package org.forgerock.openam.authentication.modules.oath;

import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.modules.hotp.HOTPAlgorithm;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchResults;
import com.sun.identity.idm.IdType;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.PasswordCallback;
import org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider;
import org.forgerock.openam.authentication.modules.oath.plugins.SharedSecretProvider;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;

@Deprecated
/* loaded from: input_file:org/forgerock/openam/authentication/modules/oath/OATH.class */
public class OATH extends AMLoginModule {
    protected Debug debug;
    private static final String AUTHLEVEL = "iplanet-am-auth-oath-auth-level";
    private static final String PASSWORD_LENGTH = "iplanet-am-auth-oath-password-length";
    private static final String SECRET_KEY_ATTRIBUTE_NAME = "iplanet-am-auth-oath-secret-key-attribute";
    private static final String WINDOW_SIZE = "iplanet-am-auth-oath-hotp-window-size";
    private static final String COUNTER_ATTRIBUTE_NAME = "iplanet-am-auth-oath-hotp-counter-attribute";
    private static final String TRUNCATION_OFFSET = "iplanet-am-auth-oath-truncation-offset";
    private static final String CHECKSUM = "iplanet-am-auth-oath-add-checksum";
    private static final String TOTP_TIME_STEP = "iplanet-am-auth-oath-size-of-time-step";
    private static final String TOTP_STEPS_IN_WINDOW = "iplanet-am-auth-oath-steps-in-window";
    private static final String ALGORITHM = "iplanet-am-auth-oath-algorithm";
    private static final String LAST_LOGIN_TIME_ATTRIBUTE_NAME = "iplanet-am-auth-oath-last-login-time-attribute-name";
    private static final String MIN_SECRET_KEY_LENGTH = "iplanet-am-auth-oath-min-secret-key-length";
    private static final String SHARED_SECRET_IMPLEMENTATION_CLASS = "forgerock-oath-sharedsecret-implementation-class";
    private static final String MAXIMUM_CLOCK_DRIFT = "forgerock-oath-maximum-clock-drift";
    private static final String OBSERVED_CLOCK_DRIFT_ATTRIBUTE_NAME = "forgerock-oath-observed-clock-drift-attribute-name";
    private static final int HOTP = 0;
    private static final int TOTP = 1;
    private static final int ERROR = 2;
    private static final int MIN_PASSWORD_LENGTH = 6;
    protected String amAuthOATH;
    private String UUID = null;
    private String userName = null;
    private Map options = null;
    private Map sharedState = null;
    private ResourceBundle bundle = null;
    private int passLen = HOTP;
    private int minSecretKeyLength = HOTP;
    private String secretKeyAttrName = null;
    private int windowSize = HOTP;
    private String counterAttrName = null;
    private String authLevel = null;
    private int truncationOffset = -1;
    private boolean checksum = false;
    private int totpTimeStep = HOTP;
    private int totpStepsInWindow = HOTP;
    private int totpMaxClockDrift = -1;
    private long timeInSeconds = 0;
    private String loginTimeAttrName = null;
    private boolean clockDriftCheckEnabled = false;
    private String observedClockDriftAttrName = null;
    private int algorithm = HOTP;
    private String sharedSecretImplClass = null;
    private final int START_STATE = ERROR;

    public OATH() {
        this.debug = null;
        this.amAuthOATH = null;
        this.amAuthOATH = "amAuthOATH";
        this.debug = Debug.getInstance(this.amAuthOATH);
    }

    public Principal getPrincipal() {
        if (this.UUID != null) {
            return new OATHPrincipal(this.UUID);
        }
        if (this.userName != null) {
            return new OATHPrincipal(this.userName);
        }
        return null;
    }

