package com.sun.identity.authentication.modules.hotp;

import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdSearchResults;
import com.sun.identity.idm.IdType;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:com/sun/identity/authentication/modules/hotp/HOTPService.class */
public class HOTPService {
    private static final Debug DEBUG = Debug.getInstance("amAuthHOTP");
    private static int movingFactor = 0;
    private final AMIdentityRepository amIdentityRepo;
    private final String gatewaySMSImplClass;
    private final long codeValidityDuration;
    private String telephoneAttribute;
    private final String carrierAttribute;
    private String emailAttribute;
    private final String codeDelivery;
    private SecureRandom secureRandom;
    private final Map<?, ?> currentConfig;
    private final String userName;
    private final int codeLength;
    private final String messageSubject;
    private final String messageContent;
    private final String fromAddressAttributeName;
    private String sentHOTPCode;
    private long sentHOTPCodeTime;
    private final Set<String> userSearchAttributes;

    public HOTPService(AMIdentityRepository aMIdentityRepository, String str, HOTPParams hOTPParams) {
        this.amIdentityRepo = aMIdentityRepository;
        this.userName = str;
        this.gatewaySMSImplClass = hOTPParams.getGatewaySMSImplClass();
        this.codeValidityDuration = hOTPParams.getCodeValidityDuration();
        this.codeLength = hOTPParams.getCodeLength();
        this.codeDelivery = hOTPParams.getCodeDelivery();
        this.telephoneAttribute = hOTPParams.getTelephoneLdapAttributeName();
        this.carrierAttribute = hOTPParams.getCarrierLdapAttributeName();
        this.emailAttribute = hOTPParams.getEmailLdapAttributeName();
        this.currentConfig = hOTPParams.getConfig();
        this.messageSubject = hOTPParams.getMessageSubject();
        this.messageContent = hOTPParams.getMessageContent();
        this.fromAddressAttributeName = hOTPParams.getFromAddressAttributeName();
        this.userSearchAttributes = hOTPParams.getUserSearchAttributes();
        try {
            this.secureRandom = SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            DEBUG.error("HOTP.HOTP() : HOTP : Initialization Failed", e);
            this.secureRandom = null;
        }
    }

    public void sendHOTP() throws AuthLoginException {
        try {
            this.sentHOTPCode = HOTPAlgorithm.generateOTP(getSharedSecret(), getMovingFactor(), this.codeLength, false, 16);
            sendHOTP(this.sentHOTPCode, this.messageSubject, this.messageContent);
            this.sentHOTPCodeTime = Time.currentTimeMillis();
        } catch (InvalidKeyException e) {
            DEBUG.error("HOTP.sendHOTPCode() : invalid key", e);
            throw new AuthLoginException("amAuth", "invalidKey", (Object[]) null);
        } catch (NoSuchAlgorithmException e2) {
            DEBUG.error("HOTP.sendHOTPCode() : no such algorithm", e2);
            throw new AuthLoginException("amAuth", "noSuchAlgorithm", (Object[]) null);
        }
    }

    private byte[] getSharedSecret() {
        return Long.toHexString(this.secureRandom.nextLong()).getBytes();
    }

    private int getMovingFactor() {
        int i = movingFactor;
        movingFactor = i + 1;
        return i;
    }

    public boolean isValidHOTP(String str) {
        if (this.sentHOTPCode == null || !this.sentHOTPCode.equals(str)) {
            if (!DEBUG.messageEnabled()) {
                return false;
            }
            DEBUG.message("HOTP.process() : HOTP code is not valid");
            return false;
        }
        if (Time.currentTimeMillis() - this.sentHOTPCodeTime <= this.codeValidityDuration * 60000) {
            this.sentHOTPCode = null;
            return true;
        }
        if (!DEBUG.messageEnabled()) {
            return false;
        }
        DEBUG.message("HOTP.process() : HOTP code has expired");
        return false;
    }

