package io.gravitee.am.factor.api;

import io.gravitee.am.common.exception.mfa.InvalidCodeException;
import io.gravitee.am.factor.utils.HOTP;
import io.gravitee.am.factor.utils.SharedSecret;
import io.gravitee.am.model.factor.EnrolledFactor;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Single;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/am/factor/api/OTPFactorProvider.class */
public abstract class OTPFactorProvider implements FactorProvider {
    private Logger logger = LoggerFactory.getLogger(OTPFactorProvider.class);

    @Override // io.gravitee.am.factor.api.FactorProvider
    public boolean useVariableFactorSecurity() {
        return true;
    }

    @Override // io.gravitee.am.factor.api.FactorProvider
    public Single<EnrolledFactor> changeVariableFactorSecurity(EnrolledFactor enrolledFactor) {
        return (enrolledFactor.getSecurity() == null || enrolledFactor.getSecurity().getData("MOVING_FACTOR", Number.class) == null) ? Single.just(enrolledFactor) : Single.fromCallable(() -> {
            incrementMovingFactor(enrolledFactor);
            enrolledFactor.getSecurity().removeData("EXPIRATION_EPOCH");
            return enrolledFactor;
        });
    }

    protected Completable verifyOTP(EnrolledFactor enrolledFactor, int i, String str) {
        return Completable.create(completableEmitter -> {
            try {
                if (!str.equals(generateOTP(enrolledFactor, i))) {
                    completableEmitter.onError(new InvalidCodeException("Invalid 2FA Code"));
                }
                if (Instant.now().isAfter(Instant.ofEpochMilli(((Long) enrolledFactor.getSecurity().getData("EXPIRATION_EPOCH", Long.class)).longValue()))) {
                    completableEmitter.onError(new InvalidCodeException("Invalid 2FA Code"));
                }
                completableEmitter.onComplete();
            } catch (Exception e) {
                this.logger.error("An error occurs while validating 2FA code", e);
                completableEmitter.onError(new InvalidCodeException("Invalid 2FA Code"));
            }
        });
    }

    protected String generateOTP(EnrolledFactor enrolledFactor, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        return HOTP.generateOTP(SharedSecret.base32Str2Bytes(enrolledFactor.getSecurity().getValue()), ((Number) enrolledFactor.getSecurity().getData("MOVING_FACTOR", Number.class)).longValue(), i, false, 0);
    }

    protected void incrementMovingFactor(EnrolledFactor enrolledFactor) {
        enrolledFactor.getSecurity().putData("MOVING_FACTOR", Long.valueOf(((Number) enrolledFactor.getSecurity().getData("MOVING_FACTOR", Number.class)).longValue() + 1));
    }
}
