package org.apache.struts2.util;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.util.LocalizedTextUtil;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import java.math.BigInteger;
import java.util.Map;
import java.util.Random;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/struts2-core-2.3.15.3.jar:org/apache/struts2/util/TokenHelper.class
 */
/* loaded from: input_file:WEB-INF/classes/embedded/echobase-embedded-4.0.9.war:WEB-INF/lib/struts2-core-2.3.15.3.jar:org/apache/struts2/util/TokenHelper.class */
public class TokenHelper {
    public static final String TOKEN_NAMESPACE = "struts.tokens";
    public static final String DEFAULT_TOKEN_NAME = "token";
    public static final String TOKEN_NAME_FIELD = "struts.token.name";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TokenHelper.class);
    private static final Random RANDOM = new Random();

    public static String setToken() {
        return setToken("token");
    }

    public static String setToken(String str) {
        String generateGUID = generateGUID();
        setSessionToken(str, generateGUID);
        return generateGUID;
    }

    public static void setSessionToken(String str, String str2) {
        try {
            ActionContext.getContext().getSession().put(buildTokenSessionAttributeName(str), str2);
        } catch (IllegalStateException e) {
            String str3 = "Error creating HttpSession due response is commited to client. You can use the CreateSessionInterceptor or create the HttpSession from your action before the result is rendered to the client: " + e.getMessage();
            if (LOG.isErrorEnabled()) {
                LOG.error(str3, e, new String[0]);
            }
            throw new IllegalArgumentException(str3);
        }
    }

    public static String buildTokenSessionAttributeName(String str) {
        return "struts.tokens." + str;
    }

    public static String getToken() {
        return getToken("token");
    }

    public static String getToken(String str) {
        if (str == null) {
            return null;
        }
        String[] strArr = (String[]) ActionContext.getContext().getParameters().get(str);
        if (strArr != null && strArr.length >= 1) {
            return strArr[0];
        }
        if (!LOG.isWarnEnabled()) {
            return null;
        }
        LOG.warn("Could not find token mapped to token name " + str, new String[0]);
        return null;
    }

    public static String getTokenName() {
        Map<String, Object> parameters = ActionContext.getContext().getParameters();
        if (!parameters.containsKey(TOKEN_NAME_FIELD)) {
            if (!LOG.isWarnEnabled()) {
                return null;
            }
            LOG.warn("Could not find token name in params.", new String[0]);
            return null;
        }
        String[] strArr = (String[]) parameters.get(TOKEN_NAME_FIELD);
        if (strArr != null && strArr.length >= 1) {
            return strArr[0];
        }
        if (!LOG.isWarnEnabled()) {
            return null;
        }
        LOG.warn("Got a null or empty token name.", new String[0]);
        return null;
    }

    public static boolean validToken() {
        String tokenName = getTokenName();
        if (tokenName == null) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("no token name found -> Invalid token ", new String[0]);
            return false;
        }
        String token = getToken(tokenName);
        if (token == null) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("no token found for token name " + tokenName + " -> Invalid token ", new String[0]);
            return false;
        }
        Map<String, Object> session = ActionContext.getContext().getSession();
        String buildTokenSessionAttributeName = buildTokenSessionAttributeName(tokenName);
        String str = (String) session.get(buildTokenSessionAttributeName);
        if (token.equals(str)) {
            session.remove(buildTokenSessionAttributeName);
            return true;
        }
        if (!LOG.isWarnEnabled()) {
            return false;
        }
        LOG.warn(LocalizedTextUtil.findText(TokenHelper.class, "struts.internal.invalid.token", ActionContext.getContext().getLocale(), "Form token {0} does not match the session token {1}.", new Object[]{token, str}), new String[0]);
        return false;
    }

    public static String generateGUID() {
        return new BigInteger(165, RANDOM).toString(36).toUpperCase();
    }
}
