package com.taobao.util;

import com.alibaba.common.lang.StringUtil;
import com.alibaba.service.pull.PullToolSupport;
import com.alibaba.service.rundata.RunData;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import javax.servlet.http.HttpSession;
import org.apache.ecs.html.Input;

/* loaded from: classes.dex */
public class CsrfToken extends PullToolSupport {
    public static final String DEFAULT_TOKEN_KEY = "_tb_token_";
    private static String tokenKey;
    private static String TOKENPRIVATEKEY = "7ee73f5e75abd3b0161eee338b356498";
    private static final int TOKENKEY_LENGTH = "7ee73f5e75abd3b0161eee338b356498".length();
    private static Random random = new Random();
    private static final List<String> customKeys = new ArrayList();

    public static boolean check(RunData runData) {
        return check(runData, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static boolean check(RunData runData, String str) {
        boolean z;
        String str2;
        boolean z2;
        String replace;
        String trimToNull = StringUtil.trimToNull(runData.getParameters().getString(str));
        String str3 = null;
        str3 = null;
        HttpSession session = runData.getSession();
        synchronized (customKeys) {
            if (customKeys.contains(str)) {
                z = true;
                str2 = trimToNull;
                str3 = StringUtil.trimToNull((String) session.getAttribute(str));
            } else if (StringUtil.isBlank(trimToNull)) {
                str = tokenKey;
                z = false;
                str2 = StringUtil.trimToNull(runData.getParameters().getString(str));
            } else {
                z = false;
                str2 = trimToNull;
            }
        }
        boolean isBlank = StringUtil.isBlank(str3);
        String str4 = str3;
        if (isBlank) {
            str4 = StringUtil.trimToNull((String) session.getAttribute(tokenKey));
        }
        String[] split = StringUtil.split(str4, Constants.DELIMITER_COMMA);
        if (StringUtil.isNotBlank(str4) && StringUtil.isNotBlank(str2) && split != 0) {
            for (Object[] objArr : split) {
                if (str2.equals(objArr)) {
                    z2 = true;
                    break;
                }
            }
        }
        z2 = false;
        if (z2) {
            if (split[0].equals(str2)) {
                return true;
            }
            if (str4.contains(String.valueOf(str2) + Constants.DELIMITER_COMMA)) {
                replace = str4.replace(String.valueOf(str2) + Constants.DELIMITER_COMMA, "");
            } else {
                replace = str4.replace(str2, "");
                if (replace.trim().endsWith(Constants.DELIMITER_COMMA)) {
                    replace = replace.substring(0, replace.length() - 1);
                }
            }
            if (z) {
                session.removeAttribute(str);
                session.setAttribute(str, replace);
            } else {
                session.removeAttribute(tokenKey);
                session.setAttribute(tokenKey, replace);
            }
        }
        return z2;
    }

    public static void deleteToken(RunData runData) {
        runData.getSession().removeAttribute(tokenKey);
    }

    private static String genToken() {
        long nanoTime = System.nanoTime();
        StringBuffer stringBuffer = new StringBuffer();
        random.setSeed(nanoTime);
        long abs = Math.abs(System.currentTimeMillis() + random.nextLong());
        if (abs == 0) {
            stringBuffer.append(String.valueOf(TOKENPRIVATEKEY.toCharArray()[0]));
        }
        while (abs != 0) {
            int i = (int) (abs % TOKENKEY_LENGTH);
            abs /= TOKENKEY_LENGTH;
            stringBuffer.append(String.valueOf(TOKENPRIVATEKEY.toCharArray()[i]));
        }
        return String.valueOf(stringBuffer.reverse().toString()) + Constants.DELIMITER_WELL + new Long(nanoTime).toString();
    }

    private String getUniqueToken(String str) {
        HttpSession session = ((RunData) getThreadContextService().getObject(RunData.class)).getSession();
        String trimToNull = StringUtil.trimToNull((String) session.getAttribute(str));
        if (trimToNull == null) {
            String genToken = genToken();
            session.setAttribute(str, Constants.DELIMITER_COMMA + genToken);
            return genToken;
        }
        String[] split = trimToNull.split(Constants.DELIMITER_COMMA);
        if (split.length >= 11) {
            String str2 = split[2];
            for (int i = 3; i < split.length; i++) {
                str2 = String.valueOf(str2) + Constants.DELIMITER_COMMA + split[i];
            }
            trimToNull = String.valueOf(split[0]) + Constants.DELIMITER_COMMA + str2;
        }
        String genToken2 = genToken();
        session.setAttribute(str, String.valueOf(trimToNull) + Constants.DELIMITER_COMMA + genToken2);
        return genToken2;
    }

