package at.porscheinformatik.tapestry.csrfprotection.internal;

import at.porscheinformatik.tapestry.csrfprotection.CsrfException;
import at.porscheinformatik.tapestry.csrfprotection.CsrfToken;
import at.porscheinformatik.tapestry.csrfprotection.services.CsrfTokenRepository;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.tapestry5.http.services.Request;
import org.apache.tapestry5.ioc.annotations.Symbol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/porscheinformatik/tapestry/csrfprotection/internal/CsrfTokenManager.class */
public class CsrfTokenManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(CsrfTokenManager.class);
    private final CsrfTokenRepository tokenRepository;
    private final String parameterName;

    public CsrfTokenManager(CsrfTokenRepository csrfTokenRepository, @Symbol("tapestry.csrf-token-parameter-name") String str) {
        this.tokenRepository = csrfTokenRepository;
        this.parameterName = str;
    }

    public CsrfToken getSessionToken() {
        CsrfToken loadToken = this.tokenRepository.loadToken();
        if (loadToken == null) {
            loadToken = this.tokenRepository.generateToken();
            this.tokenRepository.saveToken(loadToken);
        }
        return loadToken;
    }

    public void checkToken(Request request, HttpServletRequest httpServletRequest) throws CsrfException {
        String parameter = request.getParameter(this.parameterName);
        CsrfToken loadToken = this.tokenRepository.loadToken();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("SessionToken: " + loadToken + ", ClientToken: " + parameter);
        }
        if (loadToken == null || !loadToken.getToken().equals(parameter)) {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null || !session.isNew()) {
                LOGGER.warn("CSRF Attack detected. Server-Token: {}  vs. Client-Token: {}", loadToken, parameter);
                throw new CsrfException("CSRF Attack detected. Invalid client token: " + parameter);
            }
        }
    }
}
