package se.wfh.libs.common.web.ejb;

import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.concurrent.ThreadLocalRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.ejb.EJB;
import javax.ejb.Singleton;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.net.URLCodec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.wfh.libs.common.web.application.CharacterEncodingFilter;
import se.wfh.libs.common.web.ejb.interfaces.TotpAuthenticatorBean;
import se.wfh.libs.common.web.util.FacesTools;

@Singleton
@EJB(name = "TotpAuthenticatorEJB", beanInterface = TotpAuthenticatorBean.class)
/* loaded from: input_file:se/wfh/libs/common/web/ejb/TotpAuthenticatorEJB.class */
public class TotpAuthenticatorEJB implements TotpAuthenticatorBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(TotpAuthenticatorEJB.class);
    private static final long serialVersionUID = 1;
    private static final int SECRET_SIZE = 10;
    private static final int NUM_SCRATCH_CODES = 5;
    private static final int SCRATCH_CODE_SIZE = 8;
    private static final int WINDOW_SIZE = 3;
    public static final int DEFAULT_SIZE = 250;

    @Override // se.wfh.libs.common.web.ejb.interfaces.TotpAuthenticatorBean
    public boolean checkCode(String str, long j, long j2) throws GeneralSecurityException {
        byte[] decode = new Base32().decode(str);
        long j3 = (j2 / 1000) / 30;
        for (int i = -3; i <= WINDOW_SIZE; i++) {
            if (verifyCode(decode, j3 + i) == j) {
                return true;
            }
        }
        return false;
    }

    @Override // se.wfh.libs.common.web.ejb.interfaces.TotpAuthenticatorBean
    public boolean checkCode(String str, String str2) throws GeneralSecurityException {
        if (str == null) {
            return true;
        }
        try {
            return checkCode(str, Long.valueOf(Long.parseLong(str2)).longValue(), System.currentTimeMillis());
        } catch (NumberFormatException e) {
            LOGGER.warn("Error checking TOTP key '{}'.", str2);
            LOGGER.debug(e.getLocalizedMessage(), e);
            return false;
        }
    }

    @Override // se.wfh.libs.common.web.ejb.interfaces.TotpAuthenticatorBean
    public String generateSecretKey(int i) {
        byte[] bArr = new byte[i + 40];
        ThreadLocalRandom.current().nextBytes(bArr);
        return new String(new Base32().encode(Arrays.copyOf(bArr, i)), Charset.forName("ASCII"));
    }

    @Override // se.wfh.libs.common.web.ejb.interfaces.TotpAuthenticatorBean
    @Deprecated
    public String generateSecretKey() {
        return generateSecretKey(SECRET_SIZE);
    }

    @Override // se.wfh.libs.common.web.ejb.interfaces.TotpAuthenticatorBean
    public String getQRBarcodeURL(int i, String str, String str2, String str3) {
        FacesContext facesContext = FacesTools.getFacesContext();
        URLCodec uRLCodec = new URLCodec();
        try {
            return String.format("/qrservlet?width=%d&height=%d&text=otpauth://totp/%s%%3Fsecret%%3D%s%%26issuer%%3D%s", Integer.valueOf(i), Integer.valueOf(i), uRLCodec.encode(str2, CharacterEncodingFilter.CHARSET_STR), str3, uRLCodec.encode(str, CharacterEncodingFilter.CHARSET_STR));
        } catch (UnsupportedEncodingException e) {
            LOGGER.warn("Unable to encode barcode parameters.");
            LOGGER.debug(e.getLocalizedMessage(), e);
            facesContext.addMessage((String) null, new FacesMessage(FacesMessage.SEVERITY_ERROR, e.getLocalizedMessage(), (String) null));
            return null;
        }
    }

    @Override // se.wfh.libs.common.web.ejb.interfaces.TotpAuthenticatorBean
    @Deprecated
    public String getQRBarcodeURL(String str, String str2, String str3) {
        return getQRBarcodeURL(DEFAULT_SIZE, str, str2, str3);
    }

    private int verifyCode(byte[] bArr, long j) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] bArr2 = new byte[SCRATCH_CODE_SIZE];
        long j2 = j;
        int i = SCRATCH_CODE_SIZE;
        while (true) {
            int i2 = i;
            i--;
            if (i2 <= 0) {
                break;
            }
            bArr2[i] = (byte) j2;
            j2 >>>= 8;
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(secretKeySpec);
        int i3 = mac.doFinal(bArr2)[19] & 15;
        long j3 = 0;
        for (int i4 = 0; i4 < 4; i4++) {
            j3 = (j3 << 8) | (r0[i3 + i4] & 255);
        }
        return (int) ((j3 & 2147483647L) % 1000000);
    }
}
