package org.forgerock.oauth2.core;

import java.nio.charset.Charset;
import java.security.MessageDigest;
import javax.inject.Inject;

/* loaded from: input_file:org/forgerock/oauth2/core/CsrfProtection.class */
public class CsrfProtection {
    private static final Charset UTF_8_CHARSET = Charset.forName("UTF-8");
    private final ResourceOwnerSessionValidator resourceOwnerSessionValidator;

    @Inject
    public CsrfProtection(ResourceOwnerSessionValidator resourceOwnerSessionValidator) {
        this.resourceOwnerSessionValidator = resourceOwnerSessionValidator;
    }

    public boolean isCsrfAttack(OAuth2Request oAuth2Request) {
        String sSOTokenID = this.resourceOwnerSessionValidator.getResourceOwnerSession(oAuth2Request).getTokenID().toString();
        String str = (String) oAuth2Request.getParameter("csrf");
        return str == null || !MessageDigest.isEqual(sSOTokenID.getBytes(UTF_8_CHARSET), str.getBytes(UTF_8_CHARSET));
    }
}
