package org.onetwo.common.web.csrf;

import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onetwo.common.web.preventor.PreventRequestInfoManager;
import org.onetwo.common.web.preventor.RequestToken;
import org.onetwo.common.web.preventor.SessionStoreRequestPreventor;
import org.onetwo.common.web.utils.WebContextUtils;

/* loaded from: input_file:org/onetwo/common/web/csrf/SameInSessionCsrfPreventor.class */
public class SameInSessionCsrfPreventor extends SessionStoreRequestPreventor {
    public static final String DEFAULT_CSRF_TOKEN_FIELD = "_jfish_token";
    private PreventRequestInfoManager csrfAnnotationManager;

    public SameInSessionCsrfPreventor(PreventRequestInfoManager preventRequestInfoManager) {
        super(DEFAULT_CSRF_TOKEN_FIELD);
        this.csrfAnnotationManager = preventRequestInfoManager;
    }

    public PreventRequestInfoManager getCsrfAnnotationManager() {
        return this.csrfAnnotationManager;
    }

    @Override // org.onetwo.common.web.preventor.AbstractRequestPreventor
    public boolean isValidateToken(Method method, HttpServletRequest httpServletRequest) {
        return this.csrfAnnotationManager.getRequestPreventInfo(method, httpServletRequest).isCsrfValidate();
    }

    @Override // org.onetwo.common.web.preventor.AbstractRequestPreventor, org.onetwo.common.web.preventor.RequestPreventor
    public RequestToken generateToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        RequestToken requestToken;
        RequestToken requestToken2 = (RequestToken) WebContextUtils.getAttr(httpServletRequest.getSession(), getTokenFieldName());
        if (requestToken2 != null) {
            return requestToken2;
        }
        synchronized (httpServletRequest.getSession()) {
            requestToken = (RequestToken) WebContextUtils.getAttr(httpServletRequest.getSession(), getTokenFieldName());
            if (requestToken == null) {
                requestToken = super.generateToken(httpServletRequest, httpServletResponse);
            }
        }
        return requestToken;
    }

    @Override // org.onetwo.common.web.preventor.SessionStoreRequestPreventor, org.onetwo.common.web.preventor.AbstractRequestPreventor
    protected RequestToken getStoredTokenValue(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return (RequestToken) WebContextUtils.getAttr(httpServletRequest.getSession(), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.onetwo.common.web.preventor.SessionStoreRequestPreventor, org.onetwo.common.web.preventor.AbstractRequestPreventor
    public void cleanStoredTokenValue(boolean z, RequestToken requestToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!z || requestToken == null) {
            return;
        }
        WebContextUtils.remove(httpServletRequest.getSession(), requestToken.getFieldName());
    }

    @Override // org.onetwo.common.web.preventor.SessionStoreRequestPreventor, org.onetwo.common.web.preventor.AbstractRequestPreventor
    protected void storeToken(RequestToken requestToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WebContextUtils.attr(httpServletRequest.getSession(), requestToken.getFieldName(), requestToken);
    }
}
