package org.jahia.bin;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.jahia.settings.SettingsBean;

/* loaded from: input_file:org/jahia/bin/TokenChecker.class */
public class TokenChecker {
    public static final int NO_TOKEN = 0;
    public static final int VALID_TOKEN = 1;
    public static final int INVALID_TOKEN = 2;
    public static final int INVALID_HIDDEN_FIELDS = 3;
    public static final int INVALID_CAPTCHA = 4;

    public static int checkToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, List<String>> map) throws UnsupportedEncodingException {
        Map map2;
        String str = map.get("form-token") != null ? map.get("form-token").get(0) : null;
        if (str == null) {
            return 0;
        }
        Map map3 = (Map) httpServletRequest.getSession().getAttribute("form-tokens");
        if (map3 == null || !map3.containsKey(str) || (map2 = (Map) map3.get(str)) == null) {
            return 2;
        }
        HashMap hashMap = new HashMap(map2);
        if (!((List) hashMap.remove(Render.ALLOWS_MULTIPLE_SUBMITS)).contains("true")) {
            map3.remove(str);
        }
        hashMap.remove(Render.DISABLE_XSS_FILTERING);
        List list = (List) hashMap.remove("form-action");
        String str2 = list.isEmpty() ? null : (String) list.get(0);
        String characterEncoding = SettingsBean.getInstance().getCharacterEncoding();
        String requestURI = httpServletRequest.getRequestURI();
        if (httpServletRequest.getQueryString() != null) {
            requestURI = requestURI + "?" + httpServletRequest.getQueryString();
        }
        if (str2 == null) {
            return 3;
        }
        if ((!URLDecoder.decode(requestURI, characterEncoding).equals(URLDecoder.decode(str2, characterEncoding)) && !URLDecoder.decode(httpServletResponse.encodeURL(requestURI), characterEncoding).equals(URLDecoder.decode(str2, characterEncoding))) || !httpServletRequest.getMethod().equalsIgnoreCase((String) ((List) hashMap.remove("form-method")).get(0))) {
            return 3;
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            List list2 = (List) entry.getValue();
            List<String> list3 = map.get(entry.getKey());
            if (list3 == null || !CollectionUtils.isEqualCollection(list2, list3)) {
                return ((String) entry.getKey()).equals(Render.CAPTCHA) ? 4 : 3;
            }
        }
        return 1;
    }
}
