package org.apache.myfaces.application.viewstate;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.faces.FacesWrapper;
import javax.faces.application.StateManager;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.faces.lifecycle.ClientWindow;
import org.apache.myfaces.application.StateCache;
import org.apache.myfaces.shared.config.MyfacesConfig;
import org.apache.myfaces.shared.renderkit.RendererUtils;
import org.apache.myfaces.shared.util.MyFacesObjectInputStream;
import org.apache.myfaces.shared.util.WebConfigParamUtils;
import org.apache.myfaces.spi.ViewScopeProviderFactory;
import org.apache.myfaces.view.ViewScopeProxyMap;
import org.jboss.classfilewriter.AccessFlag;

/* loaded from: input_file:WEB-INF/lib/myfaces-impl-2.2.7.jar:org/apache/myfaces/application/viewstate/ServerSideStateCacheImpl.class */
class ServerSideStateCacheImpl extends StateCache<Object, Object> {
    private static final Logger log = Logger.getLogger(ServerSideStateCacheImpl.class.getName());
    public static final String SERIALIZED_VIEW_SESSION_ATTR = ServerSideStateCacheImpl.class.getName() + ".SERIALIZED_VIEW";
    public static final String RESTORED_SERIALIZED_VIEW_REQUEST_ATTR = ServerSideStateCacheImpl.class.getName() + ".RESTORED_SERIALIZED_VIEW";
    public static final String RESTORED_SERIALIZED_VIEW_ID_REQUEST_ATTR = ServerSideStateCacheImpl.class.getName() + ".RESTORED_SERIALIZED_VIEW_ID";
    public static final String RESTORED_SERIALIZED_VIEW_KEY_REQUEST_ATTR = ServerSideStateCacheImpl.class.getName() + ".RESTORED_SERIALIZED_VIEW_KEY";
    public static final String RESTORED_VIEW_KEY_REQUEST_ATTR = ServerSideStateCacheImpl.class.getName() + ".RESTORED_VIEW_KEY";
    public static final String NUMBER_OF_VIEWS_IN_SESSION_PARAM = "org.apache.myfaces.NUMBER_OF_VIEWS_IN_SESSION";
    public static final String NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION_PARAM = "org.apache.myfaces.NUMBER_OF_SEQUENTIAL_VIEWS_IN_SESSION";
    public static final int DEFAULT_NUMBER_OF_VIEWS_IN_SESSION = 20;

    @Deprecated
    public static final String SERIALIZE_STATE_IN_SESSION_PARAM = "org.apache.myfaces.SERIALIZE_STATE_IN_SESSION";
    public static final String COMPRESS_SERVER_STATE_PARAM = "org.apache.myfaces.COMPRESS_STATE_IN_SESSION";
    public static final boolean DEFAULT_COMPRESS_SERVER_STATE_PARAM = true;
    public static final boolean DEFAULT_SERIALIZE_STATE_IN_SESSION = false;

    @Deprecated
    public static final String CACHE_OLD_VIEWS_IN_SESSION_MODE = "org.apache.myfaces.CACHE_OLD_VIEWS_IN_SESSION_MODE";
    public static final String USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION = "org.apache.myfaces.USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_NONE = "none";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM = "secureRandom";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_RANDOM = "random";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM_DEFAULT = "none";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH";
    public static final int RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_LENGTH_PARAM_DEFAULT = 8;
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS_PARAM = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_CLASS";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER_PARAM = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_PROVIDER";
    public static final String RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM_PARAM = "org.apache.myfaces.RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_SECURE_RANDOM_ALGORITM";
    public static final int UNCOMPRESSED_FLAG = 0;
    public static final int COMPRESSED_FLAG = 1;
    private Boolean _useFlashScopePurgeViewsInSession = null;
    private Integer _numberOfSequentialViewsInSession = null;
    private boolean _numberOfSequentialViewsInSessionSet = false;
    private SessionViewStorageFactory sessionViewStorageFactory;
    private CsrfSessionTokenFactory csrfSessionTokenFactory;

    public ServerSideStateCacheImpl() {
        FacesContext currentInstance = FacesContext.getCurrentInstance();
        String stringInitParameter = WebConfigParamUtils.getStringInitParameter(currentInstance.getExternalContext(), RANDOM_KEY_IN_VIEW_STATE_SESSION_TOKEN_PARAM, "none");
        if ("secureRandom".equals(stringInitParameter)) {
            this.sessionViewStorageFactory = new RandomSessionViewStorageFactory(new SecureRandomKeyFactory(currentInstance));
        } else if ("random".equals(stringInitParameter)) {
            this.sessionViewStorageFactory = new RandomSessionViewStorageFactory(new RandomKeyFactory(currentInstance));
        } else {
            this.sessionViewStorageFactory = new CounterSessionViewStorageFactory(new CounterKeyFactory());
        }
        if ("secureRandom".equals(WebConfigParamUtils.getStringInitParameter(currentInstance.getExternalContext(), StateCache.RANDOM_KEY_IN_CSRF_SESSION_TOKEN_PARAM, "random"))) {
            this.csrfSessionTokenFactory = new SecureRandomCsrfSessionTokenFactory(currentInstance);
        } else {
            this.csrfSessionTokenFactory = new RandomCsrfSessionTokenFactory(currentInstance);
        }
    }

