package com.atlassian.stash.internal.web.util.xsrf;

import com.atlassian.bitbucket.auth.AuthenticationContext;
import com.atlassian.security.random.SecureTokenGenerator;
import com.atlassian.security.utils.ConstantTimeComparison;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component("xsrfTokenGenerator")
/* loaded from: input_file:WEB-INF/classes/com/atlassian/stash/internal/web/util/xsrf/HttpSessionXsrfTokenGenerator.class */
public class HttpSessionXsrfTokenGenerator implements XsrfTokenGenerator {
    static final String TOKEN_SESSION_KEY = "atlassian.xsrf.token";
    static final String REQUEST_PARAM_NAME = "atl_token";
    private final SecureTokenGenerator secureTokenGenerator;
    private final AuthenticationContext authenticationContext;

    @Autowired
    public HttpSessionXsrfTokenGenerator(SecureTokenGenerator secureTokenGenerator, AuthenticationContext authenticationContext) {
        this.secureTokenGenerator = secureTokenGenerator;
        this.authenticationContext = authenticationContext;
    }

    @Override // com.atlassian.stash.internal.web.util.xsrf.XsrfTokenGenerator
    public String generateToken(HttpServletRequest httpServletRequest) {
        HttpSession session = getSession(httpServletRequest);
        if (session == null) {
            return null;
        }
        String str = (String) session.getAttribute("atlassian.xsrf.token");
        if (str == null) {
            str = createToken();
            session.setAttribute("atlassian.xsrf.token", str);
        }
        return str;
    }

    @Override // com.atlassian.stash.internal.web.util.xsrf.XsrfTokenGenerator
    public String getXsrfTokenName() {
        return "atl_token";
    }

    @Override // com.atlassian.stash.internal.web.util.xsrf.XsrfTokenGenerator
    public boolean hasValidToken(HttpServletRequest httpServletRequest) {
        HttpSession session = getSession(httpServletRequest);
        if (session == null) {
            return false;
        }
        String parameter = httpServletRequest.getParameter(getXsrfTokenName());
        String str = (String) session.getAttribute("atlassian.xsrf.token");
        return (parameter == null || str == null || !ConstantTimeComparison.isEqual(parameter, str)) ? false : true;
    }

    protected String createToken() {
        return this.secureTokenGenerator.generateToken();
    }

    protected HttpSession getSession(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession(this.authenticationContext.isAuthenticated());
    }
}
