package com.helger.photon.uicore.page;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.state.EContinue;
import com.helger.html.hc.html.forms.HCHiddenField;
import com.helger.photon.core.csrf.CSRFSessionManager;
import com.helger.photon.uicore.css.CPageParam;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:WEB-INF/lib/ph-oton-uicore-8.3.4.jar:com/helger/photon/uicore/page/WebPageCSRFHandler.class */
public class WebPageCSRFHandler implements IWebPageCSRFHandler {
    public static final boolean DEFAULT_CSRF_PREVENTION_ENABLED = true;
    public static final WebPageCSRFHandler INSTANCE = new WebPageCSRFHandler();
    private boolean m_bCSRFPreventionEnabled = true;
    private ICSRFErrorHandler m_aErrorHdl = new LoggingCSRFErrorHandler();

    protected WebPageCSRFHandler() {
    }

    @Override // com.helger.photon.uicore.page.IWebPageCSRFHandler
    public final boolean isCSRFPreventionEnabled() {
        return this.m_bCSRFPreventionEnabled;
    }

    @Nonnull
    public final WebPageCSRFHandler setCSRFPreventionEnabled(boolean z) {
        this.m_bCSRFPreventionEnabled = z;
        return this;
    }

    @Nonnull
    public final ICSRFErrorHandler getCSRFErrorHandler() {
        return this.m_aErrorHdl;
    }

    @Nonnull
    public final WebPageCSRFHandler setCSRFErrorHandler(@Nonnull ICSRFErrorHandler iCSRFErrorHandler) {
        ValueEnforcer.notNull(iCSRFErrorHandler, "ErrorHdl");
        this.m_aErrorHdl = iCSRFErrorHandler;
        return this;
    }

    @Override // com.helger.photon.uicore.page.IWebPageCSRFHandler
    @Nonnull
    public EContinue checkCSRFNonce(@Nonnull IWebPageExecutionContext iWebPageExecutionContext) {
        if (this.m_bCSRFPreventionEnabled) {
            CSRFSessionManager cSRFSessionManager = CSRFSessionManager.getInstance();
            String asString = iWebPageExecutionContext.params().getAsString(CPageParam.FIELD_NONCE);
            if (!cSRFSessionManager.isExpectedNonce(asString)) {
                this.m_aErrorHdl.onCSRFError(iWebPageExecutionContext, asString, cSRFSessionManager.getNonce());
                cSRFSessionManager.generateNewNonce();
                return EContinue.BREAK;
            }
        }
        return EContinue.CONTINUE;
    }

    @Override // com.helger.photon.uicore.page.IWebPageCSRFHandler
    @Nullable
    public HCHiddenField createCSRFNonceField() {
        if (this.m_bCSRFPreventionEnabled) {
            return new HCHiddenField(CPageParam.FIELD_NONCE, CSRFSessionManager.getInstance().getNonce());
        }
        return null;
    }
}