    protected Object getServerStateId(FacesContext facesContext, Object obj) {
        if (obj != null) {
            return getKeyFactory(facesContext).decode((String) obj);
        }
        return null;
    }

    protected void saveSerializedViewInServletSession(FacesContext facesContext, Object obj) {
        Map<String, Object> sessionMap = facesContext.getExternalContext().getSessionMap();
        SerializedViewCollection serializedViewCollection = (SerializedViewCollection) sessionMap.get(SERIALIZED_VIEW_SESSION_ATTR);
        if (serializedViewCollection == null) {
            serializedViewCollection = getSessionViewStorageFactory().createSerializedViewCollection(facesContext);
            sessionMap.put(SERIALIZED_VIEW_SESSION_ATTR, serializedViewCollection);
        }
        Map<Object, Object> attributes = facesContext.getAttributes();
        SerializedViewKey serializedViewKey = null;
        if (getNumberOfSequentialViewsInSession(facesContext.getExternalContext()) != null && getNumberOfSequentialViewsInSession(facesContext.getExternalContext()).intValue() > 0) {
            serializedViewKey = (SerializedViewKey) attributes.get(RESTORED_VIEW_KEY_REQUEST_ATTR);
            if (serializedViewKey == null) {
                ClientWindow clientWindow = facesContext.getExternalContext().getClientWindow();
                if (clientWindow != null) {
                    serializedViewKey = serializedViewCollection.getLastWindowKey(facesContext, clientWindow.getId());
                } else if (isUseFlashScopePurgeViewsInSession(facesContext.getExternalContext()) && Boolean.TRUE.equals(facesContext.getExternalContext().getRequestMap().get("oam.Flash.REDIRECT.PREVIOUSREQUEST"))) {
                    serializedViewKey = (SerializedViewKey) facesContext.getExternalContext().getFlash().get(RESTORED_VIEW_KEY_REQUEST_ATTR);
                }
            }
        }
        SerializedViewKey createSerializedViewKey = getSessionViewStorageFactory().createSerializedViewKey(facesContext, facesContext.getViewRoot().getViewId(), getNextViewSequence(facesContext));
        ViewScopeProxyMap viewScopeProxyMap = null;
        Object viewMap = facesContext.getViewRoot().getViewMap(false);
        if (viewMap != null) {
            while (true) {
                if (viewMap == null) {
                    break;
                }
                if (viewMap instanceof ViewScopeProxyMap) {
                    viewScopeProxyMap = (ViewScopeProxyMap) viewMap;
                    break;
                } else if (viewMap instanceof FacesWrapper) {
                    viewMap = ((FacesWrapper) viewMap).getWrapped();
                }
            }
        }
        if (viewScopeProxyMap != null) {
            serializedViewCollection.put(facesContext, serializeView(facesContext, obj), createSerializedViewKey, serializedViewKey, ViewScopeProviderFactory.getViewScopeHandlerFactory(facesContext.getExternalContext()).getViewScopeHandler(facesContext.getExternalContext()), viewScopeProxyMap.getViewScopeId());
        } else {
            serializedViewCollection.put(facesContext, serializeView(facesContext, obj), createSerializedViewKey, serializedViewKey);
        }
        ClientWindow clientWindow2 = facesContext.getExternalContext().getClientWindow();
        if (clientWindow2 != null) {
            serializedViewCollection.putLastWindowKey(facesContext, clientWindow2.getId(), createSerializedViewKey);
        }
        sessionMap.put(SERIALIZED_VIEW_SESSION_ATTR, serializedViewCollection);
    }

