package graphql.kickstart.autoconfigure.web.servlet;

import graphql.kickstart.autoconfigure.web.servlet.GraphQLSubscriptionWebsocketProperties;
import jakarta.websocket.server.HandshakeRequest;
import java.util.Objects;
import lombok.Generated;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:BOOT-INF/lib/graphql-spring-boot-autoconfigure-15.1.0.jar:graphql/kickstart/autoconfigure/web/servlet/WsCsrfFilter.class */
class WsCsrfFilter {
    private final GraphQLSubscriptionWebsocketProperties.CsrfProperties csrfProperties;
    private final WsCsrfTokenRepository tokenRepository;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void doFilter(HandshakeRequest handshakeRequest) {
        if (!this.csrfProperties.isEnabled() || this.tokenRepository == null) {
            return;
        }
        WsCsrfToken loadToken = this.tokenRepository.loadToken(handshakeRequest);
        if (loadToken == null) {
            loadToken = this.tokenRepository.generateToken(handshakeRequest);
            this.tokenRepository.saveToken(loadToken, handshakeRequest);
        }
        String str = (String) CollectionUtils.firstElement(handshakeRequest.getParameterMap().get(loadToken.getParameterName()));
        if (!Objects.equals(loadToken.getToken(), str)) {
            throw new IllegalStateException("Invalid CSRF Token '" + str + "' was found on the request parameter '" + loadToken.getParameterName() + "'.");
        }
    }

    @Generated
    public WsCsrfFilter(GraphQLSubscriptionWebsocketProperties.CsrfProperties csrfProperties, WsCsrfTokenRepository wsCsrfTokenRepository) {
        this.csrfProperties = csrfProperties;
        this.tokenRepository = wsCsrfTokenRepository;
    }
}
