package org.lastaflute.web.token;

import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import org.dbflute.helper.message.ExceptionMessageBuilder;
import org.lastaflute.core.direction.FwAssistantDirector;
import org.lastaflute.di.util.UUID;
import org.lastaflute.web.LastaWebKey;
import org.lastaflute.web.direction.FwWebDirection;
import org.lastaflute.web.exception.CrossSiteRequestForgeriesForbiddenException;
import org.lastaflute.web.servlet.request.RequestManager;
import org.lastaflute.web.servlet.request.ResponseManager;
import org.lastaflute.web.servlet.session.SessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/lastaflute/web/token/SimpleCsrfManager.class */
public class SimpleCsrfManager implements CsrfManager {
    private static final Logger logger = LoggerFactory.getLogger(SimpleCsrfManager.class);
    protected static final String DEFAULT_TOKEN_HEADER = "X-CSRF-TOKEN";

    @Resource
    private FwAssistantDirector assistantDirector;

    @Resource
    private RequestManager requestManager;

    @Resource
    private ResponseManager responseManager;

    @Resource
    private SessionManager sessionManager;
    protected String tokenHeaderName = DEFAULT_TOKEN_HEADER;
    protected CsrfTokenGenerator tokenGenerator;

    @PostConstruct
    public void initialize() {
        CsrfResourceProvider assistCsrfResourceProvider = assistWebDirection().assistCsrfResourceProvider();
        if (assistCsrfResourceProvider != null) {
            String provideTokenHeaderName = assistCsrfResourceProvider.provideTokenHeaderName();
            if (provideTokenHeaderName != null) {
                this.tokenHeaderName = provideTokenHeaderName;
            }
            CsrfTokenGenerator provideTokenGenerator = assistCsrfResourceProvider.provideTokenGenerator();
            if (provideTokenGenerator != null) {
                this.tokenGenerator = provideTokenGenerator;
            }
        }
        if (this.tokenGenerator == null) {
            this.tokenGenerator = createDefaultTokenGenerator();
        }
        showBootLogging();
    }

    protected FwWebDirection assistWebDirection() {
        return this.assistantDirector.assistWebDirection();
    }

    protected CsrfTokenGenerator createDefaultTokenGenerator() {
        return () -> {
            return UUID.create();
        };
    }

    protected void showBootLogging() {
        if (logger.isInfoEnabled()) {
            logger.info("[Csrf Manager]");
            logger.info(" tokenHeaderName: " + this.tokenHeaderName);
            logger.info(" tokenGenerator: " + this.tokenGenerator);
        }
    }

    @Override // org.lastaflute.web.token.CsrfManager
    public void beginToken() {
        String generateToken = generateToken();
        this.responseManager.addHeader(getTokenHeaderName(), generateToken);
        this.sessionManager.setAttribute(LastaWebKey.CSRF_TOKEN_KEY, generateToken);
    }

    protected String generateToken() {
        String generate = this.tokenGenerator.generate();
        if (generate == null) {
            throw new IllegalStateException("Returned null from token generator: " + this.tokenGenerator);
        }
        return generate;
    }

    @Override // org.lastaflute.web.token.CsrfManager
    public void verifyToken() {
        this.requestManager.getHeader(getTokenHeaderName()).ifPresent(str -> {
            this.sessionManager.getAttribute(LastaWebKey.CSRF_TOKEN_KEY, String.class).ifPresent(str -> {
                if (str.equals(str)) {
                    return;
                }
                throwCsrfHeaderSavedTokenNotMatchedException(str, str);
            }).orElse(() -> {
                throwCsrfHeaderSavedTokenNotMatchedException(str, null);
            });
        }).orElse(() -> {
            throwCsrfHeaderNotFoundException();
        });
    }

    protected String getTokenHeaderName() {
        return this.tokenHeaderName;
    }

    protected void throwCsrfHeaderSavedTokenNotMatchedException(String str, String str2) {
        ExceptionMessageBuilder exceptionMessageBuilder = new ExceptionMessageBuilder();
        exceptionMessageBuilder.addNotice("Forbidden request as Cross Site Request Forgeries.");
        exceptionMessageBuilder.addItem("Advice");
        exceptionMessageBuilder.addElement("Not match the header token with saved token in session.");
        exceptionMessageBuilder.addItem("Request Path");
        exceptionMessageBuilder.addElement(this.requestManager.getRequestPathAndQuery());
        exceptionMessageBuilder.addItem("Header Token");
        exceptionMessageBuilder.addElement(str);
        exceptionMessageBuilder.addItem("Saved Token");
        exceptionMessageBuilder.addElement(str2);
        throw new CrossSiteRequestForgeriesForbiddenException(exceptionMessageBuilder.buildExceptionMessage());
    }

    protected void throwCsrfHeaderNotFoundException() {
        ExceptionMessageBuilder exceptionMessageBuilder = new ExceptionMessageBuilder();
        exceptionMessageBuilder.addNotice("Forbidden request as Cross Site Request Forgeries.");
        exceptionMessageBuilder.addItem("Advice");
        exceptionMessageBuilder.addElement("Not found the CSRF header in the request.");
        exceptionMessageBuilder.addItem("Request Path");
        exceptionMessageBuilder.addElement(this.requestManager.getRequestPathAndQuery());
        throw new CrossSiteRequestForgeriesForbiddenException(exceptionMessageBuilder.buildExceptionMessage());
    }
}
