package org.wso2.carbon.identity.application.authenticator.totp;

import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authenticator.totp.exception.TOTPException;
import org.wso2.carbon.identity.application.authenticator.totp.internal.TOTPDataHolder;
import org.wso2.carbon.identity.application.authenticator.totp.util.TOTPUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.event.IdentityEventException;
import org.wso2.carbon.identity.event.event.Event;
import org.wso2.carbon.identity.mgt.IdentityMgtConfigException;
import org.wso2.carbon.identity.mgt.IdentityMgtServiceException;
import org.wso2.carbon.identity.mgt.NotificationSender;
import org.wso2.carbon.identity.mgt.config.Config;
import org.wso2.carbon.identity.mgt.config.ConfigBuilder;
import org.wso2.carbon.identity.mgt.config.ConfigType;
import org.wso2.carbon.identity.mgt.config.StorageType;
import org.wso2.carbon.identity.mgt.dto.NotificationDataDTO;
import org.wso2.carbon.identity.mgt.mail.DefaultEmailSendingModule;
import org.wso2.carbon.identity.mgt.mail.Notification;
import org.wso2.carbon.identity.mgt.mail.NotificationBuilder;
import org.wso2.carbon.identity.mgt.mail.NotificationData;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/application/authenticator/totp/TOTPTokenGenerator.class */
public class TOTPTokenGenerator {
    private static final String FIRST_NAME = "firstname";
    private static final String TOTP_TOKEN = "totp-token";
    private static final Log log = LogFactory.getLog(TOTPTokenGenerator.class);

    private static long getTimeIndex(AuthenticationContext authenticationContext) throws TOTPException {
        return (System.currentTimeMillis() / 1000) / TOTPUtil.getTimeStepSize(authenticationContext);
    }

    public static String generateTOTPTokenLocal(String str, AuthenticationContext authenticationContext) throws TOTPException {
        long j = 0;
        if (str != null) {
            try {
                String tenantDomain = MultitenantUtils.getTenantDomain(str);
                UserRealm userRealm = TOTPUtil.getUserRealm(str);
                String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
                if (userRealm == null) {
                    throw new TOTPException("Cannot find the user realm for the given tenant domain : " + CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
                }
                String decrypt = TOTPUtil.decrypt((String) userRealm.getUserStoreManager().getUserClaimValues(tenantAwareUsername, new String[]{TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL}, (String) null).get(TOTPAuthenticatorConstants.SECRET_KEY_CLAIM_URL));
                String userClaimValue = userRealm.getUserStoreManager().getUserClaimValue(tenantAwareUsername, TOTPAuthenticatorConstants.FIRST_NAME_CLAIM_URL, (String) null);
                String userClaimValue2 = userRealm.getUserStoreManager().getUserClaimValue(tenantAwareUsername, TOTPAuthenticatorConstants.EMAIL_CLAIM_URL, (String) null);
                j = getCode(TOTPAuthenticatorConstants.BASE32.equals(TOTPUtil.getEncodingMethod(tenantDomain, authenticationContext)) ? new Base32().decode(decrypt) : new Base64().decode(decrypt), getTimeIndex(authenticationContext));
                if (TOTPUtil.isEventHandlerBasedEmailSenderEnabled()) {
                    if (log.isDebugEnabled()) {
                        log.debug("TOTP authenticator configured to use the event handler implementation.");
                    }
                    AuthenticatedUser authenticatedUser = (AuthenticatedUser) authenticationContext.getProperty(TOTPAuthenticatorConstants.AUTHENTICATED_USER);
                    triggerEvent(authenticatedUser.getUserName(), authenticatedUser.getTenantDomain(), authenticatedUser.getUserStoreDomain(), "TOTP", String.format("%06d", Long.valueOf(j)));
                } else {
                    sendNotification(tenantAwareUsername, userClaimValue, String.format("%06d", Long.valueOf(j)), userClaimValue2);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Token is sent to via email to the user : " + tenantAwareUsername);
                }
            } catch (InvalidKeyException e) {
                throw new TOTPException("Secret key is not valid", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new TOTPException("TOTPTokenGenerator can't find the configured hashing algorithm", e2);
            } catch (AuthenticationFailedException e3) {
                throw new TOTPException("TOTPTokenVerifier cannot find the property value for encodingMethod");
            } catch (CryptoException e4) {
                throw new TOTPException("Error while decrypting the key", e4);
            } catch (UserStoreException e5) {
                throw new TOTPException("TOTPTokenGenerator failed while trying to access userRealm of the user : " + ((String) null), e5);
            }
        }
        return Long.toString(j);
    }

