package org.terasoluna.gfw.web.token.transaction;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.util.WebUtils;
import org.terasoluna.gfw.web.token.TokenStringGenerator;

/* loaded from: input_file:WEB-INF/lib/terasoluna-gfw-web-1.0.0-20130918.020921-68.jar:org/terasoluna/gfw/web/token/transaction/TransactionTokenInterceptor.class */
public class TransactionTokenInterceptor implements HandlerInterceptor {
    public static final String TOKEN_REQUEST_PARAMETER = "_TRANSACTION_TOKEN";
    private final TransactionTokenInfoStore tokenInfoStore;
    private final TransactionTokenStore tokenStore;
    private final TokenStringGenerator generator;
    private static final Logger logger = LoggerFactory.getLogger(TransactionTokenInterceptor.class);
    public static final String TOKEN_CONTEXT_REQUEST_ATTRIBUTE_NAME = TransactionTokenInterceptor.class.getName() + ".TOKEN_CONTEXT";
    public static final String NEXT_TOKEN_REQUEST_ATTRIBUTE_NAME = TransactionTokenInterceptor.class.getName() + ".NEXT_TOKEN";
    private static final TransactionToken INVALID_TOKEN = new TransactionToken(null, null, null) { // from class: org.terasoluna.gfw.web.token.transaction.TransactionTokenInterceptor.1
        private static final long serialVersionUID = 674844591801033738L;

        @Override // org.terasoluna.gfw.web.token.transaction.TransactionToken
        public boolean valid() {
            return false;
        }
    };

    public TransactionTokenInterceptor() {
        this(new TokenStringGenerator(), new TransactionTokenInfoStore(), new HttpSessionTransactionTokenStore());
    }

    public TransactionTokenInterceptor(int i) {
        this(new TokenStringGenerator(), new TransactionTokenInfoStore(), new HttpSessionTransactionTokenStore(i));
    }

    public TransactionTokenInterceptor(TokenStringGenerator tokenStringGenerator, TransactionTokenInfoStore transactionTokenInfoStore, TransactionTokenStore transactionTokenStore) {
        this.generator = tokenStringGenerator;
        this.tokenInfoStore = transactionTokenInfoStore;
        this.tokenStore = transactionTokenStore;
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String parameter;
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        logger.trace("preHandle");
        TransactionTokenInfo transactionTokenInfo = this.tokenInfoStore.getTransactionTokenInfo((HandlerMethod) obj);
        TransactionToken transactionToken = INVALID_TOKEN;
        if (transactionTokenInfo.needValidate()) {
            transactionToken = createReceivedToken(httpServletRequest);
            if (!validateToken(transactionToken, this.tokenStore, transactionTokenInfo)) {
                processTransactionTokenError(transactionToken);
            }
        } else if (transactionTokenInfo.needCreate() && null != (parameter = httpServletRequest.getParameter(TOKEN_REQUEST_PARAMETER))) {
            removeToken(new TransactionToken(parameter));
        }
        httpServletRequest.setAttribute(TOKEN_CONTEXT_REQUEST_ATTRIBUTE_NAME, new TransactionTokenContextImpl(transactionTokenInfo, transactionToken));
        return true;
    }

    protected void processTransactionTokenError(TransactionToken transactionToken) {
        removeToken(transactionToken);
        throw new InvalidTransactionTokenException();
    }

    TransactionToken createReceivedToken(HttpServletRequest httpServletRequest) {
        return new TransactionToken(httpServletRequest.getParameter(TOKEN_REQUEST_PARAMETER));
    }

    boolean validateToken(TransactionToken transactionToken, TransactionTokenStore transactionTokenStore, TransactionTokenInfo transactionTokenInfo) {
        String andClear;
        return transactionToken.valid() && transactionToken.getTokenName().equals(transactionTokenInfo.getTokenName()) && (andClear = transactionTokenStore.getAndClear(transactionToken)) != null && andClear.equals(transactionToken.getTokenValue());
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        logger.trace("postHandle");
        if (obj instanceof HandlerMethod) {
            TransactionTokenContextImpl transactionTokenContextImpl = (TransactionTokenContextImpl) httpServletRequest.getAttribute(TOKEN_CONTEXT_REQUEST_ATTRIBUTE_NAME);
            switch (transactionTokenContextImpl.getReserveCommand()) {
                case CREATE_TOKEN:
                    createToken(httpServletRequest, httpServletRequest.getSession(true), transactionTokenContextImpl.getTokenInfo(), this.generator, this.tokenStore);
                    return;
                case UPDATE_TOKEN:
                    updateToken(httpServletRequest, httpServletRequest.getSession(true), transactionTokenContextImpl.getReceivedToken(), transactionTokenContextImpl.getTokenInfo(), this.generator, this.tokenStore);
                    return;
                case REMOVE_TOKEN:
                    removeToken(transactionTokenContextImpl.getReceivedToken());
                    return;
                default:
                    return;
            }
        }
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        logger.trace("afterCompletion");
        if (exc != null) {
            removeToken(((TransactionTokenContextImpl) httpServletRequest.getAttribute(TOKEN_CONTEXT_REQUEST_ATTRIBUTE_NAME)).getReceivedToken());
        }
    }

    void updateToken(HttpServletRequest httpServletRequest, HttpSession httpSession, TransactionToken transactionToken, TransactionTokenInfo transactionTokenInfo, TokenStringGenerator tokenStringGenerator, TransactionTokenStore transactionTokenStore) {
        TransactionToken transactionToken2 = new TransactionToken(transactionTokenInfo.getTokenName(), transactionToken.getTokenKey(), tokenStringGenerator.generate(httpSession.getId()));
        transactionTokenStore.store(transactionToken2);
        httpServletRequest.setAttribute(NEXT_TOKEN_REQUEST_ATTRIBUTE_NAME, transactionToken2);
    }

    void createToken(HttpServletRequest httpServletRequest, HttpSession httpSession, TransactionTokenInfo transactionTokenInfo, TokenStringGenerator tokenStringGenerator, TransactionTokenStore transactionTokenStore) {
        TransactionToken transactionToken;
        synchronized (WebUtils.getSessionMutex(httpSession)) {
            transactionToken = new TransactionToken(transactionTokenInfo.getTokenName(), transactionTokenStore.createAndReserveTokenKey(transactionTokenInfo.getTokenName()), tokenStringGenerator.generate(httpSession.getId()));
            transactionTokenStore.store(transactionToken);
        }
        httpServletRequest.setAttribute(NEXT_TOKEN_REQUEST_ATTRIBUTE_NAME, transactionToken);
    }

    void removeToken(TransactionToken transactionToken) {
        if (transactionToken.valid()) {
            this.tokenStore.remove(transactionToken);
        }
    }
}
