package org.gbif.ipt.struts2;

import com.google.inject.Inject;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.net.URI;
import java.security.SecureRandom;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.StrutsStatics;
import org.apache.struts2.views.util.DefaultUrlHelper;
import org.gbif.ipt.config.AppConfig;
import org.gbif.ipt.config.Constants;

/* loaded from: input_file:WEB-INF/classes/org/gbif/ipt/struts2/CsrfLoginInterceptor.class */
public class CsrfLoginInterceptor extends AbstractInterceptor {
    private static final String AB = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
    public static final String CSRFtoken = "CSRFtoken";
    private static final int TOKEN_LENGTH = 32;
    private static SecureRandom rnd = new SecureRandom();

    @Inject
    private AppConfig cfg;

    @Override // com.opensymphony.xwork2.interceptor.AbstractInterceptor, com.opensymphony.xwork2.interceptor.Interceptor
    public String intercept(ActionInvocation actionInvocation) throws Exception {
        ActionContext invocationContext = actionInvocation.getInvocationContext();
        HttpServletResponse httpServletResponse = (HttpServletResponse) invocationContext.get(StrutsStatics.HTTP_RESPONSE);
        Map<String, Object> session = invocationContext.getSession();
        Cookie cookie = new Cookie(CSRFtoken, (String) null);
        if (session.containsKey(Constants.SESSION_USER)) {
            cookie.setMaxAge(0);
        } else {
            StringBuilder sb = new StringBuilder(32);
            for (int i = 0; i < 32; i++) {
                sb.append(AB.charAt(rnd.nextInt(AB.length())));
            }
            String sb2 = sb.toString();
            cookie.setValue(sb2);
            AppConfig appConfig = this.cfg;
            cookie.setMaxAge(900);
            cookie.setHttpOnly(true);
            try {
                URI create = URI.create(this.cfg.getBaseUrl());
                cookie.setPath(create.getPath());
                cookie.setDomain(create.getHost());
                cookie.setSecure(create.getScheme().equalsIgnoreCase(DefaultUrlHelper.HTTPS_PROTOCOL));
            } catch (Exception e) {
            }
            invocationContext.put("newCsrfToken", sb2);
        }
        httpServletResponse.addCookie(cookie);
        return actionInvocation.invoke();
    }
}