    protected Object getSerializedViewFromServletSession(FacesContext facesContext, String str, Object obj) {
        Object obj2;
        ExternalContext externalContext = facesContext.getExternalContext();
        Map<Object, Object> attributes = facesContext.getAttributes();
        Object obj3 = null;
        if (attributes.containsKey(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR)) {
            obj3 = attributes.get(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR);
        } else {
            SerializedViewCollection serializedViewCollection = (SerializedViewCollection) externalContext.getSessionMap().get(SERIALIZED_VIEW_SESSION_ATTR);
            if (serializedViewCollection != null && obj != null && (obj2 = serializedViewCollection.get(getSessionViewStorageFactory().createSerializedViewKey(facesContext, str, obj))) != null) {
                obj3 = deserializeView(obj2);
            }
            attributes.put(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR, obj3);
            if (getNumberOfSequentialViewsInSession(externalContext) != null && getNumberOfSequentialViewsInSession(externalContext).intValue() > 0) {
                SerializedViewKey createSerializedViewKey = getSessionViewStorageFactory().createSerializedViewKey(facesContext, str, obj);
                attributes.put(RESTORED_VIEW_KEY_REQUEST_ATTR, createSerializedViewKey);
                if (isUseFlashScopePurgeViewsInSession(externalContext)) {
                    externalContext.getFlash().put(RESTORED_VIEW_KEY_REQUEST_ATTR, createSerializedViewKey);
                    externalContext.getFlash().keep(RESTORED_VIEW_KEY_REQUEST_ATTR);
                }
            }
            if (facesContext.getPartialViewContext().isAjaxRequest() || facesContext.getPartialViewContext().isPartialRequest()) {
                attributes.put(RESTORED_SERIALIZED_VIEW_KEY_REQUEST_ATTR, obj);
                attributes.put(RESTORED_SERIALIZED_VIEW_ID_REQUEST_ATTR, str);
            } else {
                nextViewSequence(facesContext);
            }
        }
        return obj3;
    }

    public Object getNextViewSequence(FacesContext facesContext) {
        Object obj = facesContext.getAttributes().get(RendererUtils.SEQUENCE_PARAM);
        if (obj == null) {
            if (facesContext.getPartialViewContext().isAjaxRequest() || facesContext.getPartialViewContext().isPartialRequest()) {
                String str = (String) facesContext.getAttributes().get(RESTORED_SERIALIZED_VIEW_ID_REQUEST_ATTR);
                Object obj2 = facesContext.getAttributes().get(RESTORED_SERIALIZED_VIEW_KEY_REQUEST_ATTR);
                if (str != null && obj2 != null && str.equals(facesContext.getViewRoot().getViewId())) {
                    obj = obj2;
                }
            }
            if (obj == null) {
                obj = nextViewSequence(facesContext);
            }
            facesContext.getAttributes().put(RendererUtils.SEQUENCE_PARAM, obj);
        }
        return obj;
    }

    public Object nextViewSequence(FacesContext facesContext) {
        Object generateKey = getKeyFactory(facesContext).generateKey(facesContext);
        facesContext.getAttributes().put(RendererUtils.SEQUENCE_PARAM, generateKey);
        return generateKey;
    }

    protected Object serializeView(FacesContext facesContext, Object obj) {
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Entering serializeView");
        }
        if (!isSerializeStateInSession(facesContext)) {
            if (log.isLoggable(Level.FINEST)) {
                log.finest("Exiting serializeView - do not serialize state in session.");
            }
            return obj;
        }
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Processing serializeView - serialize state in session");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(AccessFlag.ABSTRACT);
        try {
            OutputStream outputStream = byteArrayOutputStream;
            if (isCompressStateInSession(facesContext)) {
                if (log.isLoggable(Level.FINEST)) {
                    log.finest("Processing serializeView - serialize compressed");
                }
                outputStream.write(1);
                outputStream = new GZIPOutputStream(outputStream, AccessFlag.ABSTRACT);
            } else {
                if (log.isLoggable(Level.FINEST)) {
                    log.finest("Processing serializeView - serialize uncompressed");
                }
                outputStream.write(0);
            }
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream);
            objectOutputStream.writeObject(obj);
            objectOutputStream.close();
            byteArrayOutputStream.close();
            if (log.isLoggable(Level.FINEST)) {
                log.finest("Exiting serializeView - serialized. Bytes : " + byteArrayOutputStream.size());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            log.log(Level.SEVERE, "Exiting serializeView - Could not serialize state: " + e.getMessage(), (Throwable) e);
            return null;
        }
    }

    protected boolean isSerializeStateInSession(FacesContext facesContext) {
        String initParameter = facesContext.getExternalContext().getInitParameter(StateManager.SERIALIZE_SERVER_STATE_PARAM_NAME);
        boolean z = false;
        if (initParameter != null) {
            return initParameter.toLowerCase().equals("true");
        }
        String initParameter2 = facesContext.getExternalContext().getInitParameter(SERIALIZE_STATE_IN_SESSION_PARAM);
        if (initParameter2 != null) {
            z = Boolean.valueOf(initParameter2).booleanValue();
        }
        return z;
    }

    protected boolean isCompressStateInSession(FacesContext facesContext) {
        String initParameter = facesContext.getExternalContext().getInitParameter(COMPRESS_SERVER_STATE_PARAM);
        boolean z = true;
        if (initParameter != null) {
            z = Boolean.valueOf(initParameter).booleanValue();
        }
        return z;
    }

