package com.atlassian.crowd.xwork;

import com.atlassian.crowd.xwork.interceptors.XsrfTokenInterceptor;
import com.atlassian.security.random.DefaultSecureTokenGenerator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/atlassian/crowd/xwork/SimpleXsrfTokenGenerator.class */
public class SimpleXsrfTokenGenerator implements XsrfTokenGenerator {
    public static final String TOKEN_SESSION_KEY = "atlassian.xsrf.token";

    @Override // com.atlassian.crowd.xwork.XsrfTokenGenerator
    public String getToken(HttpServletRequest httpServletRequest, boolean z) {
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(TOKEN_SESSION_KEY);
        if (z && str == null) {
            str = createToken();
            session.setAttribute(TOKEN_SESSION_KEY, str);
        }
        return str;
    }

    @Override // com.atlassian.crowd.xwork.XsrfTokenGenerator
    public String generateToken(HttpServletRequest httpServletRequest) {
        return getToken(httpServletRequest, true);
    }

    @Override // com.atlassian.crowd.xwork.XsrfTokenGenerator
    public String getXsrfTokenName() {
        return XsrfTokenInterceptor.REQUEST_PARAM_NAME;
    }

    @Override // com.atlassian.crowd.xwork.XsrfTokenGenerator
    public boolean validateToken(HttpServletRequest httpServletRequest, String str) {
        return str != null && str.equals(httpServletRequest.getSession(true).getAttribute(TOKEN_SESSION_KEY));
    }

    private String createToken() {
        return DefaultSecureTokenGenerator.getInstance().generateToken();
    }
}
