package club.zhcs.titans.nutz.processor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.nutz.lang.random.R;

/* loaded from: input_file:club/zhcs/titans/nutz/processor/CSRFTokenManager.class */
public final class CSRFTokenManager {
    static final String CSRF_HEADER_NAME = "RequestVerificationToken";
    public static final String CSRF_TOKEN_FOR_SESSION_ATTR_NAME = CSRFTokenManager.class.getName() + ".tokenval";

    public static String getTokenForSession(HttpSession httpSession) {
        String str;
        synchronized (httpSession) {
            str = (String) httpSession.getAttribute(CSRF_TOKEN_FOR_SESSION_ATTR_NAME);
            if (null == str) {
                str = R.UU32();
                httpSession.setAttribute(CSRF_TOKEN_FOR_SESSION_ATTR_NAME, str);
            }
        }
        return str;
    }

    public static String getTokenFromRequestHeader(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(CSRF_HEADER_NAME);
    }

    public static boolean hasValidRequestTokenHeader(HttpServletRequest httpServletRequest) {
        String tokenFromRequestHeader = getTokenFromRequestHeader(httpServletRequest);
        String tokenForSession = getTokenForSession(httpServletRequest.getSession());
        if (tokenFromRequestHeader == null) {
            return false;
        }
        return tokenFromRequestHeader.equals(tokenForSession);
    }

    private CSRFTokenManager() {
    }
}
