package com.atlassian.stash.sal.api.auth;

import com.atlassian.bitbucket.dmz.xsrf.XsrfTokenStore;
import com.atlassian.sal.api.xsrf.XsrfTokenAccessor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/stash/sal/api/auth/SessionBasedXsrfTokenAccessor.class */
public class SessionBasedXsrfTokenAccessor implements XsrfTokenAccessor {
    public static final String XSRF_TOKEN_NAME = "xsrfTokenName";
    public static final String XSRF_TOKEN_VALUE = "xsrfTokenValue";
    private static final Logger log = LoggerFactory.getLogger(SessionBasedXsrfTokenAccessor.class);
    private final XsrfTokenStore tokenStore;

    public SessionBasedXsrfTokenAccessor(XsrfTokenStore xsrfTokenStore) {
        this.tokenStore = xsrfTokenStore;
    }

    public String getXsrfToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        HttpSession session = httpServletRequest.getSession(false);
        if (!z) {
            if (session == null) {
                return null;
            }
            if (this.tokenStore.hasInvalidToken(httpServletRequest)) {
                return (String) session.getAttribute(XSRF_TOKEN_VALUE);
            }
        }
        String token = this.tokenStore.getToken(httpServletRequest);
        if (token != null) {
            return token;
        }
        if (!z) {
            return null;
        }
        HttpSession session2 = httpServletRequest.getSession(true);
        if (httpServletResponse.isCommitted()) {
            log.warn("Adding token to session for with a committed response, this may have no effect");
        }
        String generateToken = this.tokenStore.generateToken(httpServletRequest);
        if (generateToken == null) {
            return null;
        }
        this.tokenStore.saveToken(generateToken, httpServletRequest);
        session2.setAttribute(XSRF_TOKEN_NAME, this.tokenStore.getXsrfTokenName());
        session2.setAttribute(XSRF_TOKEN_VALUE, generateToken);
        return generateToken;
    }
}
