package de.jformchecker.security;

import java.security.SecureRandom;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringEscapeUtils;

/* loaded from: input_file:de/jformchecker/security/XSRFBuilder.class */
public class XSRFBuilder {
    private final SecureRandom random = new SecureRandom();

    public String buildCSRFTokens(HttpServletRequest httpServletRequest, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (!z) {
            String parameter = httpServletRequest.getParameter("tokenname");
            String parameter2 = httpServletRequest.getParameter("tokenVal");
            if (parameter2 == null || !parameter2.equals(httpServletRequest.getSession().getAttribute(parameter))) {
                throw new XSRFException("Security Problem!");
            }
        }
        String str = "token_" + Math.random();
        String randomValue = getRandomValue();
        httpServletRequest.getSession().setAttribute(str, randomValue);
        sb.append("<input type=\"hidden\" name=\"tokenname\" value=\"" + StringEscapeUtils.escapeHtml4(str) + "\">");
        sb.append("<input type=\"hidden\" name=\"tokenVal\" value=\"" + StringEscapeUtils.escapeHtml4(randomValue) + "\">\n");
        return sb.toString();
    }

    private String getRandomValue() {
        byte[] bArr = new byte[32];
        this.random.nextBytes(bArr);
        return Base64.getEncoder().encodeToString(bArr);
    }
}
