package hirondelle.web4j.security;

import hirondelle.web4j.model.Id;
import hirondelle.web4j.util.EscapeChars;
import hirondelle.web4j.util.Util;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:hirondelle/web4j/security/CsrfModifiedResponse.class */
final class CsrfModifiedResponse {
    private HttpServletRequest fRequest;
    private HttpServletResponse fResponse;
    private static final String TEXT_HTML = "text/html";
    private static final String REGEX = "(<form[^>]*method=(?:'|\")POST(?:'|\")[^>]*>.*?)(</form>)";
    private static final Pattern FORM_PATTERN = Pattern.compile(REGEX, 34);
    private static final Logger fLogger = Util.getLogger(CsrfFilter.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public CsrfModifiedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.fResponse = httpServletResponse;
        this.fRequest = httpServletRequest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String addNonceTo(String str) {
        String str2 = str;
        if (isServingHtml() && Util.textHasContent(str)) {
            fLogger.fine("Adding nonce to forms having method=POST, if any.");
            str2 = addHiddenParamToPostedForms(str);
        }
        return str2;
    }

    private boolean isServingHtml() {
        String contentType = this.fResponse.getContentType();
        return (!Util.textHasContent(contentType)) || (Util.textHasContent(contentType) && contentType.startsWith(TEXT_HTML));
    }

    private String addHiddenParamToPostedForms(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        Matcher matcher = FORM_PATTERN.matcher(str);
        while (matcher.find()) {
            fLogger.fine("Found a POSTed form. Adding nonce.");
            matcher.appendReplacement(stringBuffer, getReplacement(matcher));
        }
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }

    private String getReplacement(Matcher matcher) {
        return EscapeChars.forReplacementString(matcher.group(1) + getHiddenInputTag() + matcher.group(2));
    }

    private String getHiddenInputTag() {
        return "<input type='hidden' name='" + getHiddenParamName() + "' value='" + getHiddenParamValue().toString() + "'>";
    }

    private Id getHiddenParamValue() {
        HttpSession session = this.fRequest.getSession(false);
        if (session == null) {
            fLogger.severe("No session exists! CsrfFilter can only work when a session is present, and the user has logged in. Ensure CsrfFilter is mapped (using url-pattern) only to URLs having mandatory login and/or a valid session.");
            throw new RuntimeException("No session exists! CsrfFilter can only work when a session is present, and the user has logged in. Ensure CsrfFilter is mapped (using url-pattern) only to URLs having mandatory login and/or a valid session.");
        }
        Id id = (Id) session.getAttribute(CsrfFilter.FORM_SOURCE_ID_KEY);
        if (id != null) {
            return id;
        }
        fLogger.severe("Session exists, but no CSRF token value is stored in the session");
        throw new RuntimeException("Session exists, but no CSRF token value is stored in the session");
    }

    private String getHiddenParamName() {
        return CsrfFilter.FORM_SOURCE_ID_KEY;
    }
}