    private void sendHOTP(String str, String str2, String str3) throws AuthLoginException {
        AMIdentity identity;
        Throwable th = null;
        try {
            identity = getIdentity();
        } catch (ClassNotFoundException e) {
            DEBUG.error("HOTP.sendSMS() : class not found SMSGateway class", e);
            th = e;
        } catch (InstantiationException e2) {
            DEBUG.error("HOTP.sendSMS() : can not instantiate SMSGateway class", e2);
            th = e2;
        } catch (Exception e3) {
            DEBUG.error("HOTP.sendSMS() : HOTP module exception : ", e3);
            th = e3;
        } catch (IdRepoException e4) {
            DEBUG.error("HOTP.sendSMS() : error searching Identities with username : " + this.userName, e4);
            th = e4;
        } catch (AuthLoginException e5) {
            throw e5;
        }
        if (identity == null) {
            throw new AuthLoginException("HOTP.sendSMS() : Unable to send OTP code because of error searching identities with username : " + this.userName);
        }
        String telephoneNumber = getTelephoneNumber(identity);
        String emailAddress = getEmailAddress(identity);
        boolean z = false;
        if (telephoneNumber == null && emailAddress == null) {
            if (DEBUG.messageEnabled()) {
                DEBUG.message("HOTP.sendSMS() : IdRepo: no phone or email found with username : " + this.userName);
            }
            throw new AuthLoginException("HOTP.sendSMS() : Unable to send OTP code because no phone or e-mail found for user: " + this.userName);
        }
        String mapAttr = CollectionHelper.getMapAttr(this.currentConfig, this.fromAddressAttributeName);
        SMSGateway sMSGateway = (SMSGateway) Class.forName(this.gatewaySMSImplClass).asSubclass(SMSGateway.class).newInstance();
        if (this.codeDelivery.equals("SMS and E-mail")) {
            if (telephoneNumber != null) {
                try {
                    sMSGateway.sendSMSMessage(mapAttr, telephoneNumber, str2, str3, str, this.currentConfig);
                    z = true;
                } catch (AuthLoginException e6) {
                    DEBUG.error("Error while sending HOTP code to user via SMS", e6);
                    th = e6;
                }
            }
            if (emailAddress != null) {
                try {
                    sMSGateway.sendEmail(mapAttr, emailAddress, str2, str3, str, this.currentConfig);
                    z = true;
                } catch (AuthLoginException e7) {
                    DEBUG.error("Error while sending HOTP code to user via e-mail", e7);
                    th = e7;
                }
            }
            if (!z && th != null) {
                throw th;
            }
        } else if (this.codeDelivery.equals("SMS")) {
            sMSGateway.sendSMSMessage(mapAttr, telephoneNumber, str2, str3, str, this.currentConfig);
        } else if (this.codeDelivery.equals("E-mail")) {
            sMSGateway.sendEmail(mapAttr, emailAddress, str2, str3, str, this.currentConfig);
        }
        if (th != null) {
            throw new AuthLoginException("HOTP.sendSMS() : Unable to send OTP code", th);
        }
    }

