package org.apache.axis2.webapp;

import java.util.Map;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/classes/org/apache/axis2/webapp/CSRFPreventionResponseWrapper.class */
final class CSRFPreventionResponseWrapper extends HttpServletResponseWrapper {
    private static final Log log = LogFactory.getLog((Class<?>) CSRFPreventionResponseWrapper.class);
    private final HttpServletRequest request;
    private final Map<String, ActionHandler> actionHandlers;
    private final Random random;
    private String token;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CSRFPreventionResponseWrapper(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, ActionHandler> map, Random random) {
        super(httpServletResponse);
        this.request = httpServletRequest;
        this.actionHandlers = map;
        this.random = random;
    }

    protected String getToken() {
        CSRFTokenCache cSRFTokenCache;
        if (this.token == null) {
            HttpSession session = this.request.getSession(false);
            if (session == null) {
                throw new IllegalStateException();
            }
            synchronized (session) {
                cSRFTokenCache = (CSRFTokenCache) session.getAttribute(CSRFTokenCache.class.getName());
                if (cSRFTokenCache == null) {
                    cSRFTokenCache = new CSRFTokenCache();
                    session.setAttribute(CSRFTokenCache.class.getName(), cSRFTokenCache);
                }
            }
            byte[] bArr = new byte[16];
            StringBuilder sb = new StringBuilder();
            this.random.nextBytes(bArr);
            for (int i = 0; i < bArr.length; i++) {
                byte b = (byte) ((bArr[i] & 240) >> 4);
                byte b2 = (byte) (bArr[i] & 15);
                if (b < 10) {
                    sb.append((char) (48 + b));
                } else {
                    sb.append((char) (65 + (b - 10)));
                }
                if (b2 < 10) {
                    sb.append((char) (48 + b2));
                } else {
                    sb.append((char) (65 + (b2 - 10)));
                }
            }
            this.token = sb.toString();
            cSRFTokenCache.add(this.token);
        }
        return this.token;
    }

    public String encodeUrl(String str) {
        return encodeURL(str);
    }

    public String encodeURL(String str) {
        int indexOf = str.indexOf(63);
        String substring = indexOf == -1 ? str : str.substring(0, indexOf);
        String substring2 = substring.substring(substring.lastIndexOf(47) + 1);
        ActionHandler actionHandler = this.actionHandlers.get(substring2);
        if (actionHandler == null) {
            log.warn("Unknown action: " + substring2);
        } else if (actionHandler.isCSRFTokenRequired()) {
            str = str + (indexOf == -1 ? '?' : '&') + "token=" + getToken();
        }
        return super.encodeURL(str);
    }
}
