package cz.integsoft.mule.security.internal;

import cz.integsoft.mule.security.api.OtpWrapper;
import java.time.format.DateTimeFormatter;
import org.jboss.aerogear.security.otp.Totp;
import org.jboss.aerogear.security.otp.api.Base32;
import org.jboss.aerogear.security.otp.api.Clock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;

/* loaded from: input_file:cz/integsoft/mule/security/internal/SecureCodeService.class */
public final class SecureCodeService implements SecureCodeProvider {
    private final CacheManager aG;
    private int aH;
    private final String aI;
    private final String aJ;
    private final int aK;
    private final boolean aL;
    private final String aM;
    private static final Logger aN = LoggerFactory.getLogger(SecureCodeService.class);

    public SecureCodeService(CacheManager cacheManager, String str, int i, String str2, String str3, int i2, boolean z) {
        this.aG = cacheManager;
        this.aM = str;
        this.aH = i;
        this.aI = str2;
        this.aJ = str3;
        this.aK = i2;
        this.aL = z;
    }

    @Override // cz.integsoft.mule.security.internal.SecureCodeProvider
    public String generateCode(String str) {
        Cache cache = this.aG.getCache(this.aI);
        Totp totp = new Totp(Base32.random(), new Clock(this.aH));
        cache.put(b(str), new OtpWrapper(totp));
        return totp.now();
    }

    @Override // cz.integsoft.mule.security.internal.SecureCodeProvider
    public boolean isValid(String str, String str2) {
        OtpWrapper otpWrapper = (OtpWrapper) this.aG.getCache(this.aI).get(b(str), OtpWrapper.class);
        if (otpWrapper == null) {
            aN.debug("OTP expired in the cache for UUID {}", str);
            return false;
        }
        Totp totp = otpWrapper.getTotp();
        if (totp == null) {
            aN.debug("TOTP is null for UUID {}", str);
            return false;
        }
        try {
            return totp.verify(str2);
        } catch (NumberFormatException e) {
            return false;
        }
    }

    @Override // cz.integsoft.mule.security.internal.SecureCodeProvider
    public String getValidTo(String str, String str2) {
        return ((OtpWrapper) this.aG.getCache(this.aI).get(b(str), OtpWrapper.class)).getCreateDate().plusSeconds(this.aH).format(DateTimeFormatter.ofPattern(str2 == null ? this.aJ : str2));
    }

    @Override // cz.integsoft.mule.security.internal.SecureCodeProvider
    public void setOtpTimeInSeconds(int i) {
        this.aH = i;
    }

    @Override // cz.integsoft.mule.security.internal.SecureCodeProvider
    public int getOtpTimeInSeconds() {
        return this.aH;
    }

    @Override // cz.integsoft.mule.security.internal.SecureCodeProvider
    public boolean invalidateIfNeeded(String str, boolean z) {
        Cache cache = this.aG.getCache(this.aI);
        String b = b(str);
        OtpWrapper otpWrapper = (OtpWrapper) cache.get(b, OtpWrapper.class);
        if (otpWrapper == null) {
            return true;
        }
        if (z) {
            cache.evict(b);
            return true;
        }
        if (!this.aL) {
            return false;
        }
        int incrementAndGet = otpWrapper.getFailedAttemptsCount().incrementAndGet();
        if (incrementAndGet >= this.aK) {
            aN.warn("Number of maximum failed attempts {} has been reached for OTP challenge id {}", Integer.valueOf(incrementAndGet), str);
            cache.evict(b);
            return true;
        }
        aN.debug("Updating otp wrapper with failed count {} for OTP challenge id {}", Integer.valueOf(incrementAndGet), str);
        cache.put(b, otpWrapper);
        return false;
    }

    private String b(String str) {
        return this.aM + "_" + str;
    }

    public String toString() {
        return "SecureCodeService [cacheManager=" + this.aG + ", otpTimeInSeconds=" + this.aH + ", otpCacheName=" + this.aI + ", defaultDateTimePattern=" + this.aJ + ", maxFailedAttemptsCount=" + this.aK + ", otpChallengeInvalidationEnabled=" + this.aL + ", keyPrefix=" + this.aM + "]";
    }
}
