package net.shibboleth.idp.ui.csrf;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.function.BiPredicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.idp.ui.csrf.impl.SimpleCSRFToken;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.security.IdentifierGenerationStrategy;
import net.shibboleth.shared.security.RandomIdentifierParameterSpec;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/idp-ui-5.1.3.jar:net/shibboleth/idp/ui/csrf/CSRFTokenManager.class */
public final class CSRFTokenManager extends AbstractInitializableComponent {

    @NonnullAfterInit
    private IdentifierGenerationStrategy tokenGenerationStrategy;

    @Nonnull
    private String csrfParameterName = "csrf_token";

    @Nonnull
    private BiPredicate<CSRFToken, String> csrfTokenValidationPredicate = new DefaultCSRFTokenValidationPredicate();

    /* loaded from: input_file:WEB-INF/lib/idp-ui-5.1.3.jar:net/shibboleth/idp/ui/csrf/CSRFTokenManager$DefaultCSRFTokenValidationPredicate.class */
    private static class DefaultCSRFTokenValidationPredicate implements BiPredicate<CSRFToken, String> {
        private DefaultCSRFTokenValidationPredicate() {
        }

        @Override // java.util.function.BiPredicate
        public boolean test(@Nullable CSRFToken cSRFToken, @Nullable String str) {
            return (cSRFToken == null || str == null || !cSRFToken.getToken().equals(str)) ? false : true;
        }
    }

    public void setTokenGenerationStrategy(@Nonnull IdentifierGenerationStrategy identifierGenerationStrategy) {
        checkSetterPreconditions();
        this.tokenGenerationStrategy = (IdentifierGenerationStrategy) Constraint.isNotNull(identifierGenerationStrategy, "tokenGenerationStrategy cannot be null");
    }

    public void setCsrfTokenValidationPredicate(@Nonnull BiPredicate<CSRFToken, String> biPredicate) {
        checkSetterPreconditions();
        this.csrfTokenValidationPredicate = (BiPredicate) Constraint.isNotNull(biPredicate, "CSRF token validation predicate can not be null");
    }

    public void setCsrfParameterName(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.csrfParameterName = Constraint.isNotEmpty(str, "CsrfParameterName cannot be null or empty");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.shared.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.tokenGenerationStrategy == null) {
            try {
                this.tokenGenerationStrategy = IdentifierGenerationStrategy.getInstance(IdentifierGenerationStrategy.ProviderType.SECURE, new RandomIdentifierParameterSpec(null, 20, null));
            } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
                throw new ComponentInitializationException(e);
            }
        }
    }

    @Nonnull
    public CSRFToken generateCSRFToken() {
        checkComponentActive();
        return new SimpleCSRFToken(this.tokenGenerationStrategy.generateIdentifier(), this.csrfParameterName);
    }

    public boolean isValidCSRFToken(@Nullable CSRFToken cSRFToken, @Nullable String str) {
        checkComponentActive();
        return this.csrfTokenValidationPredicate.test(cSRFToken, str);
    }
}
