package com.bazaarvoice.auth.hmac.server;

import com.bazaarvoice.auth.hmac.common.Credentials;
import com.bazaarvoice.auth.hmac.common.SignatureGenerator;
import com.bazaarvoice.auth.hmac.common.TimeUtils;
import java.security.MessageDigest;
import java.util.concurrent.TimeUnit;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/bazaarvoice/auth/hmac/server/AbstractAuthenticator.class */
public abstract class AbstractAuthenticator<Principal> implements Authenticator<Principal> {
    private static final Logger LOG = LoggerFactory.getLogger(HmacAuthProvider.class);
    private final long allowedTimestampRange;

    protected AbstractAuthenticator() {
        this(15L, TimeUnit.MINUTES);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticator(long j, TimeUnit timeUnit) {
        this.allowedTimestampRange = timeUnit.toMillis(j);
    }

    @Override // com.bazaarvoice.auth.hmac.server.Authenticator
    public Principal authenticate(Credentials credentials) {
        if (!validateTimestamp(credentials.getTimestamp())) {
            LOG.info("Invalid timestamp");
            return null;
        }
        Principal principal = getPrincipal(credentials);
        if (principal == null) {
            LOG.info("Could not get principal");
            return null;
        }
        if (validateSignature(credentials, getSecretKeyFromPrincipal(principal))) {
            return principal;
        }
        LOG.info("Invalid signature");
        return null;
    }

    protected abstract Principal getPrincipal(Credentials credentials);

    protected abstract String getSecretKeyFromPrincipal(Principal principal);

    private boolean validateTimestamp(String str) {
        return Math.abs(new Duration(TimeUtils.parse(str), TimeUtils.nowInUTC()).getMillis()) <= this.allowedTimestampRange;
    }

    private boolean validateSignature(Credentials credentials, String str) {
        return MessageDigest.isEqual(credentials.getSignature().getBytes(), createSignature(credentials, str).getBytes());
    }

    private String createSignature(Credentials credentials, String str) {
        return new SignatureGenerator().generate(str, credentials.getMethod(), credentials.getTimestamp(), credentials.getPath(), credentials.getContent());
    }
}
