package org.primeframework.mvc.security;

import java.security.SecureRandom;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.primeframework.mock.servlet.MockHttpServletRequest;

/* loaded from: input_file:org/primeframework/mvc/security/CSRF.class */
public final class CSRF {
    public static final String CSRF_PARAMETER_KEY = "primeCSRFToken";
    public static final String CSRF_SESSION_KEY = "prime-mvc-security-csrf-token";

    public static String generateCSRFToken() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    public static String getParameterToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(CSRF_PARAMETER_KEY);
    }

    public static String getSessionToken(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            return (String) session.getAttribute(CSRF_SESSION_KEY);
        }
        return null;
    }

    public static void setParameterToken(MockHttpServletRequest mockHttpServletRequest) {
        String sessionToken = getSessionToken(mockHttpServletRequest);
        if (sessionToken != null) {
            mockHttpServletRequest.setParameter(CSRF_PARAMETER_KEY, sessionToken);
        }
    }

    public static void storeToken(HttpSession httpSession) {
        httpSession.setAttribute(CSRF_SESSION_KEY, generateCSRFToken());
    }
}
