package org.pac4j.core.authorization.authorizer.csrf;

import java.util.List;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.context.ContextHelper;
import org.pac4j.core.context.Pac4jConstants;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.HttpAction;
import org.pac4j.core.profile.CommonProfile;

/* loaded from: input_file:org/pac4j/core/authorization/authorizer/csrf/CsrfAuthorizer.class */
public class CsrfAuthorizer implements Authorizer<CommonProfile> {
    private String parameterName;
    private String headerName;
    private boolean onlyCheckPostRequest;

    public CsrfAuthorizer() {
        this.parameterName = Pac4jConstants.CSRF_TOKEN;
        this.headerName = Pac4jConstants.CSRF_TOKEN;
        this.onlyCheckPostRequest = true;
    }

    public CsrfAuthorizer(String str, String str2) {
        this.parameterName = Pac4jConstants.CSRF_TOKEN;
        this.headerName = Pac4jConstants.CSRF_TOKEN;
        this.onlyCheckPostRequest = true;
        this.parameterName = str;
        this.headerName = str2;
    }

    public CsrfAuthorizer(String str, String str2, boolean z) {
        this(str, str2);
        this.onlyCheckPostRequest = z;
    }

    @Override // org.pac4j.core.authorization.authorizer.Authorizer
    public boolean isAuthorized(WebContext webContext, List<CommonProfile> list) throws HttpAction {
        if (!(!this.onlyCheckPostRequest || ContextHelper.isPost(webContext))) {
            return true;
        }
        String requestParameter = webContext.getRequestParameter(this.parameterName);
        String requestHeader = webContext.getRequestHeader(this.headerName);
        String str = (String) webContext.getSessionAttribute(Pac4jConstants.CSRF_TOKEN);
        return str != null && (str.equals(requestParameter) || str.equals(requestHeader));
    }

    public String getParameterName() {
        return this.parameterName;
    }

    public void setParameterName(String str) {
        this.parameterName = str;
    }

    public String getHeaderName() {
        return this.headerName;
    }

    public void setHeaderName(String str) {
        this.headerName = str;
    }

    public boolean isOnlyCheckPostRequest() {
        return this.onlyCheckPostRequest;
    }

    public void setOnlyCheckPostRequest(boolean z) {
        this.onlyCheckPostRequest = z;
    }
}
