package org.xwiki.csrf.internal;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.xwiki.bridge.DocumentAccessBridge;
import org.xwiki.component.annotation.Component;
import org.xwiki.component.phase.Initializable;
import org.xwiki.component.phase.InitializationException;
import org.xwiki.container.Container;
import org.xwiki.container.Request;
import org.xwiki.container.servlet.ServletRequest;
import org.xwiki.container.servlet.filters.SavedRequestManager;
import org.xwiki.csrf.CSRFToken;
import org.xwiki.csrf.CSRFTokenConfiguration;
import org.xwiki.model.reference.DocumentReference;

@Singleton
@Component
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-csrf-5.4.6.jar:org/xwiki/csrf/internal/DefaultCSRFToken.class */
public class DefaultCSRFToken implements CSRFToken, Initializable {
    private static final int TOKEN_LENGTH = 16;
    private static final String RESUBMIT_TEMPLATE = "resubmit";
    private final ConcurrentMap<String, String> tokens = new ConcurrentHashMap();
    private SecureRandom random;

    @Inject
    private DocumentAccessBridge docBridge;

    @Inject
    private Container container;

    @Inject
    private CSRFTokenConfiguration configuration;

    @Inject
    private Logger logger;

    @Override // org.xwiki.component.phase.Initializable
    public void initialize() throws InitializationException {
        try {
            this.random = SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            this.random = new SecureRandom();
            this.logger.warn("CSRFToken: Using default implementation of SecureRandom");
        }
        this.random.setSeed(this.random.generateSeed(16));
        this.logger.debug("CSRFToken: Anti-CSRF secret token component has been initialized");
    }

    protected void setRandom(SecureRandom secureRandom) {
        this.random = secureRandom;
    }

    @Override // org.xwiki.csrf.CSRFToken
    public String getToken() {
        String str;
        String tokenKey = getTokenKey();
        String str2 = this.tokens.get(tokenKey);
        if (str2 != null) {
            return str2;
        }
        synchronized (this.tokens) {
            if (!this.tokens.containsKey(tokenKey)) {
                byte[] bArr = new byte[16];
                this.random.nextBytes(bArr);
                this.tokens.put(tokenKey, Base64.encodeBase64URLSafeString(bArr).replaceAll("[_=+-]", "x"));
            }
            str = this.tokens.get(tokenKey);
        }
        return str;
    }

    @Override // org.xwiki.csrf.CSRFToken
    public void clearToken() {
        this.logger.debug("Forgetting CSRF token for [{}]", getTokenKey());
        this.tokens.remove(getTokenKey());
    }

    @Override // org.xwiki.csrf.CSRFToken
    public boolean isTokenValid(String str) {
        if (!this.configuration.isEnabled()) {
            return true;
        }
        String token = getToken();
        if (str != null && !str.equals("") && token.equals(str)) {
            return true;
        }
        this.logger.warn("CSRFToken: Secret token verification failed, token: \"" + str + "\", stored token: \"" + token + "\"");
        return false;
    }

    @Override // org.xwiki.csrf.CSRFToken
    public String getResubmissionURL() {
        String str = "resubmit=" + urlEncode(getRequest().getRequestURI() + '?' + SavedRequestManager.getSavedRequestIdentifier() + "=" + SavedRequestManager.saveRequest(getRequest()));
        String documentURL = getDocumentURL(this.docBridge.getCurrentDocumentReference(), null);
        return documentURL + "?" + ((str + "&xback=" + urlEncode(documentURL)) + "&xpage=resubmit");
    }

    private String getDocumentURL(DocumentReference documentReference, String str) {
        return this.docBridge.getDocumentURL(documentReference, "view", str, null);
    }

    private String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            return "";
        }
    }

    private HttpServletRequest getRequest() {
        Request request = this.container.getRequest();
        if (request instanceof ServletRequest) {
            return ((ServletRequest) request).getHttpServletRequest();
        }
        throw new RuntimeException("Not supported request type");
    }

    private String getTokenKey() {
        return this.docBridge.getCurrentUser();
    }
}
