package org.springframework.security.web.csrf;

import java.security.SecureRandom;
import java.util.Base64;
import java.util.function.Supplier;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.crypto.codec.Utf8;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.8.8.jar:org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandler.class */
public final class XorCsrfTokenRequestAttributeHandler extends CsrfTokenRequestAttributeHandler {
    private SecureRandom secureRandom = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-web-5.8.8.jar:org/springframework/security/web/csrf/XorCsrfTokenRequestAttributeHandler$CachedCsrfTokenSupplier.class */
    public static final class CachedCsrfTokenSupplier implements Supplier<CsrfToken> {
        private final Supplier<CsrfToken> delegate;
        private CsrfToken csrfToken;

        private CachedCsrfTokenSupplier(Supplier<CsrfToken> supplier) {
            this.delegate = supplier;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.function.Supplier
        public CsrfToken get() {
            if (this.csrfToken == null) {
                this.csrfToken = this.delegate.get();
            }
            return this.csrfToken;
        }
    }

    public void setSecureRandom(SecureRandom secureRandom) {
        Assert.notNull(secureRandom, "secureRandom cannot be null");
        this.secureRandom = secureRandom;
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler, org.springframework.security.web.csrf.CsrfTokenRequestHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Supplier<CsrfToken> supplier) {
        Assert.notNull(httpServletRequest, "request cannot be null");
        Assert.notNull(httpServletResponse, "response cannot be null");
        Assert.notNull(supplier, "deferredCsrfToken cannot be null");
        super.handle(httpServletRequest, httpServletResponse, deferCsrfTokenUpdate(supplier));
    }

    private Supplier<CsrfToken> deferCsrfTokenUpdate(Supplier<CsrfToken> supplier) {
        return new CachedCsrfTokenSupplier(() -> {
            CsrfToken csrfToken = (CsrfToken) supplier.get();
            Assert.state(csrfToken != null, "csrfToken supplier returned null");
            return new DefaultCsrfToken(csrfToken.getHeaderName(), csrfToken.getParameterName(), createXoredCsrfToken(this.secureRandom, csrfToken.getToken()));
        });
    }

    @Override // org.springframework.security.web.csrf.CsrfTokenRequestHandler, org.springframework.security.web.csrf.CsrfTokenRequestResolver
    public String resolveCsrfTokenValue(HttpServletRequest httpServletRequest, CsrfToken csrfToken) {
        return getTokenValue(super.resolveCsrfTokenValue(httpServletRequest, csrfToken), csrfToken.getToken());
    }

    private static String getTokenValue(String str, String str2) {
        try {
            byte[] decode = Base64.getUrlDecoder().decode(str);
            int length = Utf8.encode(str2).length;
            if (decode.length < length) {
                return null;
            }
            int length2 = decode.length - length;
            byte[] bArr = new byte[length];
            byte[] bArr2 = new byte[length2];
            System.arraycopy(decode, 0, bArr2, 0, length2);
            System.arraycopy(decode, length2, bArr, 0, length);
            return Utf8.decode(xorCsrf(bArr2, bArr));
        } catch (Exception e) {
            return null;
        }
    }

    private static String createXoredCsrfToken(SecureRandom secureRandom, String str) {
        byte[] encode = Utf8.encode(str);
        byte[] bArr = new byte[encode.length];
        secureRandom.nextBytes(bArr);
        byte[] xorCsrf = xorCsrf(bArr, encode);
        byte[] bArr2 = new byte[encode.length + bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(xorCsrf, 0, bArr2, bArr.length, xorCsrf.length);
        return Base64.getUrlEncoder().encodeToString(bArr2);
    }

    private static byte[] xorCsrf(byte[] bArr, byte[] bArr2) {
        int min = Math.min(bArr.length, bArr2.length);
        byte[] bArr3 = new byte[min];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        for (int i = 0; i < min; i++) {
            int i2 = i;
            bArr3[i2] = (byte) (bArr3[i2] ^ bArr[i]);
        }
        return bArr3;
    }
}
