package com.ms.security.google.authenticator.factory;

import com.ms.security.google.authenticator.factory.GoogleAuthenticatorKey;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.ServiceLoader;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/ms/security/google/authenticator/factory/GoogleAuthenticator.class */
public final class GoogleAuthenticator implements IGoogleAuthenticator {
    public static final String RNG_ALGORITHM = "com.ms.google.auth.algorithm";
    public static final String RNG_ALGORITHM_PROVIDER = "com.ms.google.auth.algorithmProvider";
    private static final int SCRATCH_CODE_LENGTH = 8;
    private static final int SCRATCH_CODE_INVALID = -1;
    private static final int BYTES_PER_SCRATCH_CODE = 4;
    private static final String DEFAULT_RANDOM_NUMBER_ALGORITHM = "SHA1PRNG";
    private static final String DEFAULT_RANDOM_NUMBER_ALGORITHM_PROVIDER = "SUN";
    private final GoogleAuthenticatorConfig config;
    private ReseedingSecureRandom secureRandom;
    private ICredentialRepository credentialRepository;
    private boolean credentialRepositorySearched;
    private static final Logger LOGGER = Logger.getLogger(GoogleAuthenticator.class.getName());
    public static final int SCRATCH_CODE_MODULUS = (int) Math.pow(10.0d, 8.0d);

    public GoogleAuthenticator() {
        this.config = new GoogleAuthenticatorConfig();
        this.secureRandom = new ReseedingSecureRandom(getRandomNumberAlgorithm(), getRandomNumberAlgorithmProvider());
    }

    public GoogleAuthenticator(GoogleAuthenticatorConfig googleAuthenticatorConfig) {
        if (googleAuthenticatorConfig == null) {
            throw new IllegalArgumentException("Configuration cannot be null.");
        }
        this.config = googleAuthenticatorConfig;
        this.secureRandom = new ReseedingSecureRandom(getRandomNumberAlgorithm(), getRandomNumberAlgorithmProvider());
    }

    public GoogleAuthenticator(String str, String str2) {
        this(new GoogleAuthenticatorConfig(), str, str2);
    }

    public GoogleAuthenticator(GoogleAuthenticatorConfig googleAuthenticatorConfig, String str, String str2) {
        if (googleAuthenticatorConfig == null) {
            throw new IllegalArgumentException("Configuration cannot be null.");
        }
        this.config = googleAuthenticatorConfig;
        if (str == null && str2 == null) {
            this.secureRandom = new ReseedingSecureRandom();
        } else {
            if (str == null) {
                throw new IllegalArgumentException("RandomNumberAlgorithm must not be null. If the RandomNumberAlgorithm is null, the RandomNumberAlgorithmProvider must also be null.");
            }
            if (str2 == null) {
                this.secureRandom = new ReseedingSecureRandom(str);
            }
        }
    }

    private String getRandomNumberAlgorithm() {
        return System.getProperty(RNG_ALGORITHM, DEFAULT_RANDOM_NUMBER_ALGORITHM);
    }

    private String getRandomNumberAlgorithmProvider() {
        return System.getProperty(RNG_ALGORITHM_PROVIDER, DEFAULT_RANDOM_NUMBER_ALGORITHM_PROVIDER);
    }

    int calculateCode(byte[] bArr, long j) {
        byte[] bArr2 = new byte[SCRATCH_CODE_LENGTH];
        long j2 = j;
        int i = SCRATCH_CODE_LENGTH;
        while (true) {
            int i2 = i;
            i += SCRATCH_CODE_INVALID;
            if (i2 <= 0) {
                break;
            }
            bArr2[i] = (byte) j2;
            j2 >>>= 8;
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, this.config.getHmacHashFunction().toString());
        try {
            Mac mac = Mac.getInstance(this.config.getHmacHashFunction().toString());
            mac.init(secretKeySpec);
            byte[] doFinal = mac.doFinal(bArr2);
            int i3 = doFinal[doFinal.length - 1] & 15;
            long j3 = 0;
            for (int i4 = 0; i4 < BYTES_PER_SCRATCH_CODE; i4++) {
                j3 = (j3 << 8) | (doFinal[i3 + i4] & 255);
            }
            return (int) ((j3 & 2147483647L) % this.config.getKeyModulus());
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            LOGGER.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new GoogleAuthenticatorException("The operation cannot be performed now.");
        }
    }

    private long getTimeWindowFromTime(long j) {
        return j / this.config.getTimeStepSizeInMillis();
    }

    private boolean checkCode(String str, long j, long j2, int i) {
        byte[] decodeSecret = decodeSecret(str);
        long timeWindowFromTime = getTimeWindowFromTime(j2);
        for (int i2 = -((i - 1) / 2); i2 <= i / 2; i2++) {
            if (calculateCode(decodeSecret, timeWindowFromTime + i2) == j) {
                return true;
            }
        }
        return false;
    }

