package io.vertx.ext.auth.otp.hotp.impl;

import io.vertx.core.Future;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authentication.CredentialValidationException;
import io.vertx.ext.auth.authentication.Credentials;
import io.vertx.ext.auth.otp.Authenticator;
import io.vertx.ext.auth.otp.OtpCredentials;
import io.vertx.ext.auth.otp.OtpKey;
import io.vertx.ext.auth.otp.hotp.HotpAuth;
import io.vertx.ext.auth.otp.hotp.HotpAuthOptions;
import io.vertx.ext.auth.otp.impl.org.openauthentication.otp.OneTimePasswordAlgorithm;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.function.Function;

/* loaded from: input_file:io/vertx/ext/auth/otp/hotp/impl/HotpAuthImpl.class */
public class HotpAuthImpl implements HotpAuth {
    private final HotpAuthOptions hotpAuthOptions;
    private Function<String, Future<Authenticator>> fetcher;
    private Function<Authenticator, Future<Void>> updater;

    public HotpAuthImpl(HotpAuthOptions hotpAuthOptions) {
        if (hotpAuthOptions == null) {
            throw new IllegalArgumentException("hotpAuthOptions cannot null");
        }
        this.hotpAuthOptions = hotpAuthOptions;
    }

    public Future<User> authenticate(Credentials credentials) {
        try {
            try {
                OtpCredentials otpCredentials = (OtpCredentials) credentials;
                otpCredentials.checkValid(this.hotpAuthOptions);
                return this.fetcher.apply(otpCredentials.getIdentifier()).compose(authenticator -> {
                    if (authenticator == null) {
                        return Future.failedFuture("user is not found");
                    }
                    long counter = authenticator.getCounter();
                    OtpKey algorithm = new OtpKey().setKey(authenticator.getKey()).setAlgorithm(authenticator.getAlgorithm());
                    long j = counter + 1;
                    Integer authAttempts = authenticator.getAuthAttempts();
                    Integer valueOf = Integer.valueOf(authAttempts != null ? Integer.valueOf(authAttempts.intValue() + 1).intValue() : 1);
                    authenticator.setAuthAttempts(valueOf);
                    try {
                        if (OneTimePasswordAlgorithm.generateOTP(algorithm.getKeyBytes(), j, this.hotpAuthOptions.getPasswordLength(), false, -1).equals(otpCredentials.getCode())) {
                            authenticator.setCounter(j);
                            return this.updater.apply(authenticator).compose(r5 -> {
                                return Future.succeededFuture(createUser(authenticator));
                            });
                        }
                        if (this.hotpAuthOptions.isUsingAttemptsLimit() && valueOf.intValue() >= this.hotpAuthOptions.getAuthAttemptsLimit()) {
                            return this.updater.apply(authenticator).compose(r2 -> {
                                return Future.failedFuture("invalid code");
                            });
                        }
                        if (this.hotpAuthOptions.isUsingResynchronization()) {
                            for (int i = 0; i < this.hotpAuthOptions.getLookAheadWindow(); i++) {
                                j++;
                                try {
                                    if (MessageDigest.isEqual(OneTimePasswordAlgorithm.generateOTP(algorithm.getKeyBytes(), j, this.hotpAuthOptions.getPasswordLength(), false, -1).getBytes(StandardCharsets.UTF_8), otpCredentials.getCode().getBytes(StandardCharsets.UTF_8))) {
                                        authenticator.setCounter(j);
                                        return this.updater.apply(authenticator).compose(r52 -> {
                                            return Future.succeededFuture(createUser(authenticator));
                                        });
                                    }
                                } catch (GeneralSecurityException e) {
                                    return Future.failedFuture(e);
                                }
                            }
                        }
                        return Future.failedFuture("invalid code");
                    } catch (GeneralSecurityException e2) {
                        return Future.failedFuture(e2);
                    }
                });
            } catch (ClassCastException e) {
                throw new CredentialValidationException("Invalid credentials type", e);
            }
        } catch (RuntimeException e2) {
            return Future.failedFuture(e2);
        }
    }

    @Override // io.vertx.ext.auth.otp.hotp.HotpAuth
    public HotpAuth authenticatorFetcher(Function<String, Future<Authenticator>> function) {
        this.fetcher = function;
        return this;
    }

    @Override // io.vertx.ext.auth.otp.hotp.HotpAuth
    public HotpAuth authenticatorUpdater(Function<Authenticator, Future<Void>> function) {
        this.updater = function;
        return this;
    }

    @Override // io.vertx.ext.auth.otp.hotp.HotpAuth
    public Future<Authenticator> createAuthenticator(String str, OtpKey otpKey) {
        Authenticator counter = new Authenticator(true).setIdentifier(str).setKey(otpKey.getKey()).setAlgorithm(otpKey.getAlgorithm()).setCounter(this.hotpAuthOptions.getCounter());
        return this.updater.apply(counter).map(counter);
    }

    @Override // io.vertx.ext.auth.otp.hotp.HotpAuth
    public String generateUri(OtpKey otpKey, String str, String str2, String str3) {
        try {
            if (str3 == null) {
                if (str == null) {
                    throw new IllegalArgumentException("label and issuer cannot all be null");
                }
                str3 = str2 == null ? URLEncoder.encode(str, "UTF8") : URLEncoder.encode(str, "UTF8") + ":" + URLEncoder.encode(str2, "UTF8");
            }
            StringBuilder sb = new StringBuilder();
            sb.append("secret=").append(otpKey.getKey());
            if (str != null) {
                sb.append("&issuer=").append(URLEncoder.encode(str, "UTF8"));
            }
            if (otpKey.getAlgorithm() != null && !otpKey.getAlgorithm().equals("SHA1")) {
                sb.append("&algorithm=").append(otpKey.getAlgorithm());
            }
            if (this.hotpAuthOptions.getPasswordLength() != 6) {
                sb.append("&digits=").append(this.hotpAuthOptions.getPasswordLength());
            }
            sb.append("&counter=").append(this.hotpAuthOptions.getCounter());
            return String.format("otpauth://hotp/%s?%s", str3, sb);
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private User createUser(Authenticator authenticator) {
        return User.create(new JsonObject().put("otp", "hotp").put("counter", Long.valueOf(authenticator.getCounter())).put("auth_attempts", authenticator.getAuthAttempts()).put("amr", Arrays.asList("mfa", "otp")));
    }
}
