package org.jboss.errai.bus.server.servlet;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jboss.errai.bus.server.util.SecureHashUtil;
import org.jboss.errai.common.client.framework.Constants;
import org.slf4j.Logger;

/* JADX WARN: Classes with same name are omitted:
  input_file:_bootstrap/kie-wb-common-ala-distribution-7.11.0.Final.war:WEB-INF/lib/errai-bus-4.3.2.Final.jar:org/jboss/errai/bus/server/servlet/CSRFTokenCheck.class
 */
/* loaded from: input_file:m2repo/org/jboss/errai/errai-bus/4.3.2.Final/errai-bus-4.3.2.Final.jar:org/jboss/errai/bus/server/servlet/CSRFTokenCheck.class */
public final class CSRFTokenCheck implements RequestSecurityCheck {
    public static CSRFTokenCheck INSTANCE = new CSRFTokenCheck();
    public static final String CSRF_TOKEN_ATTRIBUTE_NAME = "errai.bus.csrf_token";

    private CSRFTokenCheck() {
    }

    @Override // org.jboss.errai.bus.server.servlet.RequestSecurityCheck
    public boolean isInsecure(HttpServletRequest httpServletRequest, Logger logger) {
        HttpSession session = httpServletRequest.getSession(false);
        String str = session != null ? (String) session.getAttribute(CSRF_TOKEN_ATTRIBUTE_NAME) : null;
        String header = httpServletRequest.getHeader(Constants.ERRAI_CSRF_TOKEN_HEADER);
        if (str == null && session != null) {
            logger.warn("CSRF protection is enabled but no CSRF token was found for the HTTP session with id {}", session.getId());
        }
        return session != null && (str == null || !str.equals(header));
    }

    @Override // org.jboss.errai.bus.server.servlet.RequestSecurityCheck
    public void prepareResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Logger logger) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            throw new IllegalStateException("Cannot create CSRF token challenge when session is null.");
        }
        prepareSession(session, logger);
        httpServletResponse.setHeader(Constants.ERRAI_CSRF_TOKEN_HEADER, (String) session.getAttribute(CSRF_TOKEN_ATTRIBUTE_NAME));
        httpServletResponse.setStatus(403);
    }

    @Override // org.jboss.errai.bus.server.servlet.RequestSecurityCheck
    public void prepareSession(HttpSession httpSession, Logger logger) {
        if (httpSession.getAttribute(CSRF_TOKEN_ATTRIBUTE_NAME) == null) {
            String nextSecureHash = SecureHashUtil.nextSecureHash();
            logger.debug("Generated token [{}] for HTTP session with id [{}].", nextSecureHash, httpSession.getId());
            httpSession.setAttribute(CSRF_TOKEN_ATTRIBUTE_NAME, nextSecureHash);
        }
    }

    public static String getToken(HttpSession httpSession) {
        return (String) httpSession.getAttribute(CSRF_TOKEN_ATTRIBUTE_NAME);
    }
}
