package keywhiz.auth.xsrf;

import com.google.common.base.Preconditions;
import com.google.common.hash.HashFunction;
import com.google.common.hash.Hashing;
import java.nio.charset.StandardCharsets;
import javax.inject.Inject;
import javax.ws.rs.core.NewCookie;
import keywhiz.auth.Subtles;
import keywhiz.auth.cookie.CookieConfig;
import org.eclipse.jetty.http.HttpCookie;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.server.Response;

/* loaded from: input_file:keywhiz/auth/xsrf/XsrfProtection.class */
public class XsrfProtection {
    private static final HashFunction SHA512 = Hashing.sha512();
    private final CookieConfig config;

    @Inject
    public XsrfProtection(@Xsrf CookieConfig cookieConfig) {
        Preconditions.checkArgument(!cookieConfig.isHttpOnly(), "XSRF cookies must not be HttpOnly.");
        this.config = cookieConfig;
    }

    public NewCookie generate(String str) {
        Preconditions.checkArgument(!str.isEmpty());
        HttpCookie httpCookie = new HttpCookie(this.config.getName(), SHA512.hashString(str, StandardCharsets.UTF_8).toString(), this.config.getDomain(), this.config.getPath(), -1L, this.config.isHttpOnly(), this.config.isSecure());
        Response response = new Response(null, null);
        response.addCookie(httpCookie);
        return NewCookie.valueOf(response.getHttpFields().getStringField(HttpHeader.SET_COOKIE));
    }

    public static boolean isValid(String str, String str2) {
        Preconditions.checkArgument(!str.isEmpty());
        Preconditions.checkArgument(!str2.isEmpty());
        return Subtles.secureCompare(SHA512.hashString(str2, StandardCharsets.UTF_8).toString().getBytes(StandardCharsets.UTF_8), str.getBytes(StandardCharsets.UTF_8));
    }
}