    protected Object deserializeView(Object obj) {
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Entering deserializeView");
        }
        if (!(obj instanceof byte[])) {
            if (obj instanceof Object[]) {
                if (log.isLoggable(Level.FINEST)) {
                    log.finest("Exiting deserializeView - state not serialized.");
                }
                return obj;
            }
            if (obj == null) {
                log.severe("Exiting deserializeView - this method should not be called with a null-state.");
                return null;
            }
            log.severe("Exiting deserializeView - this method should not be called with a state of type : " + obj.getClass());
            return null;
        }
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Processing deserializeView - deserializing serialized state. Bytes : " + ((byte[]) obj).length);
        }
        try {
            InputStream byteArrayInputStream = new ByteArrayInputStream((byte[]) obj);
            if (byteArrayInputStream.read() == 1) {
                byteArrayInputStream = new GZIPInputStream(byteArrayInputStream);
            }
            ObjectInputStream objectInputStream = null;
            try {
                final MyFacesObjectInputStream myFacesObjectInputStream = new MyFacesObjectInputStream(byteArrayInputStream);
                Object doPrivileged = System.getSecurityManager() != null ? AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.apache.myfaces.application.viewstate.ServerSideStateCacheImpl.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws PrivilegedActionException, IOException, ClassNotFoundException {
                        return myFacesObjectInputStream.readObject();
                    }
                }) : myFacesObjectInputStream.readObject();
                if (myFacesObjectInputStream != null) {
                    myFacesObjectInputStream.close();
                }
                return doPrivileged;
            } catch (Throwable th) {
                if (0 != 0) {
                    objectInputStream.close();
                }
                throw th;
            }
        } catch (IOException e) {
            log.log(Level.SEVERE, "Exiting deserializeView - Could not deserialize state: " + e.getMessage(), (Throwable) e);
            return null;
        } catch (ClassNotFoundException e2) {
            log.log(Level.SEVERE, "Exiting deserializeView - Could not deserialize state: " + e2.getMessage(), (Throwable) e2);
            return null;
        } catch (PrivilegedActionException e3) {
            log.log(Level.SEVERE, "Exiting deserializeView - Could not deserialize state: " + e3.getMessage(), (Throwable) e3);
            return null;
        }
    }

    @Override // org.apache.myfaces.application.StateCache
    public Object saveSerializedView(FacesContext facesContext, Object obj) {
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Processing saveSerializedView - server-side state saving - save state");
        }
        saveSerializedViewInServletSession(facesContext, obj);
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Exiting saveSerializedView - server-side state saving - saved state");
        }
        return encodeSerializedState(facesContext, obj);
    }

    @Override // org.apache.myfaces.application.StateCache
    public Object restoreSerializedView(FacesContext facesContext, String str, Object obj) {
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Restoring view from session");
        }
        Object serverStateId = getServerStateId(facesContext, obj);
        if (serverStateId == null) {
            return null;
        }
        return getSerializedViewFromServletSession(facesContext, str, serverStateId);
    }

    @Override // org.apache.myfaces.application.StateCache
    public Object encodeSerializedState(FacesContext facesContext, Object obj) {
        return getKeyFactory(facesContext).encode(getNextViewSequence(facesContext));
    }

    @Override // org.apache.myfaces.application.StateCache
    public boolean isWriteStateAfterRenderViewRequired(FacesContext facesContext) {
        return false;
    }

    private boolean isUseFlashScopePurgeViewsInSession(ExternalContext externalContext) {
        if (this._useFlashScopePurgeViewsInSession == null) {
            this._useFlashScopePurgeViewsInSession = Boolean.valueOf(WebConfigParamUtils.getBooleanInitParameter(externalContext, USE_FLASH_SCOPE_PURGE_VIEWS_IN_SESSION, false));
        }
        return this._useFlashScopePurgeViewsInSession.booleanValue();
    }

    private Integer getNumberOfSequentialViewsInSession(ExternalContext externalContext) {
        if (!this._numberOfSequentialViewsInSessionSet) {
            this._numberOfSequentialViewsInSession = MyfacesConfig.getCurrentInstance(externalContext).getNumberOfSequentialViewsInSession();
            this._numberOfSequentialViewsInSessionSet = true;
        }
        return this._numberOfSequentialViewsInSession;
    }

    protected KeyFactory getKeyFactory(FacesContext facesContext) {
        return this.sessionViewStorageFactory.getKeyFactory();
    }

    protected SessionViewStorageFactory getSessionViewStorageFactory() {
        return this.sessionViewStorageFactory;
    }

    @Override // org.apache.myfaces.application.StateCache
    public String createCryptographicallyStrongTokenFromSession(FacesContext facesContext) {
        return this.csrfSessionTokenFactory.createCryptographicallyStrongTokenFromSession(facesContext);
    }
}
