package org.directwebremoting.dwrp;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.directwebremoting.extend.Handler;

/* loaded from: input_file:org/directwebremoting/dwrp/BaseDwrpHandler.class */
public abstract class BaseDwrpHandler implements Handler {
    private boolean crossDomainSessionSecurity = true;
    private boolean allowGetForSafariButMakeForgeryEasier = false;
    private static final Log log;
    private static final /* synthetic */ Class class$org$directwebremoting$dwrp$BaseDwrpHandler;

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkGetAllowed(Batch batch) {
        if (this.allowGetForSafariButMakeForgeryEasier || !batch.isGet()) {
            return;
        }
        log.error("GET is disallowed because it makes request forgery easier. See http://getahead.org/dwr/security/allowGetForSafariButMakeForgeryEasier for more details.");
        throw new SecurityException("GET Disallowed");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkNotCsrfAttack(HttpServletRequest httpServletRequest, Batch batch) {
        if (this.crossDomainSessionSecurity && httpServletRequest.getCookies() != null) {
            int i = 0;
            int i2 = 0;
            for (Cookie cookie : httpServletRequest.getCookies()) {
                if (cookie.getName().equals("DWRSESSIONID")) {
                    i++;
                    if (cookie.getValue().equals(batch.getDwrSessionId())) {
                        i2++;
                    }
                }
            }
            if (i > 0 && i2 == 0) {
                log.error("A request has been denied as a potential CSRF attack. This security check is performed as DWR's crossDomainSessionSecurity setting is active. Read more in the DWR documentation.");
                throw new SecurityException("CSRF Security Error (see server log for details).");
            }
            if (i <= 1 || i2 == i) {
                return;
            }
            log.warn("Multiple DWRSESSIONID cookies with different values in request.");
        }
    }

    public void setCrossDomainSessionSecurity(boolean z) {
        this.crossDomainSessionSecurity = z;
    }

    public void setAllowGetForSafariButMakeForgeryEasier(boolean z) {
        this.allowGetForSafariButMakeForgeryEasier = z;
    }

    static {
        Class<?> cls = class$org$directwebremoting$dwrp$BaseDwrpHandler;
        if (cls == null) {
            cls = new BaseDwrpHandler[0].getClass().getComponentType();
            class$org$directwebremoting$dwrp$BaseDwrpHandler = cls;
        }
        log = LogFactory.getLog(cls);
    }
}
