package org.onetwo.common.web.preventor;

import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onetwo.common.utils.LangUtils;
import org.onetwo.common.utils.StringUtils;
import org.onetwo.common.web.utils.RequestUtils;

/* loaded from: input_file:org/onetwo/common/web/preventor/AbstractRequestPreventor.class */
public abstract class AbstractRequestPreventor implements RequestPreventor {
    protected final String tokenFieldName;
    protected TokenValueGenerator tokenValueGenerator = new Md5TokenValueGenerator();

    public AbstractRequestPreventor(String str) {
        this.tokenFieldName = str;
    }

    @Override // org.onetwo.common.web.preventor.RequestPreventor
    public String getTokenFieldName() {
        return this.tokenFieldName;
    }

    protected abstract RequestToken getStoredTokenValue(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    protected abstract void cleanStoredTokenValue(boolean z, RequestToken requestToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    public boolean isValidateToken(Method method, HttpServletRequest httpServletRequest) {
        return true;
    }

    @Override // org.onetwo.common.web.preventor.RequestPreventor
    public void validateToken(Method method, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (isValidateToken(method, httpServletRequest)) {
            String tokenFieldName = getTokenFieldName();
            String parameter = httpServletRequest.getParameter(tokenFieldName);
            synchronized (httpServletRequest.getSession()) {
                RequestToken storedTokenValue = getStoredTokenValue(tokenFieldName, httpServletRequest, httpServletResponse);
                try {
                    if (storedTokenValue == null) {
                        handleInvalidToken(storedTokenValue, httpServletRequest, httpServletResponse);
                    } else if (StringUtils.isBlank(parameter)) {
                        handleInvalidToken(storedTokenValue, httpServletRequest, httpServletResponse);
                    } else if (!getTokenValueGenerator().validateToken(storedTokenValue, parameter)) {
                        handleInvalidToken(storedTokenValue, httpServletRequest, httpServletResponse);
                    }
                    if (storedTokenValue != null) {
                        cleanStoredTokenValue(false, storedTokenValue, httpServletRequest, httpServletResponse);
                    }
                } catch (Throwable th) {
                    if (storedTokenValue != null) {
                        cleanStoredTokenValue(false, storedTokenValue, httpServletRequest, httpServletResponse);
                    }
                    throw th;
                }
            }
        }
    }

    protected void handleInvalidToken(RequestToken requestToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        cleanStoredTokenValue(true, requestToken, httpServletRequest, httpServletResponse);
        throw new IllegalRequestException();
    }

    @Override // org.onetwo.common.web.preventor.RequestPreventor
    public RequestToken generateToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        RequestToken requestToken = new RequestToken(getTokenFieldName(), LangUtils.generateToken(new String[]{getTokenFieldName()}));
        storeToken(requestToken, httpServletRequest, httpServletResponse);
        return requestToken;
    }

    @Override // org.onetwo.common.web.preventor.RequestPreventor
    public TokenValueGenerator getTokenValueGenerator() {
        return this.tokenValueGenerator;
    }

    @Override // org.onetwo.common.web.preventor.RequestPreventor
    public String processSafeUrl(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        RequestToken generateToken = generateToken(httpServletRequest, httpServletResponse);
        return RequestUtils.appendParam(str, generateToken.getFieldName(), generateToken.getGeneratedValue(getTokenValueGenerator()));
    }

    protected abstract void storeToken(RequestToken requestToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);
}
