package com.atlassian.xwork.interceptors;

import com.atlassian.xwork.RequireSecurityToken;
import com.atlassian.xwork.SimpleXsrfTokenGenerator;
import com.atlassian.xwork.XWorkVersionSupport;
import com.atlassian.xwork.XsrfTokenGenerator;
import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.Action;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.ValidationAware;
import com.opensymphony.xwork.interceptor.Interceptor;

/* loaded from: input_file:com/atlassian/xwork/interceptors/XsrfTokenInterceptor.class */
public class XsrfTokenInterceptor implements Interceptor {
    public static final String REQUEST_PARAM_NAME = "atl_token";
    public static final String CONFIG_PARAM_NAME = "RequireSecurityToken";
    public static final String VALIDATION_FAILED_ERROR_KEY = "atlassian.xwork.xsrf.badtoken";
    public static final String SECURITY_TOKEN_REQUIRED_ERROR_KEY = "atlassian.xwork.xsrf.notoken";
    public static final String OVERRIDE_HEADER_NAME = "X-Atlassian-Token";
    public static final String OVERRIDE_HEADER_VALUE = "no-check";
    private final XsrfTokenGenerator tokenGenerator;
    private final XWorkVersionSupport versionSupport;

    /* loaded from: input_file:com/atlassian/xwork/interceptors/XsrfTokenInterceptor$SecurityLevel.class */
    public enum SecurityLevel {
        OPT_IN(false),
        OPT_OUT(true);

        private final boolean defaultProtection;

        SecurityLevel(boolean z) {
            this.defaultProtection = z;
        }

        public boolean getDefaultProtection() {
            return this.defaultProtection;
        }
    }

    public XsrfTokenInterceptor(XWorkVersionSupport xWorkVersionSupport) {
        this(new SimpleXsrfTokenGenerator(), xWorkVersionSupport);
    }

    public XsrfTokenInterceptor(XsrfTokenGenerator xsrfTokenGenerator, XWorkVersionSupport xWorkVersionSupport) {
        this.tokenGenerator = xsrfTokenGenerator;
        this.versionSupport = xWorkVersionSupport;
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        boolean methodRequiresProtection = methodRequiresProtection((String) actionInvocation.getProxy().getConfig().getParams().get(CONFIG_PARAM_NAME), (RequireSecurityToken) actionInvocation.getProxy().getConfig().getMethod().getAnnotation(RequireSecurityToken.class));
        String parameter = ServletActionContext.getRequest().getParameter(REQUEST_PARAM_NAME);
        boolean validateToken = this.tokenGenerator.validateToken(ServletActionContext.getRequest(), parameter);
        if (!methodRequiresProtection || validateToken) {
            return actionInvocation.invoke();
        }
        if (parameter == null) {
            addInvalidTokenError(this.versionSupport.extractAction(actionInvocation), SECURITY_TOKEN_REQUIRED_ERROR_KEY);
        } else {
            addInvalidTokenError(this.versionSupport.extractAction(actionInvocation), VALIDATION_FAILED_ERROR_KEY);
        }
        ServletActionContext.getResponse().setStatus(403);
        return "input";
    }

    private boolean methodRequiresProtection(String str, RequireSecurityToken requireSecurityToken) {
        if (isOverrideHeaderPresent()) {
            return false;
        }
        return str != null ? Boolean.valueOf(str).booleanValue() : requireSecurityToken != null ? requireSecurityToken.value() : getSecurityLevel().getDefaultProtection();
    }

    protected void addInvalidTokenError(Action action, String str) {
        if (action instanceof ValidationAware) {
            ((ValidationAware) action).addActionError(internationaliseErrorMessage(action, str));
        }
    }

    protected String internationaliseErrorMessage(Action action, String str) {
        return str;
    }

    private boolean isOverrideHeaderPresent() {
        return OVERRIDE_HEADER_VALUE.equals(ServletActionContext.getRequest().getHeader(OVERRIDE_HEADER_NAME));
    }

    public void destroy() {
    }

    public void init() {
    }

    protected SecurityLevel getSecurityLevel() {
        return SecurityLevel.OPT_IN;
    }
}
