package net.bluemind.webmodule.server;

import io.netty.handler.codec.http.cookie.Cookie;
import io.netty.handler.codec.http.cookie.DefaultCookie;
import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
import io.netty.handler.codec.http.cookie.ServerCookieEncoder;
import io.vertx.core.http.HttpServerRequest;
import java.util.Iterator;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/webmodule/server/CSRFTokenManager.class */
public class CSRFTokenManager {
    public static final CSRFTokenManager INSTANCE = new CSRFTokenManager();
    private static final Logger logger = LoggerFactory.getLogger(CSRFTokenManager.class);

    public String initRequest(HttpServerRequest httpServerRequest) {
        String uuid = UUID.randomUUID().toString();
        DefaultCookie defaultCookie = new DefaultCookie("BMSESSION", uuid);
        defaultCookie.setPath("/");
        if (SecurityConfig.secureCookies) {
            defaultCookie.setSecure(true);
        }
        defaultCookie.setHttpOnly(true);
        httpServerRequest.response().headers().add("Set-Cookie", ServerCookieEncoder.LAX.encode(defaultCookie));
        return uuid;
    }

    public boolean checkToken(HttpServerRequest httpServerRequest, String str) {
        String currentSessionId = currentSessionId(httpServerRequest);
        if (currentSessionId == null) {
            logger.debug("no session to check csrfToken");
            return false;
        }
        try {
            UUID.fromString(currentSessionId);
            boolean equals = currentSessionId.equals(str);
            logger.debug("csrfToken {}: {} ", str, Boolean.valueOf(equals));
            return equals;
        } catch (IllegalArgumentException e) {
            logger.debug("invalid sessionId {}", currentSessionId, e);
            return false;
        }
    }

    private String currentSessionId(HttpServerRequest httpServerRequest) {
        String str = null;
        String str2 = httpServerRequest.headers().get("Cookie");
        if (str2 != null) {
            Iterator it = ServerCookieDecoder.LAX.decode(str2).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Cookie cookie = (Cookie) it.next();
                if ("BMSESSION".equals(cookie.name())) {
                    str = cookie.value();
                    break;
                }
            }
        }
        return str;
    }
}
