package jp.co.ap_com.spring.oauth2;

import com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl;
import java.security.SecureRandom;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:jp/co/ap_com/spring/oauth2/OAuth2CsrfManager.class */
public class OAuth2CsrfManager {
    private static final String OAUTH2_SESSION_STATE = "OAUTH2_SESSION_STATE";
    private static final int OAUTH2_SESSION_STATE_LENGHT = 16;
    private static final char[] CODEC = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".toCharArray();

    public void removeState(HttpServletRequest httpServletRequest) {
        httpServletRequest.getSession().removeAttribute(OAUTH2_SESSION_STATE);
    }

    public boolean isValidState(HttpServletRequest httpServletRequest, AuthorizationCodeResponseUrl authorizationCodeResponseUrl) {
        Object attribute;
        String state = authorizationCodeResponseUrl.getState();
        if (state == null || (attribute = httpServletRequest.getSession().getAttribute(OAUTH2_SESSION_STATE)) == null) {
            return false;
        }
        return state.equals(attribute.toString());
    }

    public String generateAndSaveState(HttpServletRequest httpServletRequest) {
        String generateState = generateState();
        httpServletRequest.getSession().setAttribute(OAUTH2_SESSION_STATE, generateState);
        return generateState;
    }

    private static String generateState() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[OAUTH2_SESSION_STATE_LENGHT];
        secureRandom.nextBytes(bArr);
        char[] cArr = new char[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            cArr[i] = CODEC[(bArr[i] & 255) % CODEC.length];
        }
        return new String(cArr);
    }
}
