package org.egov.infra.web.spring.interceptor;

import java.util.UUID;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.egov.infra.web.spring.annotation.DuplicateRequestToken;
import org.egov.infra.web.spring.annotation.ValidateToken;
import org.springframework.stereotype.Component;
import org.springframework.validation.BindingResult;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Component
/* loaded from: input_file:lib/egov-egi-4.0.0.jar:org/egov/infra/web/spring/interceptor/DuplicateFormSubmissionInterceptor.class */
public class DuplicateFormSubmissionInterceptor extends HandlerInterceptorAdapter {
    private static final String TOKEN_NAME = "tokenName";
    private static final String ERROR_PAGE = "/error/409";
    private String errorPage = ERROR_PAGE;
    private static final long ORPHEN_TOKEN_REMOVAL_DELAY = 1800000;
    private static final ScheduledExecutorService executor = Executors.newSingleThreadScheduledExecutor();

    public void setErrorPage(String str) {
        this.errorPage = str;
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (obj != null && (obj instanceof HandlerMethod) && ((HandlerMethod) obj).getMethodAnnotation(ValidateToken.class) != null) {
            HttpSession session = httpServletRequest.getSession();
            synchronized (session) {
                if (!havingValidToken(httpServletRequest, session)) {
                    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.errorPage);
                    return false;
                }
                removeToken(httpServletRequest, session);
            }
        }
        return super.preHandle(httpServletRequest, httpServletResponse, obj);
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        BindingResult bindingResult;
        if (obj == null || !(obj instanceof HandlerMethod)) {
            return;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        HttpSession session = httpServletRequest.getSession();
        if (handlerMethod.getMethodAnnotation(DuplicateRequestToken.class) != null) {
            addToken(httpServletRequest, session);
        } else {
            if (handlerMethod.getMethodAnnotation(ValidateToken.class) == null || (bindingResult = getBindingResult(modelAndView)) == null || !bindingResult.hasErrors()) {
                return;
            }
            addToken(httpServletRequest, session);
        }
    }

    private static BindingResult getBindingResult(ModelAndView modelAndView) {
        return (BindingResult) modelAndView.getModelMap().get(modelAndView.getModelMap().keySet().parallelStream().filter(str -> {
            return str.startsWith(BindingResult.MODEL_KEY_PREFIX);
        }).findFirst().get());
    }

    private void addToken(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        String randomAlphanumeric = RandomStringUtils.randomAlphanumeric(10);
        String uuid = UUID.randomUUID().toString();
        scheduleForRemoval(httpSession, randomAlphanumeric);
        httpServletRequest.setAttribute(TOKEN_NAME, randomAlphanumeric);
        httpServletRequest.setAttribute(randomAlphanumeric, uuid);
        httpSession.setAttribute(randomAlphanumeric, uuid);
    }

    private boolean havingValidToken(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        String defaultString = StringUtils.defaultString(httpServletRequest.getParameter(TOKEN_NAME), "NOTOKEN");
        String parameter = httpServletRequest.getParameter(defaultString);
        return (parameter == null || httpSession.getAttribute(defaultString) == null || !httpSession.getAttribute(defaultString).equals(parameter)) ? false : true;
    }

    private void removeToken(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        httpSession.removeAttribute(httpServletRequest.getParameter(TOKEN_NAME));
    }

    private static void scheduleForRemoval(HttpSession httpSession, String str) {
        executor.schedule(() -> {
            try {
                httpSession.removeAttribute(str);
            } catch (Exception e) {
            }
        }, 1800000L, TimeUnit.MILLISECONDS);
    }
}