    @Deprecated
    public static boolean validate(RunData runData) {
        boolean z;
        String[] split;
        String trimToNull = StringUtil.trimToNull(runData.getParameters().getString(tokenKey));
        if (StringUtil.isBlank(trimToNull)) {
            return false;
        }
        String trimToNull2 = StringUtil.trimToNull((String) runData.getSession().getAttribute(tokenKey));
        if (StringUtil.isNotBlank(trimToNull2) && (split = StringUtil.split(trimToNull2, Constants.DELIMITER_COMMA)) != null) {
            for (String str : split) {
                if (trimToNull.equals(str)) {
                    z = true;
                    break;
                }
            }
        }
        z = false;
        return z;
    }

    public Input getAjaxHiddenField() {
        return getAjaxHiddenField(null);
    }

    public Input getAjaxHiddenField(String str) {
        Input input;
        String defaultIfEmpty = StringUtil.defaultIfEmpty(str, tokenKey);
        if (tokenKey.equals(defaultIfEmpty)) {
            return new Input("hidden", defaultIfEmpty, getAjaxUniqueToken());
        }
        synchronized (customKeys) {
            if (!customKeys.contains(defaultIfEmpty)) {
                customKeys.add(defaultIfEmpty);
            }
            input = new Input("hidden", defaultIfEmpty, getAjaxUniqueToken(defaultIfEmpty));
        }
        return input;
    }

    public String getAjaxUniqueToken() {
        HttpSession session = ((RunData) getThreadContextService().getObject(RunData.class)).getSession();
        String trimToNull = StringUtil.trimToNull((String) session.getAttribute(tokenKey));
        if (trimToNull == null) {
            String genToken = genToken();
            session.setAttribute(tokenKey, genToken);
            return genToken;
        }
        String str = trimToNull.split(Constants.DELIMITER_COMMA)[0];
        if (StringUtil.isNotBlank(str)) {
            return str;
        }
        String genToken2 = genToken();
        session.setAttribute(tokenKey, String.valueOf(genToken2) + str);
        return genToken2;
    }

    public String getAjaxUniqueToken(String str) {
        HttpSession session = ((RunData) getThreadContextService().getObject(RunData.class)).getSession();
        String trimToNull = StringUtil.trimToNull((String) session.getAttribute(str));
        if (trimToNull == null) {
            String genToken = genToken();
            session.setAttribute(str, genToken);
            return genToken;
        }
        String str2 = trimToNull.split(Constants.DELIMITER_COMMA)[0];
        if (StringUtil.isNotBlank(str2)) {
            return str2;
        }
        String genToken2 = genToken();
        session.setAttribute(str, String.valueOf(genToken2) + str2);
        return genToken2;
    }

    public String getCurrentKey() {
        return tokenKey;
    }

    public Input getHiddenField() {
        return getHiddenField(null);
    }

    public Input getHiddenField(String str) {
        Input input;
        String defaultIfEmpty = StringUtil.defaultIfEmpty(str, tokenKey);
        if (tokenKey.equals(defaultIfEmpty)) {
            return new Input("hidden", defaultIfEmpty, getUniqueToken());
        }
        synchronized (customKeys) {
            if (!customKeys.contains(defaultIfEmpty)) {
                customKeys.add(defaultIfEmpty);
            }
            input = new Input("hidden", defaultIfEmpty, getUniqueToken(defaultIfEmpty));
        }
        return input;
    }

    public String getUniqueToken() {
        HttpSession session = ((RunData) getThreadContextService().getObject(RunData.class)).getSession();
        String trimToNull = StringUtil.trimToNull((String) session.getAttribute(tokenKey));
        if (trimToNull == null) {
            String genToken = genToken();
            session.setAttribute(tokenKey, Constants.DELIMITER_COMMA + genToken);
            return genToken;
        }
        String[] split = trimToNull.split(Constants.DELIMITER_COMMA);
        if (split.length >= 11) {
            String str = split[2];
            for (int i = 3; i < split.length; i++) {
                str = String.valueOf(str) + Constants.DELIMITER_COMMA + split[i];
            }
            trimToNull = String.valueOf(split[0]) + Constants.DELIMITER_COMMA + str;
        }
        String genToken2 = genToken();
        session.setAttribute(tokenKey, String.valueOf(trimToNull) + Constants.DELIMITER_COMMA + genToken2);
        return genToken2;
    }

    protected Object init() {
        tokenKey = getPullToolConfig().getConfiguration().getString("key", DEFAULT_TOKEN_KEY);
        return this;
    }
}
