package org.apache.nifi.web.security.csrf;

import java.net.URI;
import java.time.Duration;
import java.util.UUID;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.nifi.web.security.cookie.ApplicationCookieName;
import org.apache.nifi.web.security.cookie.ApplicationCookieService;
import org.apache.nifi.web.security.cookie.StandardApplicationCookieService;
import org.apache.nifi.web.security.http.SecurityCookieName;
import org.apache.nifi.web.security.http.SecurityHeader;
import org.apache.nifi.web.util.RequestUriBuilder;
import org.springframework.http.ResponseCookie;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.util.StringUtils;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:org/apache/nifi/web/security/csrf/StandardCookieCsrfTokenRepository.class */
public class StandardCookieCsrfTokenRepository implements CsrfTokenRepository {
    private static final String REQUEST_PARAMETER = "requestToken";
    private static final ApplicationCookieService applicationCookieService = new CsrfApplicationCookieService();

    /* loaded from: input_file:org/apache/nifi/web/security/csrf/StandardCookieCsrfTokenRepository$CsrfApplicationCookieService.class */
    private static class CsrfApplicationCookieService extends StandardApplicationCookieService {
        private static final boolean HTTP_ONLY_DISABLED = false;

        private CsrfApplicationCookieService() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.nifi.web.security.cookie.StandardApplicationCookieService
        public ResponseCookie.ResponseCookieBuilder getCookieBuilder(URI uri, ApplicationCookieName applicationCookieName, String str, Duration duration) {
            ResponseCookie.ResponseCookieBuilder cookieBuilder = super.getCookieBuilder(uri, applicationCookieName, str, duration);
            cookieBuilder.httpOnly(false);
            return cookieBuilder;
        }
    }

    public CsrfToken generateToken(HttpServletRequest httpServletRequest) {
        CsrfToken loadToken = loadToken(httpServletRequest);
        if (loadToken == null) {
            loadToken = getCsrfToken(generateRandomToken());
        }
        return loadToken;
    }

    public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        URI build = RequestUriBuilder.fromHttpServletRequest(httpServletRequest).build();
        if (csrfToken == null) {
            applicationCookieService.removeCookie(build, httpServletResponse, ApplicationCookieName.REQUEST_TOKEN);
        } else {
            applicationCookieService.addSessionCookie(build, httpServletResponse, ApplicationCookieName.REQUEST_TOKEN, csrfToken.getToken());
        }
    }

    public CsrfToken loadToken(HttpServletRequest httpServletRequest) {
        Cookie cookie = WebUtils.getCookie(httpServletRequest, SecurityCookieName.REQUEST_TOKEN.getName());
        String value = cookie == null ? null : cookie.getValue();
        if (StringUtils.hasLength(value)) {
            return getCsrfToken(value);
        }
        return null;
    }

    private CsrfToken getCsrfToken(String str) {
        return new DefaultCsrfToken(SecurityHeader.REQUEST_TOKEN.getHeader(), REQUEST_PARAMETER, str);
    }

    private String generateRandomToken() {
        return UUID.randomUUID().toString();
    }
}
