package org.spincast.plugins.formsprotection.doublesubmit;

import com.google.inject.Inject;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Map;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spincast.core.dictionary.Dictionary;
import org.spincast.core.exceptions.PublicExceptionDefault;
import org.spincast.core.exceptions.RedirectException;
import org.spincast.core.exchange.RequestContext;
import org.spincast.core.flash.FlashMessageFactory;
import org.spincast.core.routing.HttpMethod;
import org.spincast.core.utils.SpincastStatics;
import org.spincast.plugins.crypto.SpincastCryptoUtils;
import org.spincast.plugins.formsprotection.config.SpincastFormsProtectionConfig;
import org.spincast.plugins.formsprotection.dictionary.SpincastFormsProtectionPluginDictionaryEntries;
import org.spincast.plugins.formsprotection.exceptions.FormAlreadySubmittedException;
import org.spincast.plugins.formsprotection.exceptions.FormTooOldException;
import org.spincast.shaded.org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:org/spincast/plugins/formsprotection/doublesubmit/SpincastFormsDoubleSubmitProtectionFilterDefault.class */
public class SpincastFormsDoubleSubmitProtectionFilterDefault implements SpincastFormsDoubleSubmitProtectionFilter {
    private final SpincastFormsProtectionConfig spincastFormsProtectionConfig;
    private final FlashMessageFactory flashMessageFactory;
    private final Dictionary dictionary;
    private final SpincastCryptoUtils cryptoUtils;
    private final SpincastFormsDoubleSubmitProtectionRepository spincastFormsDoubleSubmitProtectionRepository;
    protected final Logger logger = LoggerFactory.getLogger(SpincastFormsDoubleSubmitProtectionFilterDefault.class);
    private final String formDoubleSubmitPrivateKey = UUID.randomUUID().toString();

    @Inject
    public SpincastFormsDoubleSubmitProtectionFilterDefault(SpincastFormsProtectionConfig spincastFormsProtectionConfig, FlashMessageFactory flashMessageFactory, Dictionary dictionary, SpincastCryptoUtils spincastCryptoUtils, SpincastFormsDoubleSubmitProtectionRepository spincastFormsDoubleSubmitProtectionRepository) {
        this.spincastFormsProtectionConfig = spincastFormsProtectionConfig;
        this.flashMessageFactory = flashMessageFactory;
        this.dictionary = dictionary;
        this.cryptoUtils = spincastCryptoUtils;
        this.spincastFormsDoubleSubmitProtectionRepository = spincastFormsDoubleSubmitProtectionRepository;
    }

    protected SpincastFormsProtectionConfig getSpincastFormsProtectionConfig() {
        return this.spincastFormsProtectionConfig;
    }

    protected FlashMessageFactory getFlashMessageFactory() {
        return this.flashMessageFactory;
    }

    protected Dictionary getDictionary() {
        return this.dictionary;
    }

    protected SpincastCryptoUtils getCryptoUtils() {
        return this.cryptoUtils;
    }

    protected SpincastFormsDoubleSubmitProtectionRepository getSpincastFormsDoubleSubmitProtectionRepository() {
        return this.spincastFormsDoubleSubmitProtectionRepository;
    }

    @Override // org.spincast.plugins.formsprotection.doublesubmit.SpincastFormsDoubleSubmitProtectionFilter
    public void handle(RequestContext<?> requestContext) throws FormAlreadySubmittedException, FormTooOldException {
        Map formBodyRaw;
        if (requestContext.routing().getRoutingResult().getMainRouteHandlerMatch().getSourceRoute().isStaticResourceRoute() || requestContext.routing().isForwarded()) {
            return;
        }
        try {
            HttpMethod httpMethod = requestContext.request().getHttpMethod();
            if (httpMethod == HttpMethod.GET || httpMethod == HttpMethod.HEAD || httpMethod == HttpMethod.OPTIONS || httpMethod == HttpMethod.CONNECT || (formBodyRaw = requestContext.request().getFormBodyRaw()) == null || formBodyRaw.size() == 0 || requestContext.request().getFormBodyAsJsonObject().getString(getSpincastFormsProtectionConfig().getFormDoubleSubmitDisableProtectionIdFieldName()) != null) {
                return;
            }
            String string = requestContext.request().getFormBodyAsJsonObject().getString(getSpincastFormsProtectionConfig().getFormDoubleSubmitProtectionIdFieldName());
            if (string == null) {
                this.logger.warn("Submitted form without a protection id: " + requestContext.request().getFullUrl());
                throw new RedirectException("/");
            }
            Pair<Instant, String> submittedFormInfo = getSubmittedFormInfo(string);
            if (submittedFormInfo == null) {
                this.logger.warn("Submitted form with an invalid form info payload'" + string + "' : " + requestContext.request().getFullUrl());
                invalidFormMatchAction(requestContext, getDictionary().get(SpincastFormsProtectionPluginDictionaryEntries.MESSAGE_KEY_FORM_INVALID_PROTECTION_ID));
                return;
            }
            if (((Instant) submittedFormInfo.getKey()).isBefore(Instant.now().minus(getSpincastFormsProtectionConfig().getFormDoubleSubmitFormValidForNbrMinutes(), (TemporalUnit) ChronoUnit.MINUTES))) {
                this.logger.warn("Form too old '" + submittedFormInfo.getKey() + "' : " + requestContext.request().getFullUrl());
                invalidFormMatchAction(requestContext, getDictionary().get(SpincastFormsProtectionPluginDictionaryEntries.MESSAGE_KEY_FORM_TOO_OLD));
            }
            if (getSpincastFormsDoubleSubmitProtectionRepository().isFormAlreadySubmitted((String) submittedFormInfo.getValue())) {
                this.logger.debug("Form submitted with an already used protection id : " + requestContext.request().getFullUrl() + " => " + ((String) submittedFormInfo.getValue()));
                invalidFormMatchAction(requestContext, getDictionary().get(SpincastFormsProtectionPluginDictionaryEntries.MESSAGE_KEY_FORM_ALREADY_SUBMITTED));
            }
            getSpincastFormsDoubleSubmitProtectionRepository().saveSubmittedFormProtectionId((Instant) submittedFormInfo.getKey(), (String) submittedFormInfo.getValue());
        } catch (Exception e) {
            throw SpincastStatics.runtimize(e);
        }
    }

    @Override // org.spincast.plugins.formsprotection.doublesubmit.SpincastFormsDoubleSubmitProtectionFilter
    public String createNewFormDoubleSubmitProtectionId() {
        return getCryptoUtils().encrypt(Instant.now() + "|" + UUID.randomUUID().toString(), getFormDoubleSubmitPrivateKey());
    }

    protected Pair<Instant, String> getSubmittedFormInfo(String str) {
        try {
            String decrypt = getCryptoUtils().decrypt(str, getFormDoubleSubmitPrivateKey());
            if (decrypt == null) {
                return null;
            }
            int indexOf = decrypt.indexOf("|");
            return Pair.of(Instant.parse(decrypt.substring(0, indexOf)), decrypt.substring(indexOf + 1));
        } catch (Exception e) {
            return null;
        }
    }

    protected void invalidFormMatchAction(RequestContext<?> requestContext, String str) throws Exception {
        throw new PublicExceptionDefault(str, 400);
    }

    protected String getFormDoubleSubmitPrivateKey() {
        return this.formDoubleSubmitPrivateKey;
    }
}
