(messageDigest.digest());
    }

    protected MessageDigest getMessageDigest() {
        try {
            return MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Unknown algorithm: MD5", e);
        }
    }

    protected String toHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            sb.append(Character.forDigit((bArr[i] & 240) >> 4, 16));
            sb.append(Character.forDigit(bArr[i] & 15, 16));
        }
        return sb.toString();
    }

    protected byte[] prepareSessionIdBytes() {
        return this.requestManager.getSessionManager().getSessionId().getBytes();
    }

    protected byte[] prepareCurrentBytes() {
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis == this.previousTimeMillis) {
            currentTimeMillis++;
        }
        this.previousTimeMillis = currentTimeMillis;
        return Long.valueOf(currentTimeMillis).toString().getBytes();
    }

    protected byte[] prepareGroupTypeBytes(Class<?> cls) {
        return cls.getName().getBytes();
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public synchronized boolean determineToken(Class<?> cls) {
        return doDetermineTokenValid(cls, false);
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public synchronized boolean determineTokenWithReset(Class<?> cls) {
        return doDetermineTokenValid(cls, true);
    }

    protected boolean doDetermineTokenValid(Class<?> cls, boolean z) {
        return ((Boolean) getSessionTokenMap().map(doubleSubmitTokenMap -> {
            return (Boolean) doubleSubmitTokenMap.get(cls).map(str -> {
                if (z) {
                    resetToken(cls);
                }
                return (Boolean) getRequestedToken().map(str -> {
                    return Boolean.valueOf(str.equals(str));
                }).orElse(false);
            }).orElse(false);
        }).orElse(false)).booleanValue();
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public void verifyToken(Class<?> cls, TokenErrorHook tokenErrorHook) {
        doVerifyToken(cls, tokenErrorHook, false);
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public void verifyTokenKeep(Class<?> cls, TokenErrorHook tokenErrorHook) {
        doVerifyToken(cls, tokenErrorHook, true);
    }

    protected <MESSAGES extends UserMessages> void doVerifyToken(Class<?> cls, TokenErrorHook tokenErrorHook, boolean z) {
        assertArgumentNotNull("groupType", cls);
        assertArgumentNotNull("errorHook", tokenErrorHook);
        checkVerifyTokenAfterValidatorCall();
        if (z ? determineToken(cls) : determineTokenWithReset(cls)) {
            saveSingleSubmittedMark();
        } else {
            saveDoubleSubmittedMark();
            throwDoubleSubmittedRequestException(cls, tokenErrorHook);
        }
    }

    protected void saveDoubleSubmittedMark() {
        this.requestManager.setAttribute(getDoubleSubmittedKey(), DOUBLE_SUBMITTED_OBJ);
    }

    protected <MESSAGES extends UserMessages> String throwDoubleSubmittedRequestException(Class<?> cls, TokenErrorHook tokenErrorHook) {
        ExceptionMessageBuilder exceptionMessageBuilder = new ExceptionMessageBuilder();
        exceptionMessageBuilder.addNotice("The request was born from double submit.");
        exceptionMessageBuilder.addItem("Advice");
        exceptionMessageBuilder.addElement("Double submit by user operation or no saved token.");
        exceptionMessageBuilder.addElement("Default scope of token is action type");
        exceptionMessageBuilder.addElement("so SAVE and VERIFY should be in same action.");
        exceptionMessageBuilder.addItem("Requested Action");
        exceptionMessageBuilder.addElement(LaActionRuntimeUtil.hasActionRuntime() ? LaActionRuntimeUtil.getActionRuntime() : null);
        exceptionMessageBuilder.addItem("Token Group");
        exceptionMessageBuilder.addElement(cls.getName());
        exceptionMessageBuilder.addItem("Requested Token");
        exceptionMessageBuilder.addElement(getRequestedToken());
        exceptionMessageBuilder.addItem("Saved Token");
        exceptionMessageBuilder.addElement(getSessionTokenMap());
        throw new DoubleSubmittedRequestException(exceptionMessageBuilder.buildExceptionMessage(), () -> {
            return tokenErrorHook.hook();
        }, UserMessages.createAsOneGlobal(getDoubleSubmitMessageKey(), new Object[0]));
    }

    protected void saveSingleSubmittedMark() {
        this.requestManager.setAttribute(getSingleSubmittedKey(), SINGLE_SUBMITTED_OBJ);
    }

    protected void checkVerifyTokenAfterValidatorCall() {
        if (!this.allowsVerifyTokenBeforeValidation && LaActionExecuteUtil.hasActionExecute()) {
            ActionExecute actionExecute = LaActionExecuteUtil.getActionExecute();
            if (certainlyCanBeValidated(actionExecute) && certainlyValidatorNotCalled()) {
                throwDoubleSubmitVerifyTokenBeforeValidationException(actionExecute);
            }
        }
    }

    protected boolean certainlyCanBeValidated(ActionExecute actionExecute) {
        return actionExecute.getFormMeta().filter(actionFormMeta -> {
            return actionFormMeta.isValidatorAnnotated();
        }).isPresent();
    }

