package net.shibboleth.idp.ui.csrf;

import java.util.function.BiPredicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.idp.ui.csrf.impl.SimpleCSRFToken;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/idp/ui/csrf/CSRFTokenManager.class */
public final class CSRFTokenManager {

    @Nonnull
    private String csrfParameterName = "csrf_token";

    @Nonnull
    private IdentifierGenerationStrategy tokenGenerationStrategy = new SecureRandomIdentifierGenerationStrategy(20);

    @Nonnull
    private BiPredicate<CSRFToken, String> csrfTokenValidationPredicate = new DefaultCSRFTokenValidationPredicate();

    /* loaded from: input_file:net/shibboleth/idp/ui/csrf/CSRFTokenManager$DefaultCSRFTokenValidationPredicate.class */
    private static class DefaultCSRFTokenValidationPredicate implements BiPredicate<CSRFToken, String> {
        private DefaultCSRFTokenValidationPredicate() {
        }

        @Override // java.util.function.BiPredicate
        public boolean test(@Nullable CSRFToken cSRFToken, @Nullable String str) {
            return (cSRFToken == null || str == null || !cSRFToken.getToken().equals(str)) ? false : true;
        }
    }

    public void setTokenGenerationStrategy(@Nonnull IdentifierGenerationStrategy identifierGenerationStrategy) {
        this.tokenGenerationStrategy = (IdentifierGenerationStrategy) Constraint.isNotNull(identifierGenerationStrategy, "tokenGenerationStrategy cannot be null");
    }

    public void setCsrfTokenValidationPredicate(@Nonnull BiPredicate<CSRFToken, String> biPredicate) {
        this.csrfTokenValidationPredicate = (BiPredicate) Constraint.isNotNull(biPredicate, "CSRF token validation predicate can not be null");
    }

    public void setCsrfParameterName(@NotEmpty @Nonnull String str) {
        this.csrfParameterName = Constraint.isNotEmpty(str, "CsrfParameterName cannot be null or empty");
    }

    @Nonnull
    public CSRFToken generateCSRFToken() {
        return new SimpleCSRFToken(this.tokenGenerationStrategy.generateIdentifier(), this.csrfParameterName);
    }

    public boolean isValidCSRFToken(@Nullable CSRFToken cSRFToken, @Nullable String str) {
        return this.csrfTokenValidationPredicate.test(cSRFToken, str);
    }
}
