package org.wso2.carbon.identity.application.authentication.framework.util;

import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.core.SameSiteCookie;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.core.util.IdentityUtil;

/* loaded from: input_file:org/wso2/carbon/identity/application/authentication/framework/util/SessionNonceCookieUtil.class */
public class SessionNonceCookieUtil {
    public static final String NONCE_COOKIE = "sessionNonceCookie";
    public static final String NONCE_COOKIE_CONFIG = "EnableSessionNonceCookie";
    public static final String NONCE_ERROR_CODE = "sessionNonceErrorCode";
    private static Boolean nonceCookieConfig;
    private static final Set<String> NONCE_COOKIE_WHITELISTED_AUTHENTICATORS = new HashSet(IdentityUtil.getPropertyAsList(FrameworkConstants.NONCE_COOKIE_WHITELISTED_AUTHENTICATORS_CONFIG));

    public static String getNonceCookieName(AuthenticationContext authenticationContext) {
        return "sessionNonceCookie-" + authenticationContext.getContextIdentifier();
    }

    public static void addNonceCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) {
        if (isNonceCookieEnabled()) {
            String uuid = UUID.randomUUID().toString();
            String nonceCookieName = getNonceCookieName(authenticationContext);
            FrameworkUtils.setCookie(httpServletRequest, httpServletResponse, nonceCookieName, uuid, Integer.valueOf(Math.toIntExact(TimeUnit.MINUTES.toSeconds(IdentityUtil.getTempDataCleanUpTimeout()) * 2)), SameSiteCookie.NONE);
            authenticationContext.setProperty(nonceCookieName, uuid);
        }
    }

    public static boolean validateNonceCookie(HttpServletRequest httpServletRequest, AuthenticationContext authenticationContext) {
        if (!isNonceCookieEnabled() || isNonceCookieValidationSkipped(httpServletRequest) || NONCE_COOKIE_WHITELISTED_AUTHENTICATORS.contains(authenticationContext.getCurrentAuthenticator())) {
            return true;
        }
        boolean z = false;
        String nonceCookieName = getNonceCookieName(authenticationContext);
        String str = (String) authenticationContext.getProperty(nonceCookieName);
        Cookie cookie = FrameworkUtils.getCookie(httpServletRequest, nonceCookieName);
        String str2 = null;
        if (cookie != null) {
            str2 = cookie.getValue();
        }
        if (!StringUtils.isEmpty(str) && !StringUtils.isEmpty(str2) && str.equals(str2)) {
            z = true;
        }
        return z;
    }

    public static void removeNonceCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationContext authenticationContext) {
        if (isNonceCookieEnabled()) {
            String nonceCookieName = getNonceCookieName(authenticationContext);
            FrameworkUtils.removeCookie(httpServletRequest, httpServletResponse, nonceCookieName);
            authenticationContext.removeProperty(nonceCookieName);
        }
    }

    public static boolean isNonceCookieEnabled() {
        if (nonceCookieConfig == null) {
            nonceCookieConfig = Boolean.valueOf(Boolean.parseBoolean(IdentityUtil.getProperty(NONCE_COOKIE_CONFIG)));
        }
        return nonceCookieConfig.booleanValue();
    }

    public static boolean isNonceCookieValidationSkipped(HttpServletRequest httpServletRequest) {
        return Boolean.TRUE.equals(httpServletRequest.getAttribute(FrameworkConstants.SKIP_NONCE_COOKIE_VALIDATION));
    }
}
