package org.springframework.security.web.server.csrf;

import java.security.SecureRandom;
import java.util.Base64;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.4.1.jar:org/springframework/security/web/server/csrf/XorServerCsrfTokenRequestAttributeHandler.class */
public final class XorServerCsrfTokenRequestAttributeHandler extends ServerCsrfTokenRequestAttributeHandler {
    private SecureRandom secureRandom = new SecureRandom();

    public void setSecureRandom(SecureRandom secureRandom) {
        Assert.notNull(secureRandom, "secureRandom cannot be null");
        this.secureRandom = secureRandom;
    }

    @Override // org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler, org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler
    public void handle(ServerWebExchange serverWebExchange, Mono<CsrfToken> mono) {
        Assert.notNull(serverWebExchange, "exchange cannot be null");
        Assert.notNull(mono, "csrfToken cannot be null");
        super.handle(serverWebExchange, mono.map(csrfToken -> {
            return new DefaultCsrfToken(csrfToken.getHeaderName(), csrfToken.getParameterName(), createXoredCsrfToken(this.secureRandom, csrfToken.getToken()));
        }).cast(CsrfToken.class).cache());
    }

    @Override // org.springframework.security.web.server.csrf.ServerCsrfTokenRequestAttributeHandler, org.springframework.security.web.server.csrf.ServerCsrfTokenRequestHandler, org.springframework.security.web.server.csrf.ServerCsrfTokenRequestResolver
    public Mono<String> resolveCsrfTokenValue(ServerWebExchange serverWebExchange, CsrfToken csrfToken) {
        return super.resolveCsrfTokenValue(serverWebExchange, csrfToken).flatMap(str -> {
            return Mono.justOrEmpty(getTokenValue(str, csrfToken.getToken()));
        });
    }

    private static String getTokenValue(String str, String str2) {
        try {
            byte[] decode = Base64.getUrlDecoder().decode(str);
            int length = Utf8.encode(str2).length;
            if (decode.length != length * 2) {
                return null;
            }
            byte[] bArr = new byte[length];
            byte[] bArr2 = new byte[length];
            System.arraycopy(decode, 0, bArr2, 0, length);
            System.arraycopy(decode, length, bArr, 0, length);
            byte[] xorCsrf = xorCsrf(bArr2, bArr);
            if (xorCsrf != null) {
                return Utf8.decode(xorCsrf);
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    private static String createXoredCsrfToken(SecureRandom secureRandom, String str) {
        byte[] encode = Utf8.encode(str);
        byte[] bArr = new byte[encode.length];
        secureRandom.nextBytes(bArr);
        byte[] xorCsrf = xorCsrf(bArr, encode);
        byte[] bArr2 = new byte[encode.length + bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(xorCsrf, 0, bArr2, bArr.length, xorCsrf.length);
        return Base64.getUrlEncoder().encodeToString(bArr2);
    }

    private static byte[] xorCsrf(byte[] bArr, byte[] bArr2) {
        Assert.isTrue(bArr.length == bArr2.length, "arrays must be equal length");
        int length = bArr2.length;
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr2, 0, bArr3, 0, length);
        for (int i = 0; i < length; i++) {
            int i2 = i;
            bArr3[i2] = (byte) (bArr3[i2] ^ bArr[i]);
        }
        return bArr3;
    }
}
