package com.forgerock.authenticator.mechanisms.oath;

import android.support.annotation.VisibleForTesting;
import android.util.Base64;
import com.forgerock.authenticator.identity.Identity;
import com.forgerock.authenticator.mechanisms.MechanismCreationException;
import com.forgerock.authenticator.mechanisms.base.Mechanism;
import com.forgerock.authenticator.mechanisms.base.MechanismInfo;
import com.forgerock.authenticator.utils.TimeKeeper;
import com.google.android.apps.authenticator.Base32String;
import com.google.common.primitives.UnsignedBytes;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class Oath extends Mechanism {
    private static final String ALGO = "algo";
    private static final String COUNTER = "counter";
    private static final String DIGITS = "digits";
    private static final String PERIOD = "period";
    private static final String SECRET = "SECRET";
    private static final String TOKEN_TYPE = "tokenType";
    private static final int VERSION = 1;
    private static final OathInfo oathInfo = new OathInfo();
    private String algo;
    private long counter;
    private int digits;
    private Logger logger;
    private int period;
    private byte[] secret;
    private TimeKeeper timeKeeper;
    private TokenType type;

    /* loaded from: classes.dex */
    public static class OathBuilder extends Mechanism.PartialMechanismBuilder<OathBuilder> {
        private long counter;
        private byte[] secret;
        private TokenType type;
        private String algo = "SHA1";
        private int digits = 6;
        private int period = 30;

        private void validateAlgoSecretPair(String str, byte[] bArr) throws MechanismCreationException {
            try {
                Mac mac = Mac.getInstance("Hmac" + str);
                if (bArr != null) {
                    mac.init(new SecretKeySpec(bArr, "Hmac" + str));
                }
            } catch (InvalidKeyException unused) {
                throw new MechanismCreationException("Invalid secret for this algorithm.");
            } catch (NoSuchAlgorithmException unused2) {
                throw new MechanismCreationException("Invalid algorithm: " + str);
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.forgerock.authenticator.mechanisms.base.Mechanism.PartialMechanismBuilder
        public Oath buildImpl(Identity identity) throws MechanismCreationException {
            if (this.type == null) {
                throw new MechanismCreationException("Must specify a valid type");
            }
            if (this.secret != null) {
                return new Oath(identity, this.id, this.mechanismUID, this.type, this.algo, this.secret, this.digits, this.counter, this.period, this.timeKeeper);
            }
            throw new MechanismCreationException("Must specify a valid secret");
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.forgerock.authenticator.mechanisms.base.Mechanism.PartialMechanismBuilder
        public OathBuilder getThis() {
            return this;
        }

        public OathBuilder setAlgorithm(String str) throws MechanismCreationException {
            String upperCase = str.toUpperCase(Locale.US);
            validateAlgoSecretPair(upperCase, this.secret);
            this.algo = upperCase;
            return this;
        }

        public OathBuilder setCounter(String str) throws MechanismCreationException {
            try {
                this.counter = Long.parseLong(str);
                return this;
            } catch (NumberFormatException e) {
                throw new MechanismCreationException("Failed to parse counter: " + str, e);
            }
        }

        public OathBuilder setDigits(String str) throws MechanismCreationException {
            try {
                int parseInt = Integer.parseInt(str);
                if (parseInt != 6 && parseInt != 8) {
                    throw new MechanismCreationException("Digits must be 6 or 8: " + str);
                }
                this.digits = parseInt;
                return this;
            } catch (NumberFormatException unused) {
                throw new MechanismCreationException("Digits was not a number: " + str);
            }
        }

        public OathBuilder setOptions(Map<String, String> map) throws MechanismCreationException {
            return setType(map.get(Oath.TOKEN_TYPE)).setAlgorithm(map.get(Oath.ALGO)).setSecret(map.get(Oath.SECRET)).setDigits(map.get("digits")).setCounter(map.get("counter")).setPeriod(map.get("period"));
        }

        public OathBuilder setPeriod(String str) throws MechanismCreationException {
            try {
                this.period = Integer.parseInt(str);
                if (this.period > 0) {
                    return this;
                }
                throw new MechanismCreationException("Oath refresh period was not a positive integer");
            } catch (NumberFormatException unused) {
                throw new MechanismCreationException("Oath refresh period was not a number: " + str);
            }
        }

        public OathBuilder setSecret(String str) throws MechanismCreationException {
            try {
                byte[] decode = Base32String.decode(str);
                validateAlgoSecretPair(this.algo, decode);
                this.secret = decode;
                return this;
            } catch (Base32String.DecodingException e) {
                throw new MechanismCreationException("Could not decode secret: " + str, e);
            } catch (NullPointerException e2) {
                throw new MechanismCreationException("Unexpected null whilst parsing secret: " + str, e2);
            }
        }

        public OathBuilder setType(String str) throws MechanismCreationException {
            try {
                this.type = TokenType.valueOf(str.toUpperCase());
                return this;
            } catch (IllegalArgumentException unused) {
                throw new MechanismCreationException("Invalid type: " + str);
            }
        }
    }

