package org.cloudfoundry.identity.uaa.security.web;

import java.util.Optional;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.DefaultCsrfToken;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.19.2.jar:org/cloudfoundry/identity/uaa/security/web/CookieBasedCsrfTokenRepository.class */
public class CookieBasedCsrfTokenRepository implements CsrfTokenRepository {
    public static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN";
    public static final String DEFAULT_CSRF_COOKIE_NAME = "X-Uaa-Csrf";
    public static final int DEFAULT_COOKIE_MAX_AGE = 86400;
    private RandomValueStringGenerator generator = new RandomValueStringGenerator(22);
    private String parameterName = DEFAULT_CSRF_COOKIE_NAME;
    private String headerName = DEFAULT_CSRF_HEADER_NAME;
    private int cookieMaxAge = 86400;
    private boolean secure;

    public int getCookieMaxAge() {
        return this.cookieMaxAge;
    }

    public void setCookieMaxAge(int i) {
        this.cookieMaxAge = i;
    }

    public String getHeaderName() {
        return this.headerName;
    }

    public void setHeaderName(String str) {
        this.headerName = str;
    }

    public String getParameterName() {
        return this.parameterName;
    }

    public void setParameterName(String str) {
        this.parameterName = str;
    }

    public void setGenerator(RandomValueStringGenerator randomValueStringGenerator) {
        this.generator = randomValueStringGenerator;
    }

    public RandomValueStringGenerator getGenerator() {
        return this.generator;
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public CsrfToken generateToken(HttpServletRequest httpServletRequest) {
        return new DefaultCsrfToken(getHeaderName(), getParameterName(), this.generator.generate());
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        if (csrfToken == null) {
            csrfToken = generateToken(httpServletRequest);
            z = true;
        }
        Cookie cookie = new Cookie(csrfToken.getParameterName(), csrfToken.getToken());
        cookie.setHttpOnly(true);
        cookie.setSecure(this.secure || httpServletRequest.getProtocol().equals(PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT));
        cookie.setPath(((String) Optional.ofNullable(httpServletRequest.getContextPath()).orElse("")) + "/");
        if (z) {
            cookie.setMaxAge(0);
        } else {
            cookie.setMaxAge(getCookieMaxAge());
        }
        httpServletResponse.addCookie(cookie);
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public CsrfToken loadToken(HttpServletRequest httpServletRequest) {
        if (!CsrfFilter.DEFAULT_CSRF_MATCHER.matches(httpServletRequest) || httpServletRequest.getCookies() == null) {
            return null;
        }
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (getParameterName().equals(cookie.getName())) {
                return new DefaultCsrfToken(getHeaderName(), getParameterName(), cookie.getValue());
            }
        }
        return null;
    }

    public boolean isSecure() {
        return this.secure;
    }

    public void setSecure(boolean z) {
        this.secure = z;
    }
}
