package io.datarouter.httpclient.security;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.function.Supplier;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/httpclient/security/DefaultCsrfValidator.class */
public class DefaultCsrfValidator implements CsrfValidator {
    private static final String HASHING_ALGORITHM = "SHA-256";
    private static final String MAIN_CIPHER_ALGORITHM = "AES";
    private static final String SUB_CIPHER_ALGORITHM = "CBC/PKCS5Padding";
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    private final Supplier<String> cipherKeySupplier;
    private final long requestTimeoutMs;
    private static final Logger logger = LoggerFactory.getLogger(DefaultCsrfValidator.class);
    private static final Long DEFAULT_REQUEST_TIMEOUT_IN_MS = 10000L;

    public DefaultCsrfValidator(Supplier<String> supplier) {
        this(supplier, DEFAULT_REQUEST_TIMEOUT_IN_MS);
    }

    public DefaultCsrfValidator(Supplier<String> supplier, Long l) {
        this.cipherKeySupplier = supplier;
        this.requestTimeoutMs = l.longValue();
    }

    public static String generateCsrfIv() {
        try {
            byte[] bArr = new byte[16];
            SecureRandom.getInstance("SHA1PRNG", "SUN").nextBytes(bArr);
            return Base64.getEncoder().encodeToString(bArr);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException("error in SecureRandom.getInstance()");
        }
    }

    @Override // io.datarouter.httpclient.security.CsrfValidator
    public boolean check(HttpServletRequest httpServletRequest) {
        Long l = null;
        try {
            l = getRequestTimeMs(httpServletRequest);
        } catch (Exception e) {
            logger.warn("DefaultCsrfValidator failed check. Bad key?", e);
        }
        return l != null && System.currentTimeMillis() < l.longValue() + this.requestTimeoutMs;
    }

    public String generateCsrfToken(String str) {
        try {
            return Base64.getEncoder().encodeToString(getCipher(1, str).doFinal(String.valueOf(System.currentTimeMillis()).getBytes()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // io.datarouter.httpclient.security.CsrfValidator
    public Long getRequestTimeMs(HttpServletRequest httpServletRequest) {
        try {
            return Long.valueOf(Long.parseLong(new String(getCipher(2, getParameterOrHeader(httpServletRequest, SecurityParameters.CSRF_IV)).doFinal(Base64.getDecoder().decode(getParameterOrHeader(httpServletRequest, SecurityParameters.CSRF_TOKEN))))));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private static String getParameterOrHeader(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter(str);
        return parameter != null ? parameter : httpServletRequest.getHeader(str);
    }

    private SecretKeySpec computeKey(String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(HASHING_ALGORITHM);
        messageDigest.update(str.getBytes());
        return new SecretKeySpec(messageDigest.digest(), 0, 16, MAIN_CIPHER_ALGORITHM);
    }

    private Cipher getCipher(int i, String str) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        cipher.init(i, computeKey(this.cipherKeySupplier.get()), new IvParameterSpec(str.getBytes(), 0, 16));
        return cipher;
    }
}
