package org.picketbox.core.authentication.impl;

import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import org.picketbox.core.PicketBoxPrincipal;
import org.picketbox.core.authentication.AuthenticationInfo;
import org.picketbox.core.authentication.AuthenticationResult;
import org.picketbox.core.authentication.credential.OTPCredential;
import org.picketbox.core.authentication.credential.UserCredential;
import org.picketbox.core.exceptions.AuthenticationException;
import org.picketbox.core.util.TimeBasedOTP;
import org.picketbox.core.util.TimeBasedOTPUtil;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.internal.UsernamePasswordCredentials;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.User;

/* loaded from: input_file:org/picketbox/core/authentication/impl/OTPAuthenticationMechanism.class */
public class OTPAuthenticationMechanism extends AbstractAuthenticationMechanism {
    private String algorithm = TimeBasedOTP.HMAC_SHA1;
    private int NUMBER_OF_DIGITS = 6;

    @Override // org.picketbox.core.authentication.AuthenticationMechanism
    public List<AuthenticationInfo> getAuthenticationInfo() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AuthenticationInfo("OTP Authentication", "Provides OTP authentication.", OTPCredential.class));
        return arrayList;
    }

    @Override // org.picketbox.core.authentication.impl.AbstractAuthenticationMechanism
    protected Principal doAuthenticate(UserCredential userCredential, AuthenticationResult authenticationResult) throws AuthenticationException {
        OTPCredential oTPCredential = (OTPCredential) userCredential;
        UsernamePasswordCredentials credential = oTPCredential.getCredential();
        String userName = oTPCredential.getUserName();
        String otp = oTPCredential.getOtp();
        PicketBoxPrincipal picketBoxPrincipal = null;
        User user = getIdentityManager().getUser(userName);
        if (user != null) {
            getIdentityManager().validateCredentials(credential);
            boolean equals = credential.getStatus().equals(Credentials.Status.VALID);
            if (equals) {
                Attribute attribute = user.getAttribute("serial");
                String str = null;
                if (attribute != null) {
                    str = attribute.getValue().toString();
                }
                if (str != null) {
                    try {
                        if (this.algorithm.equals(TimeBasedOTP.HMAC_SHA1)) {
                            equals = TimeBasedOTPUtil.validate(otp, str.getBytes(), this.NUMBER_OF_DIGITS);
                        } else if (this.algorithm.equals(TimeBasedOTP.HMAC_SHA256)) {
                            equals = TimeBasedOTPUtil.validate256(otp, str.getBytes(), this.NUMBER_OF_DIGITS);
                        } else if (this.algorithm.equals(TimeBasedOTP.HMAC_SHA512)) {
                            equals = TimeBasedOTPUtil.validate512(otp, str.getBytes(), this.NUMBER_OF_DIGITS);
                        }
                    } catch (GeneralSecurityException e) {
                        throw new AuthenticationException(e);
                    }
                } else {
                    equals = false;
                    authenticationFailed(authenticationResult);
                    authenticationResult.addMessage("User does not have a seed. OTP tokens could not be derived.");
                }
            }
            if (equals) {
                picketBoxPrincipal = new PicketBoxPrincipal(userName);
            } else {
                invalidCredentials(authenticationResult);
            }
        }
        return picketBoxPrincipal;
    }
}
