package jp.sourceforge.shovel.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import jp.sourceforge.shovel.ErrorConst;
import jp.sourceforge.shovel.SessionConst;
import jp.sourceforge.shovel.annotation.Perform;
import jp.sourceforge.shovel.entity.IUser;
import jp.sourceforge.shovel.entity.TokenProcessorWrapper;
import jp.sourceforge.shovel.exception.ApplicationRuntimeException;
import org.aopalliance.intercept.MethodInvocation;
import org.seasar.framework.aop.interceptors.AbstractInterceptor;
import org.seasar.framework.container.S2Container;
import org.seasar.framework.container.annotation.tiger.Binding;
import org.seasar.framework.container.annotation.tiger.BindingType;
import org.seasar.framework.container.factory.SingletonS2ContainerFactory;

/* loaded from: input_file:WEB-INF/classes/jp/sourceforge/shovel/interceptor/CsrfInterceptor.class */
public class CsrfInterceptor extends AbstractInterceptor {
    private static final long serialVersionUID = 1;

    @Override // org.aopalliance.intercept.MethodInterceptor
    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        if (isCsrf(methodInvocation)) {
            checkCSRF();
        }
        return methodInvocation.proceed();
    }

    boolean isCsrf(MethodInvocation methodInvocation) {
        Perform perform = (Perform) methodInvocation.getMethod().getAnnotation(Perform.class);
        if (perform == null) {
            return true;
        }
        return perform.CSRF();
    }

    void checkCSRF() {
        String parameter = getRequest().getParameter(SessionConst.S_CSRF_TICKET);
        if (parameter == null) {
            throw new ApplicationRuntimeException(ErrorConst.E_COMMON_CSRF_NO_TICKET);
        }
        if (!parameter.equals((String) getSession().getAttribute(SessionConst.S_CSRF_TICKET))) {
            throw new ApplicationRuntimeException(ErrorConst.E_COMMON_CSRF_INVALID_TICKET);
        }
    }

    @Binding(bindingType = BindingType.NONE)
    public static void setCsrfTicket(IUser iUser) {
        getSession().setAttribute(SessionConst.S_CSRF_TICKET, getTokenProcessor().generateToken(String.valueOf(iUser.getUserId())));
    }

    static S2Container getContainer() {
        return SingletonS2ContainerFactory.getContainer();
    }

    static HttpServletRequest getRequest() {
        return (HttpServletRequest) getContainer().getComponent("request");
    }

    static HttpSession getSession() {
        return (HttpSession) getContainer().getComponent("session");
    }

    static TokenProcessorWrapper getTokenProcessor() {
        return new TokenProcessorWrapper();
    }
}
