package com.atlassian.confluence.security.service;

import com.atlassian.confluence.util.i18n.Message;
import com.atlassian.fugue.Maybe;
import com.atlassian.fugue.Option;
import com.atlassian.fugue.Pair;
import com.atlassian.xwork.XsrfTokenGenerator;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/atlassian/confluence/security/service/DefaultXsrfTokenService.class */
public class DefaultXsrfTokenService implements XsrfTokenService {
    private static final String REQUEST_PARAM_NAME = "atl_token";
    private static final String VALIDATION_FAILED_ERROR_KEY = "atlassian.xwork.xsrf.badtoken";
    private static final String SECURITY_TOKEN_REQUIRED_ERROR_KEY = "atlassian.xwork.xsrf.notoken";
    private static final String OVERRIDE_HEADER_NAME = "X-Atlassian-Token";
    private static final String OVERRIDE_HEADER_VALUE = "no-check";
    private XsrfTokenGenerator tokenGenerator;

    public DefaultXsrfTokenService(XsrfTokenGenerator xsrfTokenGenerator) {
        this.tokenGenerator = xsrfTokenGenerator;
    }

    @Override // com.atlassian.confluence.security.service.XsrfTokenService
    public Pair<String, String> generate(HttpServletRequest httpServletRequest) {
        return Pair.pair(REQUEST_PARAM_NAME, this.tokenGenerator.generateToken(httpServletRequest));
    }

    @Override // com.atlassian.confluence.security.service.XsrfTokenService
    public Maybe<Message> validate(HttpServletRequest httpServletRequest) {
        if (OVERRIDE_HEADER_VALUE.equals(httpServletRequest.getHeader(OVERRIDE_HEADER_NAME))) {
            return Option.none();
        }
        String parameter = httpServletRequest.getParameter(REQUEST_PARAM_NAME);
        return parameter == null ? Option.some(Message.getInstance(SECURITY_TOKEN_REQUIRED_ERROR_KEY)) : !this.tokenGenerator.validateToken(httpServletRequest, parameter) ? Option.some(Message.getInstance(VALIDATION_FAILED_ERROR_KEY)) : Option.none();
    }
}
