package org.primeframework.mvc.security.csrf;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import io.fusionauth.http.server.HTTPRequest;
import java.util.concurrent.TimeUnit;
import org.primeframework.mvc.ErrorException;
import org.primeframework.mvc.security.Encryptor;
import org.primeframework.mvc.security.UserLoginSecurityContext;
import org.primeframework.mvc.util.CookieTools;

/* loaded from: input_file:org/primeframework/mvc/security/csrf/DefaultEncryptionBasedTokenCSRFProvider.class */
public class DefaultEncryptionBasedTokenCSRFProvider implements CSRFProvider {
    private final Encryptor encryptor;
    private final ObjectMapper objectMapper;
    private final UserLoginSecurityContext securityContext;
    private long nonceTimeout = TimeUnit.MINUTES.toMillis(15);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/primeframework/mvc/security/csrf/DefaultEncryptionBasedTokenCSRFProvider$CSRFToken.class */
    public static class CSRFToken {
        public long instant;
        public String sid;

        private CSRFToken() {
        }
    }

    @Inject
    public DefaultEncryptionBasedTokenCSRFProvider(Encryptor encryptor, ObjectMapper objectMapper, UserLoginSecurityContext userLoginSecurityContext) {
        this.encryptor = encryptor;
        this.objectMapper = objectMapper;
        this.securityContext = userLoginSecurityContext;
    }

    @Override // org.primeframework.mvc.security.csrf.CSRFProvider
    public String getToken(HTTPRequest hTTPRequest) {
        String str = (String) hTTPRequest.getAttribute(getParameterName());
        if (str == null) {
            String sessionId = this.securityContext.getSessionId();
            if (sessionId == null) {
                return null;
            }
            str = generateToken(sessionId);
            hTTPRequest.setAttribute(getParameterName(), str);
        }
        return str;
    }

    @Override // org.primeframework.mvc.security.csrf.CSRFProvider
    public boolean validateRequest(HTTPRequest hTTPRequest) {
        CSRFToken decrypt = decrypt(hTTPRequest.getParameter(getParameterName()));
        if (decrypt == null) {
            return false;
        }
        if (decrypt.sid.equals(this.securityContext.getSessionId())) {
            return decrypt.instant + this.nonceTimeout >= System.currentTimeMillis();
        }
        return false;
    }

    protected void setNonceTimeout(long j) {
        this.nonceTimeout = j;
    }

    private CSRFToken decrypt(String str) {
        try {
            return (CSRFToken) CookieTools.fromJSONCookie(str, CSRFToken.class, true, this.encryptor, this.objectMapper);
        } catch (Exception e) {
            return null;
        }
    }

    private String generateToken(String str) {
        try {
            CSRFToken cSRFToken = new CSRFToken();
            cSRFToken.sid = str;
            cSRFToken.instant = System.currentTimeMillis();
            return CookieTools.toJSONCookie(cSRFToken, false, true, this.encryptor, this.objectMapper);
        } catch (Exception e) {
            throw new ErrorException("error", e, new Object[0]);
        }
    }
}
