package org.jahia.services.render.webflow;

import javax.servlet.ServletRequest;
import org.apache.commons.id.uuid.UUID;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.FlowExecutionListenerAdapter;
import org.springframework.webflow.execution.FlowSession;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/jahia/services/render/webflow/WebflowTokenListener.class */
public class WebflowTokenListener extends FlowExecutionListenerAdapter {
    public static final String WEBFLOW_TOKEN = "webflowToken";
    public static final String CHECK_WEBFLOW_TOKEN = "checkWebflowToken";

    public void sessionStarting(RequestContext requestContext, FlowSession flowSession, MutableAttributeMap<?> mutableAttributeMap) {
        String uuid = UUID.randomUUID().toString();
        requestContext.getFlowScope().put(WEBFLOW_TOKEN, uuid);
        storeToken(requestContext, uuid);
        super.sessionStarting(requestContext, flowSession, mutableAttributeMap);
    }

    public void resuming(RequestContext requestContext) {
        requestContext.getFlowScope().put(CHECK_WEBFLOW_TOKEN, true);
        storeToken(requestContext, (String) requestContext.getFlowScope().get(WEBFLOW_TOKEN));
        super.resuming(requestContext);
    }

    private void storeToken(RequestContext requestContext, String str) {
        ((ServletRequest) requestContext.getExternalContext().getNativeRequest()).setAttribute(WEBFLOW_TOKEN, str);
    }

    public void eventSignaled(RequestContext requestContext, Event event) {
        if (requestContext.getFlowScope().get(CHECK_WEBFLOW_TOKEN) != null) {
            String str = (String) requestContext.getFlowScope().get(WEBFLOW_TOKEN);
            String str2 = requestContext.getRequestParameters().get(WEBFLOW_TOKEN);
            if (str != null && !str.equals(str2)) {
                throw new IllegalStateException("Invalid token");
            }
        }
        super.eventSignaled(requestContext, event);
    }
}