    /* loaded from: classes.dex */
    public enum TokenType {
        HOTP,
        TOTP
    }

    private Oath(Identity identity, long j, String str, TokenType tokenType, String str2, byte[] bArr, int i, long j2, int i2, TimeKeeper timeKeeper) {
        super(identity, j, str);
        this.logger = LoggerFactory.getLogger((Class<?>) Oath.class);
        this.type = tokenType;
        this.algo = str2;
        this.secret = bArr;
        this.digits = i;
        this.counter = j2;
        this.period = i2;
        this.timeKeeper = timeKeeper;
    }

    public static OathBuilder builder() {
        return new OathBuilder();
    }

    private String getHOTP(long j) {
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(j);
        int i = 1;
        for (int i2 = this.digits; i2 > 0; i2--) {
            i *= 10;
        }
        try {
            Mac mac = Mac.getInstance("Hmac" + this.algo);
            mac.init(new SecretKeySpec(this.secret, "Hmac" + this.algo));
            byte[] doFinal = mac.doFinal(allocate.array());
            int i3 = doFinal[doFinal.length - 1] & 15;
            String num = Integer.toString(((doFinal[i3 + 3] & UnsignedBytes.MAX_VALUE) | (((doFinal[i3 + 2] & UnsignedBytes.MAX_VALUE) << 8) | (((doFinal[i3] & Byte.MAX_VALUE) << 24) | ((doFinal[i3 + 1] & UnsignedBytes.MAX_VALUE) << 16)))) % i);
            while (num.length() != this.digits) {
                num = "0" + num;
            }
            return num;
        } catch (InvalidKeyException e) {
            this.logger.error("Invalid key used", (Throwable) e);
            return "";
        } catch (NoSuchAlgorithmException e2) {
            this.logger.error("Invalid algorithm used", (Throwable) e2);
            return "";
        }
    }

    @Override // com.forgerock.authenticator.mechanisms.base.Mechanism
    public Map<String, String> asMap() {
        HashMap hashMap = new HashMap();
        hashMap.put(TOKEN_TYPE, this.type.toString());
        hashMap.put(ALGO, this.algo);
        hashMap.put(SECRET, Base32String.encode(this.secret));
        hashMap.put("digits", Integer.toString(this.digits));
        hashMap.put("counter", Long.toString(this.counter));
        hashMap.put("period", Integer.toString(this.period));
        return hashMap;
    }

    public TokenCode generateNextCode() {
        long currentTimeMillis = this.timeKeeper.getCurrentTimeMillis();
        switch (this.type) {
            case HOTP:
                this.counter++;
                save();
                return new TokenCode(this.timeKeeper, getHOTP(this.counter), currentTimeMillis, (this.period * 1000) + currentTimeMillis);
            case TOTP:
                long j = (currentTimeMillis / 1000) / this.period;
                TimeKeeper timeKeeper = this.timeKeeper;
                long j2 = 0 + j;
                String hotp = getHOTP(j2);
                int i = this.period;
                return new TokenCode(timeKeeper, hotp, j2 * i * 1000, (j + 1) * i * 1000);
            default:
                return null;
        }
    }

    @VisibleForTesting
    public String getAlgo() {
        return this.algo;
    }

    @VisibleForTesting
    public long getCounter() {
        return this.counter;
    }

    public int getDigits() {
        return this.digits;
    }

    @Override // com.forgerock.authenticator.mechanisms.base.Mechanism
    public MechanismInfo getInfo() {
        return oathInfo;
    }

    @VisibleForTesting
    public long getPeriod() {
        return this.period;
    }

    public TokenType getType() {
        return this.type;
    }

    @Override // com.forgerock.authenticator.mechanisms.base.Mechanism
    public int getVersion() {
        return 1;
    }

    @VisibleForTesting
    public boolean hasBase64Secret(String str) {
        return Base64.encodeToString(this.secret, 0).equals(str);
    }
}
