package net.tokensmith.otter.security.csrf;

import java.io.UnsupportedEncodingException;
import java.util.Base64;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import net.tokensmith.otter.security.RandomString;
import net.tokensmith.otter.security.csrf.exception.CsrfException;

/* loaded from: input_file:net/tokensmith/otter/security/csrf/SynchronizerToken.class */
public class SynchronizerToken implements Csrf {
    private static String POST = "POST";
    private static String PUT = "PUT";
    private static String DELETE = "DELETE";
    protected static String CHALLENGE_TOKEN_SESSION_NAME = "csrfToken";
    protected static String CHALLENGE_TOKEN_FORM_NAME = "csrfToken";
    private RandomString randomString;

    public SynchronizerToken(RandomString randomString) {
        this.randomString = randomString;
    }

    @Override // net.tokensmith.otter.security.csrf.Csrf
    public void checkTokens(HttpServletRequest httpServletRequest) throws CsrfException {
        Optional<String> challengeTokenFromSession = getChallengeTokenFromSession(httpServletRequest);
        if (requestMethodRequiresChallengeToken(httpServletRequest.getMethod())) {
            if (!doTokensMatch(challengeTokenFromSession, getChallengeTokenFromForm(httpServletRequest))) {
                throw new CsrfException("challenge tokens do not match");
            }
        } else {
            if (challengeTokenFromSession.isPresent()) {
                return;
            }
            insertChallengeTokenIntoSession(httpServletRequest);
        }
    }

    protected boolean doTokensMatch(Optional<String> optional, Optional<String> optional2) {
        return optional.isPresent() && optional2.isPresent() && optional.get().equals(optional2.get());
    }

    protected boolean requestMethodRequiresChallengeToken(String str) {
        return POST.equalsIgnoreCase(str) || PUT.equalsIgnoreCase(str) || DELETE.equalsIgnoreCase(str);
    }

    protected Optional<String> getChallengeTokenFromSession(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable((String) httpServletRequest.getSession().getAttribute(CHALLENGE_TOKEN_SESSION_NAME));
    }

    protected void insertChallengeTokenIntoSession(HttpServletRequest httpServletRequest) throws CsrfException {
        try {
            httpServletRequest.getSession().setAttribute(CHALLENGE_TOKEN_SESSION_NAME, Base64.getEncoder().encodeToString(this.randomString.run().getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new CsrfException("could not encode challenge token");
        }
    }

    protected Optional<String> getChallengeTokenFromForm(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getParameter(CHALLENGE_TOKEN_FORM_NAME));
    }
}