    public void init(Subject subject, Map map, Map map2) {
        if (this.debug.messageEnabled()) {
            this.debug.message("OATH::init");
        }
        this.options = map2;
        this.sharedState = map;
        this.bundle = amCache.getResBundle(this.amAuthOATH, getLoginLocale());
        try {
            this.authLevel = CollectionHelper.getMapAttr(map2, AUTHLEVEL);
            try {
                this.passLen = Integer.parseInt(CollectionHelper.getMapAttr(map2, PASSWORD_LENGTH));
            } catch (NumberFormatException e) {
                this.passLen = HOTP;
            }
            try {
                this.minSecretKeyLength = Integer.parseInt(CollectionHelper.getMapAttr(map2, MIN_SECRET_KEY_LENGTH));
            } catch (NumberFormatException e2) {
                this.minSecretKeyLength = HOTP;
            }
            this.secretKeyAttrName = CollectionHelper.getMapAttr(map2, SECRET_KEY_ATTRIBUTE_NAME);
            this.windowSize = Integer.parseInt(CollectionHelper.getMapAttr(map2, WINDOW_SIZE));
            this.counterAttrName = CollectionHelper.getMapAttr(map2, COUNTER_ATTRIBUTE_NAME);
            this.truncationOffset = Integer.parseInt(CollectionHelper.getMapAttr(map2, TRUNCATION_OFFSET));
            this.totpTimeStep = Integer.parseInt(CollectionHelper.getMapAttr(map2, TOTP_TIME_STEP));
            this.totpStepsInWindow = Integer.parseInt(CollectionHelper.getMapAttr(map2, TOTP_STEPS_IN_WINDOW));
            this.loginTimeAttrName = CollectionHelper.getMapAttr(map2, LAST_LOGIN_TIME_ATTRIBUTE_NAME);
            this.sharedSecretImplClass = CollectionHelper.getMapAttr(map2, SHARED_SECRET_IMPLEMENTATION_CLASS);
            this.totpMaxClockDrift = CollectionHelper.getIntMapAttr(map2, MAXIMUM_CLOCK_DRIFT, -1, this.debug);
            this.observedClockDriftAttrName = CollectionHelper.getMapAttr(map2, OBSERVED_CLOCK_DRIFT_ATTRIBUTE_NAME);
            String mapAttr = CollectionHelper.getMapAttr(map2, ALGORITHM);
            if (mapAttr.equalsIgnoreCase("HOTP")) {
                this.algorithm = HOTP;
            } else if (mapAttr.equalsIgnoreCase("TOTP")) {
                this.algorithm = TOTP;
            } else {
                this.algorithm = ERROR;
            }
            this.checksum = Boolean.parseBoolean(CollectionHelper.getMapAttr(map2, CHECKSUM));
            if (this.authLevel != null) {
                try {
                    setAuthLevel(Integer.parseInt(this.authLevel));
                } catch (Exception e3) {
                    this.debug.error("OATH.init(): Unable to set auth level " + this.authLevel, e3);
                }
            }
        } catch (Exception e4) {
            this.debug.error("OATH.init(): Unable to get module attributes", e4);
        }
        try {
            this.userName = (String) map.get(getUserKey());
        } catch (Exception e5) {
            this.debug.error("OATH.init(): Unable to get username: ", e5);
        }
    }

    public int process(Callback[] callbackArr, int i) throws AuthLoginException {
        try {
            if (this.userName == null || this.userName.length() == 0) {
                SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                InternalSession oldSession = getLoginState("OATH").getOldSession();
                if (oldSession == null) {
                    throw new AuthLoginException("amAuth", "noInternalSession", (Object[]) null);
                }
                SSOToken createSSOToken = sSOTokenManager.createSSOToken(oldSession.getID().toString());
                this.UUID = createSSOToken.getPrincipal().getName();
                this.userName = createSSOToken.getProperty("UserToken");
                if (this.debug.messageEnabled()) {
                    this.debug.message("OATH.process(): Username from SSOToken : " + this.userName);
                }
                if (this.userName == null || this.userName.length() == 0) {
                    throw new AuthLoginException("amAuth", "noUserName", (Object[]) null);
                }
            }
            switch (i) {
                case TOTP /* 1 */:
                    return ERROR;
                case ERROR /* 2 */:
                    if (callbackArr == null || callbackArr.length != ERROR) {
                        throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                    }
                    if (this.passLen < MIN_PASSWORD_LENGTH) {
                        this.debug.error("OATH.process(): Password length is less than 6");
                        throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                    }
                    String valueOf = String.valueOf(((PasswordCallback) callbackArr[HOTP]).getPassword());
                    if (StringUtils.isEmpty(valueOf)) {
                        this.debug.error("OATH.process(): invalid OTP code");
                        setFailureID(this.userName);
                        throw new InvalidPasswordException("amAuth", "invalidPasswd", (Object[]) null);
                    }
                    if (this.minSecretKeyLength <= 0) {
                        this.debug.error("OATH.process(): Min Secret Key Length is not a valid value");
                        throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                    }
                    if (StringUtils.isEmpty(this.secretKeyAttrName)) {
                        this.debug.error("OATH.process():  secret key attribute name is empty");
                        throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                    }
                    this.timeInSeconds = Time.currentTimeMillis() / 1000;
                    if (checkOTP(valueOf)) {
                        return -1;
                    }
                    setFailureID(this.userName);
                    throw new InvalidPasswordException("amAuth", "invalidPasswd", (Object[]) null);
                default:
                    return HOTP;
            }
        } catch (SSOException e) {
            this.debug.error("OATH.process(): SSOException", e);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        }
    }

