package org.owasp.csrfguard.util;

import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.owasp.csrfguard.CsrfGuard;

/* loaded from: input_file:org/owasp/csrfguard/util/SessionUtils.class */
public final class SessionUtils {
    private static final String TOKENS_GENERATED = "org.owasp.csrfguard.TokensGenerated";

    private SessionUtils() {
    }

    public static boolean tokensGenerated(HttpSession httpSession) {
        return httpSession.getAttribute(TOKENS_GENERATED) != null && ((Boolean) httpSession.getAttribute(TOKENS_GENERATED)).booleanValue();
    }

    public static void setTokensGenerated(HttpSession httpSession) {
        if (httpSession != null) {
            httpSession.setAttribute(TOKENS_GENERATED, true);
        }
    }

    public static Map<String, String> extractPageTokensFromSession(HttpSession httpSession) {
        Map<String, String> map = (Map) httpSession.getAttribute(CsrfGuard.PAGE_TOKENS_KEY);
        return map != null ? map : new HashMap(CsrfGuard.getInstance().getProtectedPages().size());
    }

    public static void updatePageTokensOnSession(HttpSession httpSession, Map<String, String> map) {
        if (httpSession == null || map == null) {
            return;
        }
        httpSession.setAttribute(CsrfGuard.PAGE_TOKENS_KEY, map);
        setTokensGenerated(httpSession);
    }

    public static void invalidateTokenForResource(HttpSession httpSession, String str, String str2) {
        Map<String, String> extractPageTokensFromSession = extractPageTokensFromSession(httpSession);
        if (getSessionToken(httpSession).equals(str)) {
            invalidateSessionToken(httpSession);
        }
        String str3 = (String) CsrfGuardUtils.getMapKeyByValue(extractPageTokensFromSession, str2);
        if (str3 != null) {
            extractPageTokensFromSession.put(str3, TokenUtils.getRandomToken());
        }
        setTokensGenerated(httpSession);
    }

    public static void invalidateSessionToken(HttpSession httpSession) {
        httpSession.setAttribute(CsrfGuard.getInstance().getSessionKey(), TokenUtils.getRandomToken());
    }

    public static String getSessionToken(HttpSession httpSession) {
        return (String) httpSession.getAttribute(CsrfGuard.getInstance().getSessionKey());
    }
}