    private AMIdentity getIdentity() {
        AMIdentity aMIdentity = null;
        IdSearchControl idSearchControl = new IdSearchControl();
        idSearchControl.setRecursive(true);
        idSearchControl.setTimeOut(0);
        idSearchControl.setReturnAttributes(getReturnAttributes());
        Set set = Collections.EMPTY_SET;
        idSearchControl.setMaxResults(0);
        try {
            IdSearchResults searchIdentities = this.amIdentityRepo.searchIdentities(IdType.USER, this.userName, idSearchControl);
            if (searchIdentities.getSearchResults().isEmpty() && !this.userSearchAttributes.isEmpty()) {
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("HOTP.getIdentity: searching user identity with alternative attributes " + this.userSearchAttributes);
                }
                idSearchControl.setSearchModifiers(IdSearchOpModifier.OR, CollectionUtils.toAvPairMap(this.userSearchAttributes, this.userName));
                searchIdentities = this.amIdentityRepo.searchIdentities(IdType.USER, "*", idSearchControl);
            }
            if (searchIdentities != null) {
                set = searchIdentities.getSearchResults();
            }
            if (set.isEmpty()) {
                DEBUG.error("HTOP:getIdentity : User " + this.userName + " is not found");
            } else if (set.size() > 1) {
                DEBUG.error("HTOP:getIdentity : More than one user found for the userName " + this.userName);
            } else {
                aMIdentity = (AMIdentity) set.iterator().next();
            }
        } catch (IdRepoException e) {
            DEBUG.error("HTOP.getIdentity : Error searching Identities with username : " + this.userName, e);
        } catch (SSOException e2) {
            DEBUG.error("HTOP.getIdentity : Module exception : ", e2);
        }
        return aMIdentity;
    }

    private String getTelephoneNumber(AMIdentity aMIdentity) throws IdRepoException, SSOException {
        Set attribute;
        if (this.telephoneAttribute == null || this.telephoneAttribute.trim().length() == 0) {
            this.telephoneAttribute = "telephoneNumber";
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("HOTP.sendSMS() : Using phone attribute of " + this.telephoneAttribute);
        }
        Set attribute2 = aMIdentity.getAttribute(this.telephoneAttribute);
        String str = null;
        if (attribute2 != null && !attribute2.isEmpty()) {
            str = (String) attribute2.iterator().next();
            if (this.carrierAttribute != null && this.carrierAttribute.trim().length() > 0 && (attribute = aMIdentity.getAttribute(this.carrierAttribute)) != null && !attribute.isEmpty()) {
                String str2 = (String) attribute.iterator().next();
                str = str2.startsWith("@") ? str.concat(str2) : str.concat("@" + str2);
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("HOTP.sendSMS() : Using carrier attribute of " + this.carrierAttribute);
                }
            }
            if (DEBUG.messageEnabled()) {
                DEBUG.message("HOTP.sendSMS() : IdRepoException : phone number found " + str + " with username : " + this.userName);
                if (!str.contains("@")) {
                    DEBUG.message("HOTP.sendSMS() : No carrier detected - SMSGateway module will use default of @txt.att.net ");
                }
            }
        } else if (DEBUG.messageEnabled()) {
            DEBUG.message("HOTP.sendSMS() : IdRepoException : no phone number found with username : " + this.userName);
        }
        return str;
    }

    private String getEmailAddress(AMIdentity aMIdentity) throws IdRepoException, SSOException {
        if (this.emailAttribute == null || this.emailAttribute.trim().length() == 0) {
            this.emailAttribute = "mail";
        }
        if (DEBUG.messageEnabled()) {
            DEBUG.message("HOTP.sendSMS() : Using email attribute of " + this.emailAttribute);
        }
        Set attribute = aMIdentity.getAttribute(this.emailAttribute);
        String str = null;
        if (attribute != null && !attribute.isEmpty()) {
            str = (String) attribute.iterator().next();
            if (DEBUG.messageEnabled()) {
                DEBUG.message("HOTP.sendSMS() : IdRepo: email address found " + str + " with username : " + this.userName);
            }
        } else if (DEBUG.messageEnabled()) {
            DEBUG.message("HOTP.sendSMS() : IdRepo: no email found with username : " + this.userName);
        }
        return str;
    }

    private Set<String> getReturnAttributes() {
        HashSet hashSet = new HashSet(2);
        if (this.emailAttribute != null && this.emailAttribute.trim().length() != 0) {
            hashSet.add(this.emailAttribute);
        }
        if (this.telephoneAttribute != null && this.telephoneAttribute.trim().length() != 0) {
            hashSet.add(this.telephoneAttribute);
        }
        return hashSet;
    }
}
