package com.appiancorp.sharepoint.webpart;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.FastDateFormat;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/sharepoint/webpart/WebPartRequestValidator.class */
public class WebPartRequestValidator {
    public static final String ENCODING_UTF_8 = "UTF-8";
    protected static final String PARAM_NAME_USER = "user";
    protected static final long SIGNATURE_TTL = 86400000;
    private static final Logger LOG = Logger.getLogger(WebPartRequestValidator.class.getName());
    protected static final String FORMAT_ISO8601 = "yyyy-MM-dd HH:mm:ss";
    private static final FastDateFormat TIMESTAMP_FORMAT = FastDateFormat.getInstance(FORMAT_ISO8601);

    protected static byte[] generateDigest(String str, Date date, String str2, Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        sb.append("webpart" + str2);
        ArrayList<String> arrayList = new ArrayList(map.keySet());
        Collections.sort(arrayList, String.CASE_INSENSITIVE_ORDER);
        for (String str3 : arrayList) {
            sb.append("\n");
            sb.append(str3 + ":" + map.get(str3));
        }
        sb.append("\n");
        sb.append(TIMESTAMP_FORMAT.format(date));
        SecretKeySpec secretKeySpec = new SecretKeySpec(getBytes(str), "HmacSHA1");
        try {
            Mac mac = Mac.getInstance("HmacSHA512");
            mac.init(secretKeySpec);
            return mac.doFinal(getBytes(sb.toString()));
        } catch (InvalidKeyException e) {
            throw new Error(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new Error(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isValid(String str, Date date, String str2, Map<String, String> map, String str3) {
        String str4 = map.get("user");
        if (date == null || StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
            LOG.warn("Invalid request: no user, timestamp or signature provided");
            return false;
        }
        if (!Arrays.equals(generateDigest(str, date, str2, map), Base64.decode(str3, "UTF-8"))) {
            LOG.warn("Invalid signature: digests are different");
            return false;
        }
        if (!new Date().after(new Date(date.getTime() + 86400000))) {
            return true;
        }
        LOG.warn("Invalid signature: Signature has expired.");
        return false;
    }

    private static byte[] getBytes(String str) {
        try {
            return str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new Error();
        }
    }
}
