package cc.chensoul.rose.security.rest.mfa;

import cc.chensoul.rose.security.SecurityProperties;
import cc.chensoul.rose.security.rest.mfa.MfaAuthController;
import cc.chensoul.rose.security.rest.mfa.config.EmailMfaConfig;
import cc.chensoul.rose.security.rest.mfa.config.MfaConfig;
import cc.chensoul.rose.security.rest.mfa.config.SmsMfaConfig;
import cc.chensoul.rose.security.rest.mfa.provider.MfaProvider;
import cc.chensoul.rose.security.rest.mfa.provider.MfaProviderConfig;
import cc.chensoul.rose.security.rest.mfa.provider.MfaProviderType;
import cc.chensoul.rose.security.support.TokenFactory;
import cc.chensoul.rose.security.util.SecurityUser;
import cc.chensoul.rose.security.util.SecurityUtils;
import cc.chensoul.rose.security.util.TokenPair;
import java.util.Collection;
import java.util.EnumMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cc/chensoul/rose/security/rest/mfa/DefaultMfaSettingService.class */
public class DefaultMfaSettingService implements MfaSettingService {
    private static final RuntimeException PROVIDER_NOT_CONFIGURED_ERROR = new RuntimeException("mfa provider is not configured");
    private static final RuntimeException PROVIDER_NOT_AVAILABLE_ERROR = new RuntimeException("mfa provider is not available");
    private final Map<MfaProviderType, MfaProvider<MfaProviderConfig, MfaConfig>> providers = new EnumMap(MfaProviderType.class);
    private final TokenFactory tokenFactory;
    private final MfaProperties mfaProperties;
    private final SecurityProperties securityProperties;

    private static String obfuscate(String str, int i, char c, int i2, int i3) {
        String substring = str.substring(i2, i3);
        return str.substring(0, i2) + (substring.length() <= i * 2 ? StringUtils.repeat(c, substring.length()) : substring.substring(0, i) + StringUtils.repeat(c, substring.length() - (i * 2)) + substring.substring(substring.length() - i)) + str.substring(i3);
    }

    @Autowired
    private void setProviders(Collection<MfaProvider> collection) {
        collection.forEach(mfaProvider -> {
            this.providers.put(mfaProvider.getType(), mfaProvider);
        });
    }

    @Override // cc.chensoul.rose.security.rest.mfa.MfaSettingService
    public void prepareVerificationCode() {
        MfaConfig defaultConfig = this.mfaProperties.getDefaultConfig();
        getTwoFaProvider(defaultConfig.getProviderType()).prepareVerificationCode(SecurityUtils.getCurrentUser(), this.mfaProperties.getProviderConfig(defaultConfig.getProviderType()).orElseThrow(() -> {
            return PROVIDER_NOT_CONFIGURED_ERROR;
        }), defaultConfig);
    }

    @Override // cc.chensoul.rose.security.rest.mfa.MfaSettingService
    public TokenPair checkVerificationCode(String str) {
        SecurityUser currentUser = SecurityUtils.getCurrentUser();
        MfaConfig defaultConfig = this.mfaProperties.getDefaultConfig();
        MfaProviderConfig orElseThrow = this.mfaProperties.getProviderConfig(defaultConfig.getProviderType()).orElseThrow(() -> {
            return PROVIDER_NOT_CONFIGURED_ERROR;
        });
        boolean z = false;
        if (StringUtils.isNotBlank(str) && (StringUtils.isNumeric(str) || defaultConfig.getProviderType() == MfaProviderType.BACKUP_CODE)) {
            z = getTwoFaProvider(defaultConfig.getProviderType()).checkVerificationCode(currentUser, str, orElseThrow, defaultConfig);
        }
        if (z) {
            return this.tokenFactory.createTokenPair(currentUser);
        }
        throw new RuntimeException("Verification code is incorrect");
    }

    private MfaProvider<MfaProviderConfig, MfaConfig> getTwoFaProvider(MfaProviderType mfaProviderType) {
        return (MfaProvider) Optional.ofNullable(this.providers.get(mfaProviderType)).orElseThrow(() -> {
            return PROVIDER_NOT_AVAILABLE_ERROR;
        });
    }

    @Override // cc.chensoul.rose.security.rest.mfa.MfaSettingService
    public List<MfaAuthController.TwoFaProviderInfo> getAvailableTwoFaProviders() {
        return (List) this.mfaProperties.getAllConfigs().stream().map(mfaConfig -> {
            String str = null;
            switch (mfaConfig.getProviderType()) {
                case SMS:
                    String phoneNumber = ((SmsMfaConfig) mfaConfig).getPhoneNumber();
                    str = obfuscate(phoneNumber, 2, '*', phoneNumber.indexOf(43) + 1, phoneNumber.length());
                    break;
                case EMAIL:
                    String email = ((EmailMfaConfig) mfaConfig).getEmail();
                    str = obfuscate(email, 2, '*', 0, email.indexOf(64));
                    break;
            }
            return MfaAuthController.TwoFaProviderInfo.builder().type(mfaConfig.getProviderType()).useByDefault(mfaConfig.isUseByDefault()).contact(str).minVerificationCodeSendPeriod(this.mfaProperties.getMinVerificationCodeSendPeriod()).build();
        }).collect(Collectors.toList());
    }

    public DefaultMfaSettingService(TokenFactory tokenFactory, MfaProperties mfaProperties, SecurityProperties securityProperties) {
        this.tokenFactory = tokenFactory;
        this.mfaProperties = mfaProperties;
        this.securityProperties = securityProperties;
    }
}
