package io.datarouter.web.security;

import io.datarouter.httpclient.security.DefaultCsrfGenerator;
import io.datarouter.util.duration.DatarouterDuration;
import java.time.Duration;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/web/security/DefaultCsrfValidator.class */
public class DefaultCsrfValidator implements CsrfValidator {
    private static final Logger logger = LoggerFactory.getLogger(DefaultCsrfValidator.class);
    private static final Duration DEFAULT_REQUEST_TIMEOUT = Duration.ofSeconds(10);
    private final DefaultCsrfGenerator generator;
    private final DatarouterDuration requestTimeout;

    public DefaultCsrfValidator(DefaultCsrfGenerator defaultCsrfGenerator) {
        this(defaultCsrfGenerator, DEFAULT_REQUEST_TIMEOUT);
    }

    public DefaultCsrfValidator(DefaultCsrfGenerator defaultCsrfGenerator, Duration duration) {
        this.generator = defaultCsrfGenerator;
        this.requestTimeout = new DatarouterDuration(duration);
    }

    @Override // io.datarouter.web.security.CsrfValidator
    public CsrfValidationResult check(HttpServletRequest httpServletRequest) {
        String parameterOrHeader = getParameterOrHeader(httpServletRequest, "csrfToken");
        if (parameterOrHeader == null) {
            return new CsrfValidationResult(false, "csrfToken not found in http request");
        }
        byte[] decode = Base64.getDecoder().decode(parameterOrHeader);
        String parameterOrHeader2 = getParameterOrHeader(httpServletRequest, "csrfIv");
        if (parameterOrHeader2 == null) {
            return new CsrfValidationResult(false, "csrfIv not found in http request");
        }
        try {
            long parseLong = Long.parseLong(new String(this.generator.getCipher(2, parameterOrHeader2).doFinal(decode)));
            DatarouterDuration ageMs = DatarouterDuration.ageMs(parseLong);
            boolean isShorterThan = ageMs.isShorterThan(this.requestTimeout);
            String str = null;
            if (!isShorterThan) {
                str = "CSRF token age too old: " + String.valueOf(ageMs) + " (" + parseLong + ")";
            }
            return new CsrfValidationResult(isShorterThan, str);
        } catch (Exception e) {
            logger.error("could not decrypt csrf token", e);
            return new CsrfValidationResult(false, "Bad key?");
        }
    }

    private static String getParameterOrHeader(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter(str);
        return parameter != null ? parameter : httpServletRequest.getHeader(str);
    }
}
