package com.atlassian.plugin.web.springmvc.xsrf;

import com.atlassian.security.random.DefaultSecureTokenGenerator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/plugin/web/springmvc/xsrf/SimpleXsrfTokenGenerator.class */
public class SimpleXsrfTokenGenerator implements XsrfTokenGenerator {
    public static final String TOKEN_SESSION_KEY = "atlassian.xsrf.token";
    private static final Logger LOGGER = LoggerFactory.getLogger(SimpleXsrfTokenGenerator.class);

    @Override // com.atlassian.plugin.web.springmvc.xsrf.XsrfTokenGenerator
    public String generateToken(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(TOKEN_SESSION_KEY);
        if (str == null) {
            str = createToken();
            LOGGER.debug("New XSRF token generated: {}", str);
            session.setAttribute(TOKEN_SESSION_KEY, str);
        }
        return str;
    }

    @Override // com.atlassian.plugin.web.springmvc.xsrf.XsrfTokenGenerator
    public String getXsrfTokenName() {
        return XsrfTokenGenerator.REQUEST_PARAM_NAME;
    }

    @Override // com.atlassian.plugin.web.springmvc.xsrf.XsrfTokenGenerator
    public boolean validateToken(HttpServletRequest httpServletRequest, String str) {
        Object attribute = httpServletRequest.getSession(true).getAttribute(TOKEN_SESSION_KEY);
        boolean z = str != null && str.equals(attribute);
        if (!z) {
            LOGGER.debug("XSRF check failed: requestToken='{}', sessionToken='{}'", str, attribute);
        }
        return z;
    }

    private String createToken() {
        return DefaultSecureTokenGenerator.getInstance().generateToken();
    }
}
