package io.datarouter.web.security;

import io.datarouter.httpclient.security.DefaultCsrfGenerator;
import java.security.GeneralSecurityException;
import java.time.Duration;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/datarouter/web/security/DefaultCsrfValidator.class */
public class DefaultCsrfValidator implements CsrfValidator {
    private static final Logger logger = LoggerFactory.getLogger(DefaultCsrfValidator.class);
    private static final Long DEFAULT_REQUEST_TIMEOUT_IN_MS = Long.valueOf(Duration.ofSeconds(10).toMillis());
    private final DefaultCsrfGenerator generator;
    private final long requestTimeoutMs;

    public DefaultCsrfValidator(DefaultCsrfGenerator defaultCsrfGenerator) {
        this(defaultCsrfGenerator, DEFAULT_REQUEST_TIMEOUT_IN_MS);
    }

    public DefaultCsrfValidator(DefaultCsrfGenerator defaultCsrfGenerator, Long l) {
        this.generator = defaultCsrfGenerator;
        this.requestTimeoutMs = l.longValue();
    }

    @Override // io.datarouter.web.security.CsrfValidator
    public boolean check(HttpServletRequest httpServletRequest) {
        Long l = null;
        try {
            l = getRequestTimeMs(httpServletRequest);
        } catch (Exception e) {
            logger.warn("DefaultCsrfValidator failed check. Bad key?", e);
        }
        return l != null && System.currentTimeMillis() < l.longValue() + this.requestTimeoutMs;
    }

    @Override // io.datarouter.web.security.CsrfValidator
    public Long getRequestTimeMs(HttpServletRequest httpServletRequest) {
        String parameterOrHeader = getParameterOrHeader(httpServletRequest, "csrfToken");
        try {
            return Long.valueOf(Long.parseLong(new String(this.generator.getCipher(2, getParameterOrHeader(httpServletRequest, "csrfIv")).doFinal(Base64.getDecoder().decode(parameterOrHeader)))));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private static String getParameterOrHeader(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter(str);
        return parameter != null ? parameter : httpServletRequest.getHeader(str);
    }
}
