package org.eclipse.krazo.security;

import java.util.Optional;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.eclipse.krazo.util.HttpUtil;

/* loaded from: input_file:org/eclipse/krazo/security/SessionCsrfTokenStrategy.class */
public class SessionCsrfTokenStrategy implements CsrfTokenStrategy {
    private static final String SESSION_KEY = SessionCsrfTokenStrategy.class.getName() + ".TOKEN";
    private final String headerName;
    private final String paramName;

    /* loaded from: input_file:org/eclipse/krazo/security/SessionCsrfTokenStrategy$Builder.class */
    public static final class Builder {
        private String headerName = "X-CSRF-TOKEN";
        private String paramName = "_csrf";

        public Builder headerName(String str) {
            this.headerName = str;
            return this;
        }

        public Builder paramName(String str) {
            this.paramName = str;
            return this;
        }

        public SessionCsrfTokenStrategy build() {
            return new SessionCsrfTokenStrategy(this);
        }
    }

    private SessionCsrfTokenStrategy(Builder builder) {
        this.headerName = builder.headerName;
        this.paramName = builder.paramName;
    }

    @Override // org.eclipse.krazo.security.CsrfTokenStrategy
    public Optional<CsrfToken> getToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        HttpServletRequest unwrapOriginalRequest = HttpUtil.unwrapOriginalRequest(httpServletRequest);
        HttpSession session = unwrapOriginalRequest.getSession(false);
        if (session != null) {
            Object attribute = session.getAttribute(SESSION_KEY);
            if (attribute instanceof CsrfToken) {
                return Optional.of((CsrfToken) attribute);
            }
        }
        if (!z) {
            return Optional.empty();
        }
        CsrfToken csrfToken = new CsrfToken(this.headerName, this.paramName, UUID.randomUUID().toString());
        unwrapOriginalRequest.getSession(true).setAttribute(SESSION_KEY, csrfToken);
        return Optional.of(csrfToken);
    }
}
