package net.croz.nrich.security.csrf.webmvc.interceptor;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.beans.ConstructorProperties;
import java.util.List;
import java.util.Optional;
import lombok.Generated;
import net.croz.nrich.security.csrf.api.service.CsrfTokenManagerService;
import net.croz.nrich.security.csrf.core.constants.CsrfConstants;
import net.croz.nrich.security.csrf.core.exception.CsrfTokenException;
import net.croz.nrich.security.csrf.core.model.CsrfExcludeConfig;
import net.croz.nrich.security.csrf.core.util.CsrfUriUtil;
import net.croz.nrich.security.csrf.webmvc.holder.WebMvcCsrfTokenKeyHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:net/croz/nrich/security/csrf/webmvc/interceptor/CsrfInterceptor.class */
public class CsrfInterceptor implements HandlerInterceptor {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CsrfInterceptor.class);
    private final CsrfTokenManagerService csrfTokenManagerService;
    private final String tokenKeyName;
    private final String initialTokenUrl;
    private final String csrfPingUrl;
    private final List<CsrfExcludeConfig> csrfExcludeConfigList;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        preHandleInternal(httpServletRequest, httpServletResponse, obj);
        return true;
    }

    protected void preHandleInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        log.debug("csrfInterceptor.preHandle()");
        if ((obj instanceof ResourceHttpRequestHandler) || CsrfConstants.EMPTY_PATH.equals(new UrlPathHelper().getPathWithinApplication(httpServletRequest))) {
            return;
        }
        HttpSession session = httpServletRequest.getSession(false);
        String requestURI = httpServletRequest.getRequestURI();
        if (CsrfUriUtil.excludeUri(this.csrfExcludeConfigList, requestURI)) {
            updateLastApiCallAttribute(session);
            return;
        }
        if (requestURI.endsWith(this.csrfPingUrl)) {
            handleCsrfPingUrl(httpServletRequest, httpServletResponse, session);
        } else {
            if (session == null) {
                throw new CsrfTokenException("Can't validate token. There is no session.");
            }
            this.csrfTokenManagerService.validateAndRefreshToken(new WebMvcCsrfTokenKeyHolder(httpServletRequest, httpServletResponse, this.tokenKeyName, CsrfConstants.CSRF_CRYPTO_KEY_NAME));
            updateLastApiCallAttribute(session);
        }
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) {
        if (httpServletRequest.getRequestURI().endsWith(this.initialTokenUrl)) {
            modelAndView.addObject(CsrfConstants.CSRF_INITIAL_TOKEN_ATTRIBUTE_NAME, this.csrfTokenManagerService.generateToken(new WebMvcCsrfTokenKeyHolder(httpServletRequest, httpServletResponse, this.tokenKeyName, CsrfConstants.CSRF_CRYPTO_KEY_NAME)));
            updateLastApiCallAttribute(httpServletRequest.getSession());
        }
    }

    private void handleCsrfPingUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) {
        boolean z = false;
        long j = 0;
        if (httpSession != null) {
            Long l = (Long) httpSession.getAttribute(CsrfConstants.NRICH_LAST_REAL_API_REQUEST_MILLIS);
            log.debug("    lastRealApiRequestMillis: {}", l);
            if (l != null) {
                j = System.currentTimeMillis() - l.longValue();
                log.debug("    deltaMillis: {}", Long.valueOf(j));
                long maxInactiveInterval = httpSession.getMaxInactiveInterval() * 1000;
                log.debug("    maxInactiveIntervalMillis: {}", Long.valueOf(maxInactiveInterval));
                if (maxInactiveInterval > 0 && j > maxInactiveInterval) {
                    httpSession.invalidate();
                    z = true;
                    log.debug("    sessionJustInvalidated: {}", true);
                }
            }
        }
        if (z) {
            log.debug("    sending csrf stop ping header in response");
            httpServletResponse.setHeader(CsrfConstants.CSRF_PING_STOP_HEADER_NAME, "stopPing");
        } else {
            this.csrfTokenManagerService.validateAndRefreshToken(new WebMvcCsrfTokenKeyHolder(httpServletRequest, httpServletResponse, this.tokenKeyName, CsrfConstants.CSRF_CRYPTO_KEY_NAME));
        }
        httpServletResponse.setHeader(CsrfConstants.CSRF_AFTER_LAST_ACTIVE_REQUEST_MILLIS_HEADER_NAME, Long.toString(j));
    }

    private void updateLastApiCallAttribute(HttpSession httpSession) {
        Optional.ofNullable(httpSession).ifPresent(httpSession2 -> {
            httpSession2.setAttribute(CsrfConstants.NRICH_LAST_REAL_API_REQUEST_MILLIS, Long.valueOf(System.currentTimeMillis()));
        });
    }

    @Generated
    @ConstructorProperties({"csrfTokenManagerService", "tokenKeyName", "initialTokenUrl", "csrfPingUrl", "csrfExcludeConfigList"})
    public CsrfInterceptor(CsrfTokenManagerService csrfTokenManagerService, String str, String str2, String str3, List<CsrfExcludeConfig> list) {
        this.csrfTokenManagerService = csrfTokenManagerService;
        this.tokenKeyName = str;
        this.initialTokenUrl = str2;
        this.csrfPingUrl = str3;
        this.csrfExcludeConfigList = list;
    }
}
