package com.atlassian.plugin.web.springmvc.interceptor;

import com.atlassian.plugin.web.springmvc.xsrf.XsrfTokenGenerator;
import com.atlassian.sal.api.ApplicationProperties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/atlassian/plugin/web/springmvc/interceptor/XsrfTokenInterceptor.class */
public class XsrfTokenInterceptor extends HandlerInterceptorAdapter {
    private ApplicationProperties applicationProperties;
    private XsrfTokenGenerator xsrfTokenGenerator;
    private String redirectPath = "";

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String parameter = httpServletRequest.getParameter(XsrfTokenGenerator.REQUEST_PARAM_NAME);
        if (!"POST".equals(httpServletRequest.getMethod()) || this.xsrfTokenGenerator.validateToken(httpServletRequest, parameter)) {
            return true;
        }
        httpServletResponse.sendRedirect(this.applicationProperties.getBaseUrl() + httpServletRequest.getServletPath() + this.redirectPath);
        return false;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        if (modelAndView != null) {
            modelAndView.getModel().put("xsrfTokenName", this.xsrfTokenGenerator.getXsrfTokenName());
            modelAndView.getModel().put("xsrfTokenValue", this.xsrfTokenGenerator.generateToken(httpServletRequest));
        }
    }

    public void setApplicationProperties(ApplicationProperties applicationProperties) {
        this.applicationProperties = applicationProperties;
    }

    public void setRedirectPath(String str) {
        this.redirectPath = str;
    }

    public void setXsrfTokenGenerator(XsrfTokenGenerator xsrfTokenGenerator) {
        this.xsrfTokenGenerator = xsrfTokenGenerator;
    }
}
