package net.formio.security;

/* loaded from: input_file:net/formio/security/HashTokenAuthorizer.class */
public class HashTokenAuthorizer extends AbstractTokenAuthorizer {
    private static final String TOKEN_PART_SEPARATOR = "_";

    @Override // net.formio.security.TokenAuthorizer
    public String generateToken(String str) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("secret cannot be empty");
        }
        return tokenFromSecretAndTime(str, System.currentTimeMillis());
    }

    @Override // net.formio.security.TokenAuthorizer
    public boolean isValidToken(String str, String str2) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            return false;
        }
        long timeFromToken = getTimeFromToken(str);
        return str.equals(tokenFromSecretAndTime(str2, timeFromToken)) && Math.abs(System.currentTimeMillis() - timeFromToken) <= getMaxAllowedTimeDifference();
    }

    protected String getHashAlgorithm() {
        return "SHA-256";
    }

    protected long getMaxAllowedTimeDifference() {
        return 21600000L;
    }

    String tokenFromSecretAndTime(String str, long j) {
        return SecurityUtils.hash(str + j, getHashAlgorithm()) + "_" + j;
    }

    private long getTimeFromToken(String str) {
        String substring;
        long j = 0;
        if (str == null || str.isEmpty()) {
            return 0L;
        }
        int lastIndexOf = str.lastIndexOf("_");
        if (lastIndexOf >= 0 && (substring = str.substring(lastIndexOf + "_".length())) != null && !substring.isEmpty()) {
            try {
                j = Long.valueOf(substring).longValue();
            } catch (NumberFormatException e) {
            }
        }
        return j;
    }
}
