package org.javalite.activeweb;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.javalite.common.Util;

/* loaded from: input_file:org/javalite/activeweb/CSRF.class */
public class CSRF {
    public static final String CSRF_TOKEN_NAME = "CSRF_TOKEN_NAME";
    public static final String CSRF_TOKEN_VALUE = "CSRF_TOKEN_VALUE";
    public static final String HTTP_HEADER_NAME = "X-CSRF-Token";
    private static AtomicBoolean enabled = new AtomicBoolean(false);
    private static AtomicReference<TokenProvider> tokenProvider = new AtomicReference<>(new SecureRandomTokenProvider());

    /* loaded from: input_file:org/javalite/activeweb/CSRF$SecureRandomTokenProvider.class */
    private static class SecureRandomTokenProvider implements TokenProvider {
        private String base;
        private ThreadLocal<SecureRandom> secureRandom;

        private SecureRandomTokenProvider() {
            this.base = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
            this.secureRandom = ThreadLocal.withInitial(() -> {
                try {
                    return SecureRandom.getInstance("SHA1PRNG");
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e.getMessage(), e);
                }
            });
        }

        @Override // org.javalite.activeweb.CSRF.TokenProvider
        public String nextName() {
            StringBuilder sb = new StringBuilder();
            SecureRandom secureRandom = this.secureRandom.get();
            while (sb.length() < 8) {
                sb.append(this.base.charAt((int) (secureRandom.nextFloat() * this.base.length())));
            }
            return sb.toString();
        }

        @Override // org.javalite.activeweb.CSRF.TokenProvider
        public String nextToken() {
            return Util.toBase64(this.secureRandom.get().generateSeed(32));
        }
    }

    /* loaded from: input_file:org/javalite/activeweb/CSRF$TokenProvider.class */
    interface TokenProvider {
        String nextName();

        String nextToken();
    }

    public static void setTokenProvider(TokenProvider tokenProvider2) {
        tokenProvider.set(tokenProvider2);
    }

    public static boolean verificationEnabled() {
        return enabled.get();
    }

    public static void enableVerification() {
        enabled.set(true);
    }

    public static void disableVerification() {
        enabled.set(false);
    }

    private static HttpSession getSession() {
        HttpServletRequest httpRequest = RequestContext.getHttpRequest();
        if (httpRequest == null) {
            throw new RuntimeException("Request not found!");
        }
        HttpSession session = httpRequest.getSession(false);
        if (session == null) {
            throw new RuntimeException("Session not initialized!");
        }
        return session;
    }

    public static String token() {
        HttpSession session = getSession();
        String str = (String) session.getAttribute(CSRF_TOKEN_VALUE);
        if (str == null) {
            str = tokenProvider.get().nextToken();
            session.setAttribute(CSRF_TOKEN_VALUE, str);
        }
        return str;
    }

    public static String name() {
        HttpSession session = getSession();
        String str = (String) session.getAttribute(CSRF_TOKEN_NAME);
        if (str == null) {
            str = tokenProvider.get().nextName();
            session.setAttribute(CSRF_TOKEN_NAME, str);
        }
        return str;
    }
}