    public void destroyModuleState() {
        this.UUID = null;
        this.userName = null;
    }

    public void nullifyUsedVars() {
        this.options = null;
        this.sharedState = null;
        this.bundle = null;
        this.secretKeyAttrName = null;
        this.counterAttrName = null;
        this.authLevel = null;
        this.amAuthOATH = null;
        this.loginTimeAttrName = null;
    }

    private boolean checkOTP(String str) throws AuthLoginException {
        AMIdentity identity = getIdentity(this.userName);
        if (identity == null) {
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        }
        byte[] sharedSecret = getSharedSecret(identity);
        try {
            if (this.algorithm == 0) {
                try {
                    if (StringUtils.isEmpty(this.counterAttrName)) {
                        this.debug.error("OATH.checkOTP() : invalid counter attribute name : ");
                        throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                    }
                    Set attribute = identity.getAttribute(this.counterAttrName);
                    if (attribute == null || attribute.isEmpty()) {
                        this.debug.error("OATH.checkOTP() : Counter value is empty or null");
                        throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                    }
                    try {
                        int parseInt = Integer.parseInt((String) attribute.iterator().next());
                        if (this.windowSize < 0) {
                            this.debug.error("OATH.checkOTP() : Window size is not valid");
                            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                        }
                        int i = parseInt + TOTP;
                        for (int i2 = HOTP; i2 <= this.windowSize; i2 += TOTP) {
                            if (isEqual(HOTPAlgorithm.generateOTP(sharedSecret, i + i2, this.passLen, this.checksum, this.truncationOffset), str)) {
                                setCounterAttr(identity, i + i2);
                                return true;
                            }
                        }
                        return false;
                    } catch (NumberFormatException e) {
                        this.debug.error("OATH.checkOTP() : Counter is not a valid number", e);
                        throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                    }
                } catch (IdRepoException e2) {
                    this.debug.error("OATH.checkOTP() : error getting counter attribute : ", e2);
                    throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                } catch (SSOException e3) {
                    this.debug.error("OATH.checkOTP() : error invalid repo id : " + identity, e3);
                    throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                }
            }
            if (this.algorithm != TOTP) {
                this.debug.error("OATH.checkOTP(): No OTP algorithm selected");
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            }
            validateTOTPParameters();
            this.clockDriftCheckEnabled = !StringUtils.isEmpty(this.observedClockDriftAttrName);
            HashSet hashSet = new HashSet();
            long j = 0;
            long j2 = 0;
            hashSet.add(this.loginTimeAttrName);
            if (this.clockDriftCheckEnabled) {
                hashSet.add(this.observedClockDriftAttrName);
            }
            try {
                Map attributes = identity.getAttributes(hashSet);
                if (attributes.isEmpty()) {
                    this.debug.error("OATH.checkOTP(): error TOTP attributes were empty");
                    throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                }
                String mapAttr = CollectionHelper.getMapAttr(attributes, this.loginTimeAttrName);
                if (mapAttr != null && !mapAttr.isEmpty()) {
                    j2 = Long.parseLong(mapAttr);
                }
                if (j2 < 0) {
                    this.debug.error("OATH.checkOTP(): invalid login time value: " + j2);
                    throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                }
                if (this.clockDriftCheckEnabled) {
                    String mapAttr2 = CollectionHelper.getMapAttr(attributes, this.observedClockDriftAttrName);
                    if (!StringUtils.isEmpty(mapAttr2)) {
