package blackboard.platform.security;

import blackboard.persist.PersistenceException;
import blackboard.persist.PersistenceRuntimeException;
import blackboard.platform.filesystem.MultipartRequest;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.proxytool.impl.OAuthSecurityProfileArgs;
import blackboard.platform.servlet.DevNonceFilter;
import blackboard.platform.session.BbSession;
import blackboard.platform.session.BbSessionManagerServiceFactory;
import blackboard.util.StringUtil;
import blackboard.util.UuidFactory;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:blackboard/platform/security/NonceUtil.class */
public class NonceUtil {
    public static final String NONCE_KEY = NonceUtil.class.getCanonicalName() + ".nonce";
    public static final String AJAX_NONCE_KEY = NONCE_KEY + ".ajax";

    public static String create(HttpServletRequest httpServletRequest, String str) {
        return create(BbSessionManagerServiceFactory.getInstance().getSession(httpServletRequest), str, httpServletRequest.getContextPath());
    }

    public static String create(BbSession bbSession, String str, String str2) {
        String createFormattedUuid = UuidFactory.createFormattedUuid();
        save(bbSession, getNonceKey(str2, createFormattedUuid, str));
        return createFormattedUuid;
    }

    public static String getAjaxNonce(HttpServletRequest httpServletRequest) {
        try {
            BbSession session = BbSessionManagerServiceFactory.getInstance().getSession(httpServletRequest);
            String globalKey = session.getGlobalKey(AJAX_NONCE_KEY);
            if (StringUtil.isEmpty(globalKey)) {
                globalKey = UuidFactory.createFormattedUuid();
                session.setGlobalKey(AJAX_NONCE_KEY, globalKey);
            }
            return globalKey;
        } catch (PersistenceException e) {
            throw new PersistenceRuntimeException();
        }
    }

    public static boolean validateAjaxNonce(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(AJAX_NONCE_KEY);
        if (StringUtil.isEmpty(parameter)) {
            parameter = httpServletRequest.getHeader(AJAX_NONCE_KEY);
        }
        boolean equals = getAjaxNonce(httpServletRequest).equals(parameter);
        DevNonceFilter.recordNonceCheck(httpServletRequest);
        return equals;
    }

    public static boolean validate(HttpServletRequest httpServletRequest, String str) {
        return validate(httpServletRequest, str, true);
    }

    public static boolean validate(HttpServletRequest httpServletRequest, String str, boolean z) {
        return validate(httpServletRequest, str, httpServletRequest.getContextPath(), z);
    }

    public static boolean validate(HttpServletRequest httpServletRequest, String str, String str2, boolean z) {
        return validate(httpServletRequest, str, str2, z, httpServletRequest.getParameter(NONCE_KEY));
    }

    public static boolean validate(MultipartRequest multipartRequest, HttpServletRequest httpServletRequest, String str) {
        return validate(httpServletRequest, str, httpServletRequest.getContextPath(), true, multipartRequest.getParameter(NONCE_KEY));
    }

    private static boolean validate(HttpServletRequest httpServletRequest, String str, String str2, boolean z, String str3) {
        boolean z2 = false;
        if (z && !OAuthSecurityProfileArgs.METHOD_POST.equalsIgnoreCase(httpServletRequest.getMethod())) {
            z2 = false;
        } else if (StringUtil.notEmpty(str3)) {
            BbSession session = BbSessionManagerServiceFactory.getInstance().getSession(httpServletRequest);
            String nonceKey = getNonceKey(str2, str3, str);
            if (get(session, nonceKey) != null) {
                remove(session, nonceKey);
                z2 = true;
            }
        }
        DevNonceFilter.recordNonceCheck(httpServletRequest);
        return z2;
    }

    public static String getNonceHtmlString(BbSession bbSession, String str, String str2) {
        return "<input type='hidden' name='" + NONCE_KEY + "' value='" + create(bbSession, str, str2) + "'>";
    }

    public static String getNonceHtmlString(HttpServletRequest httpServletRequest, String str) {
        return getNonceHtmlString(BbSessionManagerServiceFactory.getInstance().getSession(httpServletRequest), str, httpServletRequest.getContextPath());
    }

    private static void save(BbSession bbSession, String str) {
        try {
            bbSession.setGlobalKey(str, String.valueOf(System.currentTimeMillis()));
        } catch (PersistenceException e) {
            throw new PersistenceRuntimeException(e);
        }
    }

    private static String get(BbSession bbSession, String str) {
        try {
            return bbSession.getGlobalKey(str);
        } catch (PersistenceException e) {
            throw new PersistenceRuntimeException(e);
        }
    }

    private static void remove(BbSession bbSession, String str) {
        try {
            bbSession.removeGlobalKey(str);
        } catch (PersistenceException e) {
            LogServiceFactory.getInstance().logError(e.getMessage(), e);
        }
    }

    private static String getNonceKey(String str, String str2, String str3) {
        return str + '/' + str3 + '/' + str2;
    }
}
