package org.dspace.app.rest.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/dspace/app/rest/security/DSpaceCsrfAuthenticationStrategy.class */
public class DSpaceCsrfAuthenticationStrategy implements SessionAuthenticationStrategy {
    private final CsrfTokenRepository csrfTokenRepository;

    public DSpaceCsrfAuthenticationStrategy(CsrfTokenRepository csrfTokenRepository) {
        Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
        this.csrfTokenRepository = csrfTokenRepository;
    }

    public void onAuthentication(Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SessionAuthenticationException {
        CsrfToken loadToken = this.csrfTokenRepository.loadToken(httpServletRequest);
        if ((loadToken != null) && StringUtils.hasLength(httpServletRequest.getParameter(loadToken.getParameterName()))) {
            this.csrfTokenRepository.saveToken((CsrfToken) null, httpServletRequest, httpServletResponse);
            CsrfToken generateToken = this.csrfTokenRepository.generateToken(httpServletRequest);
            this.csrfTokenRepository.saveToken(generateToken, httpServletRequest, httpServletResponse);
            httpServletRequest.setAttribute(CsrfToken.class.getName(), generateToken);
            httpServletRequest.setAttribute(generateToken.getParameterName(), generateToken);
        }
    }
}
