package org.springframework.security.web.csrf;

import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/terasoluna-gfw-security-web-1.1.0-20140425.100056-213.jar:org/springframework/security/web/csrf/HttpSessionCsrfTokenRepository.class */
public final class HttpSessionCsrfTokenRepository implements CsrfTokenRepository {
    private static final String DEFAULT_CSRF_PARAMETER_NAME = "_csrf";
    private static final String DEFAULT_CSRF_HEADER_NAME = "X-CSRF-TOKEN";
    private static final String DEFAULT_CSRF_TOKEN_ATTR_NAME = HttpSessionCsrfTokenRepository.class.getName().concat(".CSRF_TOKEN");
    private String parameterName = DEFAULT_CSRF_PARAMETER_NAME;
    private String headerName = DEFAULT_CSRF_HEADER_NAME;
    private String sessionAttributeName = DEFAULT_CSRF_TOKEN_ATTR_NAME;

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public void saveToken(CsrfToken csrfToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        if (csrfToken == null) {
            session.removeAttribute(this.sessionAttributeName);
        } else {
            session.setAttribute(this.sessionAttributeName, csrfToken);
        }
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public CsrfToken loadToken(HttpServletRequest httpServletRequest) {
        return (CsrfToken) httpServletRequest.getSession().getAttribute(this.sessionAttributeName);
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRepository
    public CsrfToken generateToken(HttpServletRequest httpServletRequest) {
        return new DefaultCsrfToken(this.headerName, this.parameterName, createNewToken());
    }

    public void setParameterName(String str) {
        Assert.hasLength(str, "parameterName cannot be null or empty");
        this.parameterName = str;
    }

    public void setHeaderName(String str) {
        Assert.hasLength(str, "parameterName cannot be null or empty");
        this.parameterName = str;
    }

    public void setSessionAttributeName(String str) {
        Assert.hasLength(str, "sessionAttributename cannot be null or empty");
        this.sessionAttributeName = str;
    }

    private String createNewToken() {
        return UUID.randomUUID().toString();
    }
}
