package net.shibboleth.idp.ui.csrf.impl;

import java.util.function.BiPredicate;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.ui.csrf.CSRFToken;
import net.shibboleth.idp.ui.csrf.CSRFTokenManager;
import net.shibboleth.idp.ui.csrf.InvalidCSRFTokenException;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.slf4j.Logger;
import org.springframework.webflow.definition.StateDefinition;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.FlowExecutionListener;
import org.springframework.webflow.execution.RequestContext;
import org.springframework.webflow.execution.View;

/* loaded from: input_file:WEB-INF/lib/idp-ui-5.0.0.jar:net/shibboleth/idp/ui/csrf/impl/CSRFTokenFlowExecutionListener.class */
public class CSRFTokenFlowExecutionListener extends AbstractInitializableComponent implements FlowExecutionListener {

    @Nonnull
    public static final String CSRF_TOKEN_VIEWSCOPE_NAME = "csrfToken";

    @NonnullAfterInit
    private BiPredicate<RequestContext, Event> eventRequiresCSRFTokenValidationPredicate;

    @NonnullAfterInit
    private Predicate<RequestContext> viewRequiresCSRFTokenPredicate;

    @NonnullAfterInit
    private CSRFTokenManager csrfTokenManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger((Class<?>) CSRFTokenFlowExecutionListener.class);
    private boolean enabled = false;

    public void setEnabled(boolean z) {
        checkSetterPreconditions();
        this.enabled = z;
    }

    public void setViewRequiresCSRFTokenPredicate(@Nonnull Predicate<RequestContext> predicate) {
        checkSetterPreconditions();
        this.viewRequiresCSRFTokenPredicate = (Predicate) Constraint.isNotNull(predicate, "Does view require CSRF token predicate can not be null");
    }

    public void setEventRequiresCSRFTokenValidationPredicate(@Nonnull BiPredicate<RequestContext, Event> biPredicate) {
        checkSetterPreconditions();
        this.eventRequiresCSRFTokenValidationPredicate = (BiPredicate) Constraint.isNotNull(biPredicate, "Validate CSRF token condition cannot be null");
    }

    public void setCsrfTokenManager(@Nonnull CSRFTokenManager cSRFTokenManager) {
        checkSetterPreconditions();
        this.csrfTokenManager = (CSRFTokenManager) Constraint.isNotNull(cSRFTokenManager, "CSRF Token manager can not be null");
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListener
    public void viewRendering(RequestContext requestContext, View view, StateDefinition stateDefinition) {
        if (this.enabled && stateDefinition.isViewState() && this.viewRequiresCSRFTokenPredicate.test(requestContext)) {
            requestContext.getViewScope().put(CSRF_TOKEN_VIEWSCOPE_NAME, this.csrfTokenManager.generateCSRFToken());
        }
    }

    @Override // org.springframework.webflow.execution.FlowExecutionListener
    public void eventSignaled(@Nullable RequestContext requestContext, @Nullable Event event) {
        if (!$assertionsDisabled && (requestContext == null || event == null)) {
            throw new AssertionError();
        }
        if (this.enabled && requestContext.inViewState() && this.eventRequiresCSRFTokenValidationPredicate.test(requestContext, event)) {
            String id = requestContext.getCurrentState().getId();
            this.log.trace("Event '{}' signaled from view '{}' requires a CSRF token", event.getId(), id);
            Object obj = requestContext.getViewScope().get(CSRF_TOKEN_VIEWSCOPE_NAME);
            String id2 = requestContext.getActiveFlow().getId();
            if (!$assertionsDisabled && id2 == null) {
                throw new AssertionError();
            }
            if (obj == null || !(obj instanceof CSRFToken)) {
                this.log.warn("CSRF token is required but was not found in the view-scope; for view-state '{}' and event '{}'.", id, event.getId());
                throw new InvalidCSRFTokenException(id2, id, "Invalid CSRF token");
            }
            CSRFToken cSRFToken = (CSRFToken) obj;
            String str = requestContext.getExternalContext().getRequestParameterMap().get(cSRFToken.getParameterName());
            if (str == null || !(str instanceof String)) {
                this.log.warn("CSRF token is required but was not found in the request; for view-state '{}' and event '{}'.", id, event.getId());
                throw new InvalidCSRFTokenException(id2, id, "Invalid CSRF token");
            }
            this.log.trace("Stored (viewScoped) CSRF Token '{}', CSRF Token in HTTP request '{}'", cSRFToken.getToken(), str);
            if (this.csrfTokenManager.isValidCSRFToken(cSRFToken, str)) {
                return;
            }
            this.log.warn("CSRF token in the request did not match that stored in the view-scope; for view-state '{}' and event '{}'.", id, event.getId());
            throw new InvalidCSRFTokenException(id2, id, "Invalid CSRF token");
        }
    }

    @Override // net.shibboleth.shared.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.csrfTokenManager == null) {
            throw new ComponentInitializationException("CSRF token manager can not be null");
        }
        if (this.viewRequiresCSRFTokenPredicate == null) {
            throw new ComponentInitializationException("View requires CSRF token predicate can not be null");
        }
        if (this.eventRequiresCSRFTokenValidationPredicate == null) {
            throw new ComponentInitializationException("Event requires CSRF token validation predicate can not be null");
        }
    }

    static {
        $assertionsDisabled = !CSRFTokenFlowExecutionListener.class.desiredAssertionStatus();
    }
}
