package cn.valot.common.secure;

import cn.hutool.core.codec.Base32;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.stereotype.Component;

@ConditionalOnClass(name = {"cn.hutool.core.codec.Base32"})
@Component
@ImportAutoConfiguration({MFAConfig.class})
/* loaded from: input_file:cn/valot/common/secure/MFA.class */
public final class MFA {
    private final MFAConfig config;

    public MFA(MFAConfig mFAConfig) {
        this.config = mFAConfig;
    }

    public String generateSecretKey() {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance(this.config.getRandomAlgorithm());
            secureRandom.setSeed(getSeed());
            return Base32.encode(secureRandom.generateSeed(this.config.getSecretSize())).replaceAll("=+$", "");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public String getQRBarcode(String str, String str2) {
        if (this.config.getIssuer() != null) {
            if (this.config.getIssuer().contains(":")) {
                throw new IllegalArgumentException("Issuer cannot contain the ':' character.");
            }
            str = this.config.getIssuer() + ":" + str;
        }
        String format = String.format("otpauth://totp/%s?secret=%s", str, str2);
        if (this.config.getIssuer() != null) {
            format = format + "&issuer=" + this.config.getIssuer();
        }
        return format;
    }

    public boolean checkCode(String str, int i) {
        byte[] decode = Base32.decode(str);
        long currentTimeMillis = (System.currentTimeMillis() / 1000) / this.config.getRefreshTime();
        for (int i2 = -this.config.getWindowSize(); i2 <= this.config.getWindowSize(); i2++) {
            try {
                int verifyCode = verifyCode(decode, currentTimeMillis + i2);
                System.out.println("input code=" + i + "; count hash=" + verifyCode);
                if (i == verifyCode) {
                    return true;
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException(e.getMessage());
            }
        }
        return false;
    }

    private int verifyCode(byte[] bArr, long j) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] bArr2 = new byte[8];
        long j2 = j;
        int i = 8;
        while (true) {
            int i2 = i;
            i--;
            if (i2 <= 0) {
                break;
            }
            bArr2[i] = (byte) j2;
            j2 >>>= 8;
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(secretKeySpec);
        int i3 = mac.doFinal(bArr2)[19] & 15;
        long j3 = 0;
        for (int i4 = 0; i4 < 4; i4++) {
            j3 = (j3 << 8) | (r0[i3 + i4] & 255);
        }
        return (int) ((j3 & 2147483647L) % 1000000);
    }

    private byte[] getSeed() {
        return (this.config.getIssuer() + System.currentTimeMillis() + this.config.getIssuer()).getBytes(StandardCharsets.UTF_8);
    }
}
