package sirius.web.security;

import com.google.common.io.BaseEncoding;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import javax.annotation.Nonnull;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import sirius.kernel.commons.Strings;
import sirius.kernel.di.std.ConfigValue;
import sirius.kernel.di.std.Register;
import sirius.kernel.health.Exceptions;

@Register(classes = {OTPVerifier.class})
/* loaded from: input_file:sirius/web/security/OTPVerifier.class */
public class OTPVerifier {

    @ConfigValue("http.otp.graceNumberOfIntervals")
    private int numberOfGraceIntervals;

    @ConfigValue("http.otp.timeInterval")
    private Duration timeInterval;
    private static final int CODE_LENGTH = 6;

    @Nonnull
    public String generateSharedSecret() {
        byte[] bArr = new byte[10];
        new SecureRandom().nextBytes(bArr);
        return BaseEncoding.base32().encode(bArr);
    }

    @Nonnull
    public String getAsAuthURL(String str, String str2) {
        return "otpauth://totp/" + str.replace(" ", "_") + "?secret=" + Strings.urlEncode(str2);
    }

    public boolean checkCode(String str, String str2) {
        if (Strings.isEmpty(str) || Strings.isEmpty(str2)) {
            return false;
        }
        byte[] decode = BaseEncoding.base32().decode(str);
        long currentTimeMillis = System.currentTimeMillis() / this.timeInterval.toMillis();
        int i = this.numberOfGraceIntervals;
        for (int i2 = -i; i2 <= i; i2++) {
            if (Strings.areEqual(String.valueOf(extractOTPCode(decode, currentTimeMillis + i2)), str2)) {
                return true;
            }
        }
        return false;
    }

    @Nonnull
    public String computeCode(@Nonnull String str) {
        return extractOTPCode(BaseEncoding.base32().decode(str), System.currentTimeMillis() / this.timeInterval.toMillis());
    }

    private String extractOTPCode(byte[] bArr, long j) {
        try {
            byte[] bArr2 = new byte[8];
            long j2 = j;
            for (int i = 7; i >= 0; i--) {
                bArr2[i] = (byte) j2;
                j2 >>>= 8;
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA1");
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(secretKeySpec);
            int i2 = mac.doFinal(bArr2)[19] & 15;
            long j3 = 0;
            for (int i3 = 0; i3 < 4; i3++) {
                j3 = (j3 << 8) | (r0[i2 + i3] & 255);
            }
            String valueOf = String.valueOf((j3 & 2147483647L) % ((int) Math.pow(10.0d, 6.0d)));
            while (valueOf.length() < CODE_LENGTH) {
                valueOf = "0" + valueOf;
            }
            return valueOf;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw Exceptions.handle(e);
        }
    }
}
