package com.ctlok.springframework.web.servlet.view.rythm.interceptor;

import com.ctlok.springframework.web.servlet.view.rythm.constant.DefaultRequestParameterName;
import com.ctlok.springframework.web.servlet.view.rythm.constant.DefaultSessionAttributeName;
import com.ctlok.springframework.web.servlet.view.rythm.form.CsrfTokenValidationSelector;
import com.ctlok.springframework.web.servlet.view.rythm.form.DefaultCsrfTokenValidationSelector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/ctlok/springframework/web/servlet/view/rythm/interceptor/CsrfTokenInterceptor.class */
public class CsrfTokenInterceptor extends HandlerInterceptorAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger(CsrfTokenInterceptor.class);
    private final String csrfTokenSessionName;
    private final String csrfTokenRequestName;
    private CsrfTokenValidationSelector csrfTokenValidationSelector;

    public CsrfTokenInterceptor() {
        this.csrfTokenValidationSelector = new DefaultCsrfTokenValidationSelector();
        this.csrfTokenSessionName = DefaultSessionAttributeName.CSRF_TOKEN_NAME;
        this.csrfTokenRequestName = DefaultRequestParameterName.CSRF_TOKEN_NAME;
    }

    public CsrfTokenInterceptor(String str, String str2) {
        this.csrfTokenValidationSelector = new DefaultCsrfTokenValidationSelector();
        this.csrfTokenSessionName = str;
        this.csrfTokenRequestName = str2;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        boolean z = true;
        if (this.csrfTokenValidationSelector.isRequireToValidate(httpServletRequest)) {
            String str = (String) httpServletRequest.getSession(true).getAttribute(this.csrfTokenSessionName);
            String parameter = httpServletRequest.getParameter(this.csrfTokenRequestName);
            LOGGER.debug("Session CSRF Token: [{}], Request CSRF Token: [{}]", str, parameter);
            z = (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(parameter)) ? str.equals(parameter) : false;
            LOGGER.debug("Is valid CSRF Token: [{}]", Boolean.valueOf(z));
        }
        if (!z) {
            httpServletResponse.sendError(403, "Bad or missing CSRF token");
        }
        return z;
    }

    public CsrfTokenValidationSelector getCsrfTokenValidationSelector() {
        return this.csrfTokenValidationSelector;
    }

    public void setCsrfTokenValidationSelector(CsrfTokenValidationSelector csrfTokenValidationSelector) {
        this.csrfTokenValidationSelector = csrfTokenValidationSelector;
    }
}
