package org.primeframework.mvc.security.csrf;

import java.security.SecureRandom;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:org/primeframework/mvc/security/csrf/SynchronizerTokenCSRFProvider.class */
public class SynchronizerTokenCSRFProvider implements CSRFProvider {
    public static final String CSRF_SESSION_KEY = "prime-mvc-security-csrf-token";

    @Override // org.primeframework.mvc.security.csrf.CSRFProvider
    public String getToken(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        String str = (String) session.getAttribute(CSRF_SESSION_KEY);
        return str == null ? generateToken() : str;
    }

    @Override // org.primeframework.mvc.security.csrf.CSRFProvider
    public boolean validateRequest(HttpServletRequest httpServletRequest) {
        String token = getToken(httpServletRequest);
        return token == null || token.equals(httpServletRequest.getParameter(CSRFProvider.CSRF_PARAMETER_KEY));
    }

    private String generateToken() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }
}
