package org.sonar.server.authentication;

import java.math.BigInteger;
import java.security.SecureRandom;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.platform.Server;
import org.sonar.server.exceptions.UnauthorizedException;

/* loaded from: input_file:org/sonar/server/authentication/CsrfVerifier.class */
public class CsrfVerifier {
    private static final String CSRF_STATE_COOKIE = "OAUTHSTATE";
    private final Server server;

    public CsrfVerifier(Server server) {
        this.server = server;
    }

    public String generateState(HttpServletResponse httpServletResponse) {
        String bigInteger = new BigInteger(130, new SecureRandom()).toString(32);
        Cookie cookie = new Cookie(CSRF_STATE_COOKIE, DigestUtils.sha256Hex(bigInteger));
        cookie.setPath("/");
        cookie.setHttpOnly(true);
        cookie.setMaxAge(-1);
        cookie.setSecure(this.server.isSecured());
        httpServletResponse.addCookie(cookie);
        return bigInteger;
    }

    public void verifyState(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = null;
        for (Cookie cookie2 : httpServletRequest.getCookies()) {
            if (CSRF_STATE_COOKIE.equals(cookie2.getName())) {
                cookie = cookie2;
            }
        }
        if (cookie == null) {
            throw new UnauthorizedException();
        }
        String value = cookie.getValue();
        cookie.setValue((String) null);
        cookie.setMaxAge(0);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
        String parameter = httpServletRequest.getParameter("state");
        if (StringUtils.isBlank(parameter) || !DigestUtils.sha256Hex(parameter).equals(value)) {
            throw new UnauthorizedException();
        }
    }
}
