package org.pac4j.oauth.client;

import org.apache.commons.lang3.RandomStringUtils;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.oauth.client.exception.OAuthCredentialsException;
import org.pac4j.oauth.credentials.OAuthCredentials;
import org.pac4j.oauth.profile.OAuth20Profile;
import org.pac4j.oauth.profile.strava.StravaAttributesDefinition;

/* loaded from: input_file:org/pac4j/oauth/client/BaseOAuth20StateClient.class */
public abstract class BaseOAuth20StateClient<U extends OAuth20Profile> extends BaseOAuth20Client<U> {
    private static final String STATE_PARAMETER = "#oauth20StateParameter";
    private String stateData;

    protected String getState() {
        return CommonHelper.isNotBlank(this.stateData) ? this.stateData : RandomStringUtils.randomAlphanumeric(10);
    }

    public void setState(String str) {
        this.stateData = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAuthorizationUrl(String str) {
        String authorizationUrl = this.service.getAuthorizationUrl(str);
        logger.debug("authorizationUrl : {}", authorizationUrl);
        return authorizationUrl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.pac4j.oauth.client.BaseOAuth20Client, org.pac4j.oauth.client.BaseOAuthClient
    public String retrieveAuthorizationUrl(WebContext webContext) {
        String state = getState();
        webContext.setSessionAttribute(getName() + STATE_PARAMETER, state);
        return getAuthorizationUrl(state);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.pac4j.oauth.client.BaseOAuth20Client, org.pac4j.oauth.client.BaseOAuthClient
    public OAuthCredentials getOAuthCredentials(WebContext webContext) {
        String requestParameter = webContext.getRequestParameter(StravaAttributesDefinition.STATE);
        if (!CommonHelper.isNotBlank(requestParameter)) {
            throw new OAuthCredentialsException("Missing state parameter : session expired or possible threat of cross-site request forgery");
        }
        String str = (String) webContext.getSessionAttribute(getName() + STATE_PARAMETER);
        webContext.setSessionAttribute(getName() + STATE_PARAMETER, (Object) null);
        logger.debug("sessionState : {} / stateParameter : {}", str, requestParameter);
        if (requestParameter.equals(str)) {
            return super.getOAuthCredentials(webContext);
        }
        throw new OAuthCredentialsException("State parameter mismatch : session expired or possible threat of cross-site request forgery");
    }
}