    private static long getCode(byte[] bArr, long j) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, TOTPAuthenticatorConstants.HMAC_ALGORITHM);
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(j);
        byte[] array = allocate.array();
        Mac mac = Mac.getInstance(TOTPAuthenticatorConstants.HMAC_ALGORITHM);
        mac.init(secretKeySpec);
        byte[] doFinal = mac.doFinal(array);
        long j2 = doFinal[doFinal[19] & 15] & Byte.MAX_VALUE;
        for (int i = 1; i < 4; i++) {
            j2 = (j2 << 8) | (doFinal[r0 + i] & 255);
        }
        return j2 % 1000000;
    }

    private static void sendNotification(String str, String str2, String str3, String str4) throws TOTPException {
        if (!TOTPDataHolder.getInstance().getConfigurationContextService().getServerConfigContext().getAxisConfiguration().getTransportsOut().containsKey(TOTPAuthenticatorConstants.TRANSPORT_MAILTO)) {
            throw new TOTPException("MAILTO transport sender is not defined in axis2 configuration file");
        }
        NotificationSender notificationSender = new NotificationSender();
        NotificationDataDTO notificationDataDTO = new NotificationDataDTO();
        NotificationData notificationData = new NotificationData();
        ConfigBuilder configBuilder = ConfigBuilder.getInstance();
        String tenantDomain = MultitenantUtils.getTenantDomain(str);
        DefaultEmailSendingModule defaultEmailSendingModule = new DefaultEmailSendingModule();
        try {
            Config loadConfiguration = configBuilder.loadConfiguration(ConfigType.EMAIL, StorageType.REGISTRY, IdentityTenantUtil.getTenantId(tenantDomain));
            notificationData.setTagData(FIRST_NAME, str2);
            notificationData.setTagData(TOTP_TOKEN, str3);
            notificationData.setSendTo(str4);
            if (!loadConfiguration.getProperties().containsKey("totp")) {
                throw new TOTPException("Unable to find the email template: " + ((String) null));
            }
            String property = loadConfiguration.getProperty("totp");
            try {
                Notification createNotification = NotificationBuilder.createNotification("EMAIL", property, notificationData);
                notificationDataDTO.setNotificationAddress(str4);
                defaultEmailSendingModule.setNotificationData(notificationDataDTO);
                defaultEmailSendingModule.setNotification(createNotification);
                notificationSender.sendNotification(defaultEmailSendingModule);
                notificationDataDTO.setNotificationSent(true);
            } catch (IdentityMgtServiceException e) {
                log.error("Error occurred while creating notification from email template : " + property, e);
                throw new TOTPException("Error occurred while creating notification from email template : " + property, e);
            }
        } catch (IdentityMgtConfigException e2) {
            throw new TOTPException("Error occurred while loading email templates for user : " + str, e2);
        }
    }

    private static void triggerEvent(String str, String str2, String str3, String str4, String str5) throws AuthenticationFailedException {
        HashMap hashMap = new HashMap();
        hashMap.put("user-name", str);
        hashMap.put("userstore-domain", str3);
        hashMap.put("tenant-domain", str2);
        hashMap.put(TOTPAuthenticatorConstants.TOKEN, str5);
        hashMap.put(TOTPAuthenticatorConstants.TEMPLATE_TYPE, str4);
        try {
            TOTPDataHolder.getInstance().getIdentityEventService().handleEvent(new Event("TRIGGER_NOTIFICATION", hashMap));
        } catch (IdentityEventException e) {
            throw new AuthenticationFailedException("Error occurred while calling triggerNotification. " + e.getMessage(), e.getCause());
        }
    }
}
