package de.jformchecker.security;

import com.coverity.security.Escape;
import de.jformchecker.request.Request;
import de.jformchecker.request.SessionGet;
import de.jformchecker.request.SessionSet;
import java.security.SecureRandom;
import java.util.Base64;

/* loaded from: input_file:de/jformchecker/security/XSRFBuilder.class */
public class XSRFBuilder {
    private final SecureRandom random = new SecureRandom();

    public String buildCSRFTokens(Request request, boolean z, SessionGet sessionGet, SessionSet sessionSet) {
        StringBuilder sb = new StringBuilder();
        if (!z) {
            String parameter = request.getParameter("tokenname");
            String parameter2 = request.getParameter("tokenVal");
            if (parameter2 == null || !parameter2.equals(sessionGet.getAttribute(parameter))) {
                throw new XSRFException("Security Problem!");
            }
        }
        String str = "token-" + Math.random();
        String randomValue = getRandomValue();
        sessionSet.setAttribute(str, randomValue);
        sb.append("<input type=\"hidden\" name=\"tokenname\" value=\"" + Escape.htmlText(str) + "\">");
        sb.append("<input type=\"hidden\" name=\"tokenVal\" value=\"" + Escape.htmlText(randomValue) + "\">\n");
        return sb.toString();
    }

    private String getRandomValue() {
        byte[] bArr = new byte[32];
        this.random.nextBytes(bArr);
        return Base64.getEncoder().encodeToString(bArr);
    }
}
