package io.datarouter.httpclient.security;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.function.Supplier;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/datarouter/httpclient/security/DefaultCsrfGenerator.class */
public class DefaultCsrfGenerator implements CsrfGenerator {
    private static final String HASHING_ALGORITHM = "SHA-256";
    private static final String MAIN_CIPHER_ALGORITHM = "AES";
    private static final String SUB_CIPHER_ALGORITHM = "CBC/PKCS5Padding";
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    private final Supplier<String> cipherKeySupplier;

    public DefaultCsrfGenerator(Supplier<String> supplier) {
        this.cipherKeySupplier = supplier;
    }

    @Override // io.datarouter.httpclient.security.CsrfGenerator
    public String generateCsrfToken(String str) {
        try {
            return Base64.getEncoder().encodeToString(getCipher(1, str).doFinal(String.valueOf(System.currentTimeMillis()).getBytes()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Cipher getCipher(int i, String str) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException {
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        cipher.init(i, computeKey(this.cipherKeySupplier.get()), new IvParameterSpec(str.getBytes(), 0, 16));
        return cipher;
    }

    private SecretKeySpec computeKey(String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(HASHING_ALGORITHM);
        messageDigest.update(str.getBytes());
        return new SecretKeySpec(messageDigest.digest(), 0, 16, MAIN_CIPHER_ALGORITHM);
    }

    @Override // io.datarouter.httpclient.security.CsrfGenerator
    public String generateCsrfIv() {
        try {
            byte[] bArr = new byte[16];
            SecureRandom.getInstance("SHA1PRNG", "SUN").nextBytes(bArr);
            return Base64.getEncoder().encodeToString(bArr);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException("error in SecureRandom.getInstance()");
        }
    }
}
