package org.apache.struts.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.struts.Globals;
import org.apache.struts.taglib.html.Constants;
import org.nuiton.util.DigestGenerator;

/* loaded from: input_file:sandra-web-2.0.2.war:WEB-INF/lib/struts-1.2.9.jar:org/apache/struts/util/TokenProcessor.class */
public class TokenProcessor {
    private static TokenProcessor instance = new TokenProcessor();
    private long previous;

    public static TokenProcessor getInstance() {
        return instance;
    }

    protected TokenProcessor() {
    }

    public synchronized boolean isTokenValid(HttpServletRequest httpServletRequest) {
        return isTokenValid(httpServletRequest, false);
    }

    public synchronized boolean isTokenValid(HttpServletRequest httpServletRequest, boolean z) {
        String str;
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || (str = (String) session.getAttribute(Globals.TRANSACTION_TOKEN_KEY)) == null) {
            return false;
        }
        if (z) {
            resetToken(httpServletRequest);
        }
        String parameter = httpServletRequest.getParameter(Constants.TOKEN_KEY);
        if (parameter == null) {
            return false;
        }
        return str.equals(parameter);
    }

    public synchronized void resetToken(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        session.removeAttribute(Globals.TRANSACTION_TOKEN_KEY);
    }

    public synchronized void saveToken(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        String generateToken = generateToken(httpServletRequest);
        if (generateToken != null) {
            session.setAttribute(Globals.TRANSACTION_TOKEN_KEY, generateToken);
        }
    }

    public synchronized String generateToken(HttpServletRequest httpServletRequest) {
        try {
            byte[] bytes = httpServletRequest.getSession().getId().getBytes();
            long currentTimeMillis = System.currentTimeMillis();
            if (currentTimeMillis == this.previous) {
                currentTimeMillis++;
            }
            this.previous = currentTimeMillis;
            byte[] bytes2 = new Long(currentTimeMillis).toString().getBytes();
            MessageDigest messageDigest = MessageDigest.getInstance(DigestGenerator.md5DigestAlgorithm);
            messageDigest.update(bytes);
            messageDigest.update(bytes2);
            return toHex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    private String toHex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(Character.forDigit((bArr[i] & 240) >> 4, 16));
            stringBuffer.append(Character.forDigit(bArr[i] & 15, 16));
        }
        return stringBuffer.toString();
    }
}