    protected boolean certainlyValidatorNotCalled() {
        return ActionValidator.certainlyValidatorNotCalled();
    }

    protected void throwDoubleSubmitVerifyTokenBeforeValidationException(ActionExecute actionExecute) {
        ExceptionMessageBuilder exceptionMessageBuilder = new ExceptionMessageBuilder();
        exceptionMessageBuilder.addNotice("The verifyToken() was called before validate() in action.");
        exceptionMessageBuilder.addItem("Advice");
        exceptionMessageBuilder.addElement("The verifyToken() should be after validate().");
        exceptionMessageBuilder.addElement("The verifyToken() deletes session token if success,");
        exceptionMessageBuilder.addElement("so it may be token-not-found exception if validation error.");
        exceptionMessageBuilder.addElement("(validation error's response may need session token)");
        exceptionMessageBuilder.addElement("For example:");
        exceptionMessageBuilder.addElement("  (x):");
        exceptionMessageBuilder.addElement("    public HtmlResponse update(Integer memberId) {");
        exceptionMessageBuilder.addElement("        verifyToken(...); // *Bad: session token is deleted here");
        exceptionMessageBuilder.addElement("        validate(form, messages -> {}, () -> { // may be this exception if validation error");
        exceptionMessageBuilder.addElement("            return asHtml(path_...); // the html may need token...");
        exceptionMessageBuilder.addElement("        });");
        exceptionMessageBuilder.addElement("        ...");
        exceptionMessageBuilder.addElement("    }");
        exceptionMessageBuilder.addElement("  (o):");
        exceptionMessageBuilder.addElement("    public HtmlResponse update(Integer memberId) {");
        exceptionMessageBuilder.addElement("        validate(form, messages -> {}, () -> {");
        exceptionMessageBuilder.addElement("            return asHtml(path_...); // session token remains");
        exceptionMessageBuilder.addElement("        });");
        exceptionMessageBuilder.addElement("        verifyToken(...); // Good");
        exceptionMessageBuilder.addElement("        ...");
        exceptionMessageBuilder.addElement("    }");
        exceptionMessageBuilder.addItem("Execute Method");
        exceptionMessageBuilder.addElement(actionExecute.toSimpleMethodExp());
        exceptionMessageBuilder.addItem("Requested Token");
        exceptionMessageBuilder.addElement(getRequestedToken());
        exceptionMessageBuilder.addItem("Saved Token");
        exceptionMessageBuilder.addElement(getSessionTokenMap());
        throw new DoubleSubmitVerifyTokenBeforeValidationException(exceptionMessageBuilder.buildExceptionMessage());
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public synchronized void resetToken(Class<?> cls) {
        getSessionTokenMap().ifPresent(doubleSubmitTokenMap -> {
            showRemovingToken(cls, doubleSubmitTokenMap);
            doubleSubmitTokenMap.remove(cls);
            if (doubleSubmitTokenMap.isEmpty()) {
                removeTokenFromSession();
            }
        }).orElse(() -> {
            removeTokenFromSession();
        });
    }

    protected void showRemovingToken(Class<?> cls, DoubleSubmitTokenMap doubleSubmitTokenMap) {
        if (logger.isDebugEnabled()) {
            logger.debug("...Removing double-submit token: group={}, token={}", cls.getSimpleName(), (String) doubleSubmitTokenMap.get(cls).orElse((Object) null));
        }
    }

    protected void removeTokenFromSession() {
        this.requestManager.getSessionManager().removeAttribute(getTransactionTokenKey());
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public OptionalThing<String> getRequestedToken() {
        return this.requestManager.getParameter(getTransactionTokenKey());
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public OptionalThing<DoubleSubmitTokenMap> getSessionTokenMap() {
        return this.requestManager.getSessionManager().getAttribute(getTransactionTokenKey(), DoubleSubmitTokenMap.class);
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public boolean isDoubleSubmittedRequest() {
        return this.requestManager.getAttribute(getDoubleSubmittedKey(), Object.class).isPresent();
    }

    @Override // org.lastaflute.web.token.DoubleSubmitManager
    public boolean isSingleSubmittedRequest() {
        return this.requestManager.getAttribute(getSingleSubmittedKey(), Object.class).isPresent();
    }

    protected String getTransactionTokenKey() {
        return LastaWebKey.TRANSACTION_TOKEN_KEY;
    }

    protected String getDoubleSubmittedKey() {
        return LastaWebKey.DOUBLE_SUBMITTED_KEY;
    }

    protected String getSingleSubmittedKey() {
        return LastaWebKey.SINGLE_SUBMITTED_KEY;
    }

    protected void assertArgumentNotNull(String str, Object obj) {
        if (str == null) {
            throw new IllegalArgumentException("The value should not be null: variableName=null value=" + obj);
        }
        if (obj == null) {
            throw new IllegalArgumentException("The value should not be null: variableName=" + str);
        }
    }
}