    private byte[] decodeSecret(String str) {
        switch (this.config.getKeyRepresentation()) {
            case BASE32:
                return new Base32().decode(str.toUpperCase());
            case BASE64:
                return new Base64().decode(str);
            default:
                throw new IllegalArgumentException("Unknown key representation type.");
        }
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public GoogleAuthenticatorKey createCredentials() {
        int secretBits = this.config.getSecretBits() / SCRATCH_CODE_LENGTH;
        byte[] bArr = new byte[secretBits];
        this.secureRandom.nextBytes(bArr);
        byte[] copyOf = Arrays.copyOf(bArr, secretBits);
        String calculateSecretKey = calculateSecretKey(copyOf);
        int calculateValidationCode = calculateValidationCode(copyOf);
        return new GoogleAuthenticatorKey.Builder(calculateSecretKey).setConfig(this.config).setVerificationCode(calculateValidationCode).setScratchCodes(calculateScratchCodes()).build();
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public GoogleAuthenticatorKey createCredentials(String str) {
        if (str == null) {
            throw new IllegalArgumentException("User name cannot be null.");
        }
        GoogleAuthenticatorKey createCredentials = createCredentials();
        getValidCredentialRepository().saveUserCredentials(str, createCredentials.getKey(), createCredentials.getVerificationCode(), createCredentials.getScratchCodes());
        return createCredentials;
    }

    private List<Integer> calculateScratchCodes() {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.config.getNumberOfScratchCodes(); i++) {
            arrayList.add(Integer.valueOf(generateScratchCode()));
        }
        return arrayList;
    }

    private int calculateScratchCode(byte[] bArr) {
        if (bArr.length < BYTES_PER_SCRATCH_CODE) {
            throw new IllegalArgumentException(String.format("The provided random byte buffer is too small: %d.", Integer.valueOf(bArr.length)));
        }
        int i = 0;
        for (int i2 = 0; i2 < BYTES_PER_SCRATCH_CODE; i2++) {
            i = (i << SCRATCH_CODE_LENGTH) + (bArr[i2] & 255);
        }
        int i3 = (i & Integer.MAX_VALUE) % SCRATCH_CODE_MODULUS;
        return validateScratchCode(i3) ? i3 : SCRATCH_CODE_INVALID;
    }

    boolean validateScratchCode(int i) {
        return i >= SCRATCH_CODE_MODULUS / 10;
    }

    private int generateScratchCode() {
        int calculateScratchCode;
        do {
            byte[] bArr = new byte[BYTES_PER_SCRATCH_CODE];
            this.secureRandom.nextBytes(bArr);
            calculateScratchCode = calculateScratchCode(bArr);
        } while (calculateScratchCode == SCRATCH_CODE_INVALID);
        return calculateScratchCode;
    }

    private int calculateValidationCode(byte[] bArr) {
        return calculateCode(bArr, 0L);
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public int getTotpPassword(String str) {
        return getTotpPassword(str, System.currentTimeMillis());
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public int getTotpPassword(String str, long j) {
        return calculateCode(decodeSecret(str), getTimeWindowFromTime(j));
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public int getTotpPasswordOfUser(String str) {
        return getTotpPasswordOfUser(str, System.currentTimeMillis());
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public int getTotpPasswordOfUser(String str, long j) {
        return calculateCode(decodeSecret(getValidCredentialRepository().getSecretKey(str)), getTimeWindowFromTime(j));
    }

    private String calculateSecretKey(byte[] bArr) {
        switch (this.config.getKeyRepresentation()) {
            case BASE32:
                return new Base32().encodeToString(bArr);
            case BASE64:
                return new Base64().encodeToString(bArr);
            default:
                throw new IllegalArgumentException("Unknown key representation type.");
        }
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public boolean authorize(String str, int i) {
        return authorize(str, i, System.currentTimeMillis());
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public boolean authorize(String str, int i, long j) {
        if (str == null) {
            throw new IllegalArgumentException("Secret cannot be null.");
        }
        if (i <= 0 || i >= this.config.getKeyModulus()) {
            return false;
        }
        return checkCode(str, i, j, this.config.getWindowSize());
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public boolean authorizeUser(String str, int i) {
        return authorizeUser(str, i, System.currentTimeMillis());
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public boolean authorizeUser(String str, int i, long j) {
        return authorize(getValidCredentialRepository().getSecretKey(str), i, j);
    }

    private ICredentialRepository getValidCredentialRepository() {
        ICredentialRepository credentialRepository = getCredentialRepository();
        if (credentialRepository == null) {
            throw new UnsupportedOperationException(String.format("An instance of the %s service must be configured in order to use this feature.", ICredentialRepository.class.getName()));
        }
        return credentialRepository;
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public ICredentialRepository getCredentialRepository() {
        if (this.credentialRepositorySearched) {
            return this.credentialRepository;
        }
        this.credentialRepositorySearched = true;
        Iterator it = ServiceLoader.load(ICredentialRepository.class).iterator();
        if (it.hasNext()) {
            this.credentialRepository = (ICredentialRepository) it.next();
        }
        return this.credentialRepository;
    }

    @Override // com.ms.security.google.authenticator.factory.IGoogleAuthenticator
    public void setCredentialRepository(ICredentialRepository iCredentialRepository) {
        this.credentialRepository = iCredentialRepository;
        this.credentialRepositorySearched = true;
    }

    public String parseTotpCode(int i) {
        return String.format("%06d", Integer.valueOf(i));
    }

    public GoogleAuthenticatorKey parseGoogleAuthenticatorKey(String str) {
        return new GoogleAuthenticatorKey.Builder(str).setConfig(new GoogleAuthenticatorConfig()).setVerificationCode(calculateCode(str.getBytes(), 0L)).build();
    }
}
