package org.pac4j.http.authorization;

import org.pac4j.core.authorization.Authorizer;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;

/* loaded from: input_file:org/pac4j/http/authorization/CsrfAuthorizer.class */
public class CsrfAuthorizer<U extends UserProfile> implements Authorizer<U> {
    private String parameterName = "pac4jCsrfToken";
    private String headerName = "pac4jCsrfToken";

    public boolean isAuthorized(WebContext webContext, U u) {
        String requestParameter = webContext.getRequestParameter(this.parameterName);
        String requestHeader = webContext.getRequestHeader(this.headerName);
        String str = (String) webContext.getSessionAttribute("pac4jCsrfToken");
        return CommonHelper.areEquals(requestParameter, str) || CommonHelper.areEquals(requestHeader, str);
    }

    public String getParameterName() {
        return this.parameterName;
    }

    public void setParameterName(String str) {
        this.parameterName = str;
    }

    public String getHeaderName() {
        return this.headerName;
    }

    public void setHeaderName(String str) {
        this.headerName = str;
    }
}
