package org.eclipsefoundation.utils.helper;

import io.quarkus.arc.Unremovable;
import io.vertx.core.http.HttpServerRequest;
import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import jakarta.ws.rs.core.SecurityContext;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import org.eclipsefoundation.utils.config.CSRFSecurityConfig;
import org.eclipsefoundation.utils.exception.FinalForbiddenException;
import org.eclipsefoundation.utils.model.AdditionalUserData;
import org.eclipsefoundation.utils.model.CSRFGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Unremovable
@Singleton
/* loaded from: input_file:org/eclipsefoundation/utils/helper/CSRFHelper.class */
public final class CSRFHelper {
    public static final Logger LOGGER = LoggerFactory.getLogger(CSRFHelper.class);

    @Inject
    Instance<CSRFSecurityConfig> config;

    @Inject
    CSRFGenerator generator;

    public String getNewCSRFToken(HttpServerRequest httpServerRequest, SecurityContext securityContext) {
        return this.generator.getCSRFToken(httpServerRequest, securityContext);
    }

    public String getSessionCSRFToken(AdditionalUserData additionalUserData, HttpServerRequest httpServerRequest, SecurityContext securityContext) {
        return ((CSRFSecurityConfig) this.config.get()).distributedMode().enabled() ? this.generator.getCSRFToken(httpServerRequest, securityContext) : additionalUserData.getCsrf();
    }

    public void compareCSRF(String str, String str2) {
        if (((CSRFSecurityConfig) this.config.get()).enabled()) {
            LOGGER.debug("Comparing following tokens:\n{}\n{}", str == null ? null : str, str2);
            if (str == null) {
                throw new FinalForbiddenException("CSRF token not generated for current request and is required, refusing request");
            }
            if (str2 == null) {
                throw new FinalForbiddenException("No CSRF token passed for current request, refusing request");
            }
            if (!verifyConstantTime(str, str2)) {
                throw new FinalForbiddenException("CSRF tokens did not match, refusing request");
            }
        }
    }

    private static boolean verifyConstantTime(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        if (str.equals(str2)) {
            return true;
        }
        return MessageDigest.isEqual(str.getBytes(StandardCharsets.US_ASCII), str2.getBytes(StandardCharsets.US_ASCII));
    }
}
