package org.wso2.carbon.identity.application.authenticator.totp;

import java.util.HashMap;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authenticator.totp.exception.TOTPException;
import org.wso2.carbon.identity.application.authenticator.totp.util.TOTPAuthenticatorConfig;
import org.wso2.carbon.identity.application.authenticator.totp.util.TOTPAuthenticatorCredentials;
import org.wso2.carbon.identity.application.authenticator.totp.util.TOTPAuthenticatorKey;
import org.wso2.carbon.identity.application.authenticator.totp.util.TOTPKeyRepresentation;
import org.wso2.carbon.identity.application.authenticator.totp.util.TOTPUtil;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/totp/TOTPKeyGenerator.class */
public class TOTPKeyGenerator {
    public static Map<String, String> generateClaims(String str, boolean z, AuthenticationContext authenticationContext) throws TOTPException {
        String str2 = null;
        String str3 = null;
        String str4 = null;
        HashMap hashMap = new HashMap();
        try {
            UserRealm userRealm = TOTPUtil.getUserRealm(str);
            String tenantDomain = MultitenantUtils.getTenantDomain(str);
            str4 = MultitenantUtils.getTenantAwareUsername(str);
            if (userRealm != null) {
                String str5 = (String) userRealm.getUserStoreManager().getUserClaimValues(str4, new String[]{TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL}, (String) null).get(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL);
                if (StringUtils.isEmpty(str5) || z) {
                    str3 = generateKey(tenantDomain, authenticationContext).getKey();
                    if (authenticationContext == null) {
                        TOTPUtil.getEncodingMethod(tenantDomain);
                    } else {
                        TOTPUtil.getEncodingMethod(tenantDomain, authenticationContext);
                    }
                    hashMap.put(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL, TOTPUtil.encrypt(str3));
                } else {
                    str2 = TOTPUtil.decrypt(str5);
                }
                String str6 = StringUtils.isNotEmpty(str3) ? str3 : str2;
                String tOTPIssuerDisplayName = TOTPUtil.getTOTPIssuerDisplayName(tenantDomain, authenticationContext);
                hashMap.put(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL, Base64.encodeBase64String(("otpauth://totp/" + tOTPIssuerDisplayName + ":" + str4 + "?secret=" + str6 + "&issuer=" + tOTPIssuerDisplayName).getBytes()));
            }
            return hashMap;
        } catch (CryptoException e) {
            throw new TOTPException("TOTPKeyGenerator failed while decrypt the storedSecretKey ", e);
        } catch (AuthenticationFailedException e2) {
            throw new TOTPException("TOTPKeyGenerator cannot find the property value for encoding method", e2);
        } catch (UserStoreException e3) {
            throw new TOTPException("TOTPKeyGenerator failed while trying to get the user store manager from user realm of the user : " + str4, e3);
        }
    }

    public static Map<String, String> generateClaims(String str, boolean z) throws TOTPException {
        return generateClaims(str, z, null);
    }

    public static String addTOTPClaimsAndRetrievingQRCodeURL(Map<String, String> map, String str, AuthenticationContext authenticationContext) throws TOTPException {
        String str2 = null;
        String str3 = map.get(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL);
        try {
            UserRealm userRealm = TOTPUtil.getUserRealm(str);
            if (userRealm != null) {
                str2 = MultitenantUtils.getTenantAwareUsername(str);
                map.remove(TOTPAuthenticatorConstants.QR_CODE_CLAIM_URL);
                userRealm.getUserStoreManager().setUserClaimValues(str2, map, (String) null);
            }
            return str3;
        } catch (AuthenticationFailedException e) {
            throw new TOTPException("TOTPKeyGenerator cannot get the user realm for the user", e);
        } catch (UserStoreException e2) {
            throw new TOTPException("TOTPKeyGenerator failed while trying to access user store manager for the user : " + str2, e2);
        }
    }

    public static String addTOTPClaimsAndRetrievingQRCodeURL(Map<String, String> map, String str) throws TOTPException {
        return addTOTPClaimsAndRetrievingQRCodeURL(map, str, null);
    }

    public static boolean resetLocal(String str) throws TOTPException, AuthenticationFailedException {
        try {
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            UserRealm userRealm = TOTPUtil.getUserRealm(str);
            HashMap hashMap = new HashMap();
            if (userRealm == null) {
                throw new TOTPException("Can not find the user realm for the given tenant domain : " + MultitenantUtils.getTenantDomain(str));
            }
            hashMap.put(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL, "");
            userRealm.getUserStoreManager().setUserClaimValues(tenantAwareUsername, hashMap, (String) null);
            return true;
        } catch (UserStoreException e) {
            throw new TOTPException("Can not find the user realm for the user : " + str, e);
        }
    }

    public static TOTPAuthenticatorKey generateKey(String str, AuthenticationContext authenticationContext) throws AuthenticationFailedException {
        TOTPKeyRepresentation tOTPKeyRepresentation = TOTPKeyRepresentation.BASE32;
        if (TOTPAuthenticatorConstants.BASE64.equals(authenticationContext == null ? TOTPUtil.getEncodingMethod(str) : TOTPUtil.getEncodingMethod(str, authenticationContext))) {
            tOTPKeyRepresentation = TOTPKeyRepresentation.BASE64;
        }
        return new TOTPAuthenticatorCredentials(new TOTPAuthenticatorConfig.TOTPAuthenticatorConfigBuilder().setKeyRepresentation(tOTPKeyRepresentation).build()).createCredentials();
    }

    public static TOTPAuthenticatorKey generateKey(String str) throws AuthenticationFailedException {
        return generateKey(str, null);
    }
}
