package org.jahia.modules.formfactory.api.impl.live;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.digest.DigestUtils;
import org.jahia.modules.formfactory.formserialization.models.Field;
import org.jahia.modules.formfactory.formserialization.models.Form;
import org.jahia.modules.formfactory.formserialization.models.Step;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:form-factory-core-2.0.2.jar:org/jahia/modules/formfactory/api/impl/live/Tokenizer.class */
public class Tokenizer {
    private static final Logger logger = LoggerFactory.getLogger(Tokenizer.class);
    private final String CSRF_TOKENS = "ffCSRFTokens";
    private final String SALT = "ffSalt";

    public void generateToken(HttpServletRequest httpServletRequest, Form form) {
        String str;
        Map map = (Map) httpServletRequest.getSession().getAttribute("ffCSRFTokens");
        if (map == null) {
            map = new HashMap();
        }
        String hashValue = hashValue(formNamesToString(form));
        if (httpServletRequest.getSession().getAttribute("ffSalt") == null) {
            str = UUID.randomUUID().toString();
            httpServletRequest.getSession().setAttribute("ffSalt", str);
        } else {
            str = (String) httpServletRequest.getSession().getAttribute("ffSalt");
        }
        map.put(form.getJcrId(), hashValue(str + hashValue));
        httpServletRequest.getSession().setAttribute("ffCSRFTokens", map);
        form.setToken(hashValue);
    }

    public boolean verifyToken(HttpServletRequest httpServletRequest, String str, Form form) {
        String str2 = (String) httpServletRequest.getSession().getAttribute("ffSalt");
        String hashValue = hashValue(str2 + str);
        String hashValue2 = hashValue(str2 + hashValue(formNamesToString(form)));
        Map<String, String> map = (Map) httpServletRequest.getSession().getAttribute("ffCSRFTokens");
        String str3 = map.get(form.getJcrId());
        resetInSessionToken(httpServletRequest, map, form.getJcrId());
        return hashValue.compareTo(str3) == 0 && hashValue.compareTo(hashValue2) == 0;
    }

    private void resetInSessionToken(HttpServletRequest httpServletRequest, Map<String, String> map, String str) {
        map.put(str, hashValue(UUID.randomUUID().toString()));
        httpServletRequest.getSession().setAttribute("ffCSRFTokens", map);
    }

    private String hashValue(String str) {
        return DigestUtils.sha1Hex(str);
    }

    private String formNamesToString(Form form) {
        String str = JsonProperty.USE_DEFAULT_NAME;
        Iterator<Step> it = form.getSteps().iterator();
        while (it.hasNext()) {
            Iterator<Field> it2 = it.next().getInputs().iterator();
            while (it2.hasNext()) {
                str = str + it2.next().getName();
            }
        }
        return str;
    }
}
