package ipsk.webapps;

import java.security.SecureRandom;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:ipsk/webapps/SecureRequestTokenProvider.class */
public class SecureRequestTokenProvider {
    public static final int SECURE_REQUEST_TOKEN_BYTE_LEN = 64;
    public static final String SECURE_REQUEST_TOKEN_NAME = "_secureRequestToken";
    public static final String SECURE_REQUEST_TOKEN_ATTR_KEY = SecureRequestTokenProvider.class.getName() + "._secureRequestToken";

    public static String generateSecureRequestToken(HttpServletRequest httpServletRequest) {
        return generateSecureRequestToken(httpServletRequest, true);
    }

    public static String generateSecureRequestToken(HttpServletRequest httpServletRequest, boolean z) {
        String str = null;
        HttpSession session = httpServletRequest.getSession();
        if (session != null) {
            Object attribute = session.getAttribute(SECURE_REQUEST_TOKEN_ATTR_KEY);
            if (attribute != null && (attribute instanceof String)) {
                str = (String) attribute;
            }
            if (str == null) {
                byte[] bArr = new byte[64];
                new SecureRandom().nextBytes(bArr);
                str = Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
                session.setAttribute(SECURE_REQUEST_TOKEN_ATTR_KEY, str);
            }
        }
        return str;
    }

    private boolean _checkSecureRequestToken(HttpServletRequest httpServletRequest) {
        String generateSecureRequestToken;
        String parameter = httpServletRequest.getParameter(SECURE_REQUEST_TOKEN_NAME);
        if (parameter == null || (generateSecureRequestToken = generateSecureRequestToken(httpServletRequest, false)) == null) {
            return false;
        }
        return generateSecureRequestToken.equals(parameter);
    }

    public void checkSecureRequestToken(HttpServletRequest httpServletRequest) throws ControllerException {
        if (!_checkSecureRequestToken(httpServletRequest)) {
            throw new ControllerException("Invalid request!");
        }
    }
}
