package org.primeframework.mvc.security.csrf;

import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.primeframework.mvc.ErrorException;
import org.primeframework.mvc.security.CookieConfig;
import org.primeframework.mvc.security.Encryptor;

/* loaded from: input_file:org/primeframework/mvc/security/csrf/BaseEncryptionBasedTokenCSRFProvider.class */
public abstract class BaseEncryptionBasedTokenCSRFProvider implements CSRFProvider {
    private final CookieConfig cookie;
    private final Encryptor encryptor;
    private long nonceTimeout = TimeUnit.MINUTES.toMillis(15);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/primeframework/mvc/security/csrf/BaseEncryptionBasedTokenCSRFProvider$CSRFToken.class */
    public static class CSRFToken {
        public long instant;
        public String sid;

        private CSRFToken() {
        }
    }

    protected BaseEncryptionBasedTokenCSRFProvider(CookieConfig cookieConfig, Encryptor encryptor) {
        this.cookie = cookieConfig;
        this.encryptor = encryptor;
    }

    @Override // org.primeframework.mvc.security.csrf.CSRFProvider
    public String getToken(HttpServletRequest httpServletRequest) {
        String str = this.cookie.get(httpServletRequest);
        if (str == null) {
            return null;
        }
        return generateToken(str);
    }

    @Override // org.primeframework.mvc.security.csrf.CSRFProvider
    public boolean validateRequest(HttpServletRequest httpServletRequest) {
        CSRFToken decrypt = decrypt(httpServletRequest.getParameter(CSRFProvider.CSRF_PARAMETER_KEY));
        if (decrypt == null) {
            return false;
        }
        if (decrypt.sid.equals(this.cookie.get(httpServletRequest))) {
            return decrypt.instant + this.nonceTimeout >= System.currentTimeMillis();
        }
        return false;
    }

    protected void setNonceTimeout(long j) {
        this.nonceTimeout = j;
    }

    private CSRFToken decrypt(String str) {
        try {
            return (CSRFToken) this.encryptor.decrypt(CSRFToken.class, str);
        } catch (Exception e) {
            return null;
        }
    }

    private String generateToken(String str) {
        try {
            CSRFToken cSRFToken = new CSRFToken();
            cSRFToken.sid = str;
            cSRFToken.instant = System.currentTimeMillis();
            return this.encryptor.encrypt(cSRFToken);
        } catch (Exception e) {
            throw new ErrorException("error", e, new Object[0]);
        }
    }
}
