package login.test_dropbox;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringEscapeUtils;

/* loaded from: input_file:login/test_dropbox/FormProtection.class */
public class FormProtection {
    private static final String antiCsrfTokenName = "anti-csrf-token";
    private boolean insertedAntiRedressHtml = false;

    private FormProtection(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(HttpHeaders.X_FRAME_OPTIONS, "DENY");
    }

    public static FormProtection start(HttpServletResponse httpServletResponse) {
        return new FormProtection(httpServletResponse);
    }

    public void insertAntiRedressHtml(PrintWriter printWriter) {
        if (this.insertedAntiRedressHtml) {
            throw new IllegalStateException("Already called insertAntiRedressHtml().");
        }
        this.insertedAntiRedressHtml = true;
    }

    public void insertAntiCsrfFormField(PrintWriter printWriter) {
        if (!this.insertedAntiRedressHtml) {
            throw new IllegalStateException("Must call insertAntiRedressHtml() before calling this.");
        }
        printWriter.println("<input type='hidden' name='anti-csrf-token' value='" + StringEscapeUtils.escapeHtml4("dummy") + "' />");
    }

    public static String checkAntiCsrfToken(HttpServletRequest httpServletRequest) throws IOException, ServletException {
        if ((httpServletRequest.getContentType() == null || httpServletRequest.getContentType().toLowerCase().indexOf("multipart/form-data") <= -1 || httpServletRequest.getPart(antiCsrfTokenName) != null) && httpServletRequest.getParameter(antiCsrfTokenName) != null) {
            return null;
        }
        return "missing \"anti-csrf-token\" POST parameter";
    }
}
