package cn.kduck.security.mfa.impl;

import cn.kduck.core.cache.CacheHelper;
import cn.kduck.security.mfa.MfaTokenService;
import cn.kduck.security.mfa.MfaType;
import cn.kduck.security.mfa.MfaUserDetails;
import cn.kduck.security.mfa.generator.OtpGenerator;
import cn.kduck.security.mfa.generator.impl.DefaultOtpGeneratorImpl;
import com.warrenstrange.googleauth.GoogleAuthenticator;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;

/* loaded from: input_file:cn/kduck/security/mfa/impl/MfaTokenServiceImpl.class */
public class MfaTokenServiceImpl implements MfaTokenService {
    private final MfaType type;
    private String MFA_TOKEN_SUFFIX = ".MFA_TOKEN_SUFFIX";
    private OtpGenerator otpGenerator = new DefaultOtpGeneratorImpl(6);
    private GoogleAuthenticator googleAuthenticator = new GoogleAuthenticator();

    public MfaTokenServiceImpl(MfaType mfaType) {
        this.type = mfaType;
    }

    @Override // cn.kduck.security.mfa.MfaTokenService
    public void addToken(String str, String str2) {
        CacheHelper.put(str + this.MFA_TOKEN_SUFFIX, str2, 3600L);
    }

    @Override // cn.kduck.security.mfa.MfaTokenService
    public boolean isTokenValid(MfaUserDetails mfaUserDetails, String str) {
        if (this.type == MfaType.TOTP) {
            try {
                return this.googleAuthenticator.getTotpPassword(mfaUserDetails.getSecret()) == Integer.parseInt(str);
            } catch (NumberFormatException e) {
                throw new InvalidGrantException("Invalid MFA code");
            }
        }
        if (this.type != MfaType.CODE) {
            throw new RuntimeException("不支持的MFA令牌类型" + this.type);
        }
        String str2 = (String) CacheHelper.get(mfaUserDetails.getUsername() + this.MFA_TOKEN_SUFFIX, String.class);
        if (str2 == null) {
            throw new RuntimeException("用户令牌不存在或已过期：" + mfaUserDetails.getUsername());
        }
        return str2.toUpperCase().equals(str.toUpperCase());
    }

    @Override // cn.kduck.security.mfa.MfaTokenService
    public String generateToken() {
        if (this.type == MfaType.TOTP) {
            return null;
        }
        return this.otpGenerator.generateToken();
    }
}
