package com.atlassian.stash.internal.web.util.xsrf;

import com.atlassian.bitbucket.nav.NavBuilder;
import com.atlassian.stash.internal.web.auth.IgnoresXsrf;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:WEB-INF/classes/com/atlassian/stash/internal/web/util/xsrf/XsrfTokenInterceptor.class */
public class XsrfTokenInterceptor extends HandlerInterceptorAdapter {
    public static final String XSRF_TOKEN_NAME = "xsrfTokenName";
    public static final String XSRF_TOKEN_VALUE = "xsrfTokenValue";
    public static final String XSRF_FORWARD = "xsrf-forward";
    public static final String XSRF_ORIGINAL_URL = "xsrf-original-url";
    private final NavBuilder navBuilder;
    private final XsrfTokenGenerator xsrfTokenGenerator;

    @Autowired
    public XsrfTokenInterceptor(XsrfTokenGenerator xsrfTokenGenerator, NavBuilder navBuilder) {
        this.xsrfTokenGenerator = xsrfTokenGenerator;
        this.navBuilder = navBuilder;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        Method method;
        if (!"POST".equals(httpServletRequest.getMethod()) || isForwarded(httpServletRequest) || this.xsrfTokenGenerator.hasValidToken(httpServletRequest)) {
            return true;
        }
        if ((obj instanceof HandlerMethod) && (method = ((HandlerMethod) obj).getMethod()) != null && method.getAnnotation(IgnoresXsrf.class) != null) {
            return true;
        }
        httpServletRequest.setAttribute(XSRF_ORIGINAL_URL, httpServletRequest.getRequestURI());
        httpServletRequest.setAttribute(XSRF_FORWARD, true);
        httpServletRequest.getRequestDispatcher(xsrfUrl()).forward(httpServletRequest, httpServletResponse);
        return false;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        httpServletRequest.setAttribute(XSRF_TOKEN_NAME, this.xsrfTokenGenerator.getXsrfTokenName());
        httpServletRequest.setAttribute(XSRF_TOKEN_VALUE, this.xsrfTokenGenerator.generateToken(httpServletRequest));
    }

    protected String xsrfUrl() {
        return this.navBuilder.xsrfNotification().buildRelNoContext();
    }

    public static boolean isForwarded(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute(XSRF_FORWARD) != null;
    }
}