                        j = Long.parseLong(mapAttr2);
                    } else if (this.debug.messageEnabled()) {
                        this.debug.message("OATH.checkOTP(): last observed time drift Set was empty");
                    }
                }
                long j3 = j2 / this.totpTimeStep;
                long j4 = (this.timeInSeconds / this.totpTimeStep) + (j / this.totpTimeStep);
                if (j3 == j4) {
                    this.debug.error("OATH.checkOTP(): Login failed attempting to use the same OTP in same Time Step: " + j4);
                    throw new InvalidPasswordException(this.amAuthOATH, "authFailed", (Object[]) null, this.userName, (Throwable) null);
                }
                boolean z = HOTP;
                if (j3 >= j4 - this.totpStepsInWindow && j3 <= j4 + this.totpStepsInWindow) {
                    if (this.debug.messageEnabled()) {
                        this.debug.message("OATH.checkOTP(): Login in the same TOTP window");
                    }
                    z = TOTP;
                }
                if (this.debug.messageEnabled()) {
                    this.debug.message("OATH.checkOTP(): values lastLoginTimeInSeconds: " + j2 + " lastLoginTimeStep: " + j3 + " sameWindow:" + z + " \n clockDriftSeconds:  " + j + " clockDriftCheckEnabled:  " + this.clockDriftCheckEnabled);
                }
                String num = Integer.toString(this.passLen);
                if (isEqual(TOTPAlgorithm.generateTOTP(sharedSecret, Long.toHexString(j4), num), str)) {
                    setLoginTime(identity, j4);
                    return true;
                }
                for (int i3 = TOTP; i3 <= this.totpStepsInWindow; i3 += TOTP) {
                    long j5 = j4 + i3;
                    long j6 = j4 - i3;
                    if (isEqual(TOTPAlgorithm.generateTOTP(sharedSecret, Long.toHexString(j5), num), str)) {
                        setLoginTime(identity, j5);
                        return true;
                    }
                    String generateTOTP = TOTPAlgorithm.generateTOTP(sharedSecret, Long.toHexString(j6), num);
                    if (isEqual(generateTOTP, str) && z) {
                        this.debug.error("OATH.checkOTP(): Login the same window with a OTP that is older than the current OTP");
                        return false;
                    }
                    if (isEqual(generateTOTP, str) && !z) {
                        setLoginTime(identity, j6);
                        return true;
                    }
                }
                return false;
            } catch (IdRepoException e4) {
                this.debug.error("OATH.checkOTP(): error getting TOTP attributes : ", e4);
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            } catch (SSOException e5) {
                this.debug.error("OATH.checkOTP(): error invalid repo id : " + identity, e5);
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            }
        } catch (AuthLoginException e6) {
            throw e6;
        } catch (Exception e7) {
            this.debug.error("OATH.checkOTP(): checkOTP process failed : ", e7);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v51, types: [org.forgerock.openam.authentication.modules.oath.plugins.SharedSecretProvider] */
    private byte[] getSharedSecret(AMIdentity aMIdentity) throws AuthLoginException {
        DefaultSharedSecretProvider defaultSharedSecretProvider;
        String str = HOTP;
        try {
            Set attribute = aMIdentity.getAttribute(this.secretKeyAttrName);
            if (!CollectionUtils.isEmpty(attribute)) {
                str = (String) attribute.iterator().next();
            }
            if (StringUtils.isEmpty(str)) {
                this.debug.error("OATH.getSharedSecret(): Secret key is empty");
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            }
            try {
                if (StringUtils.isEmpty(this.sharedSecretImplClass)) {
                    this.debug.error("OATH.getSharedSecret(): SharedSecretProvider class is empty falling back to default implementation");
                    defaultSharedSecretProvider = new DefaultSharedSecretProvider();
                } else {
                    defaultSharedSecretProvider = (SharedSecretProvider) Class.forName(this.sharedSecretImplClass).asSubclass(SharedSecretProvider.class).newInstance();
                }
                this.debug.message("Invoking SharedSecretProvider hook using:" + this.sharedSecretImplClass);
                byte[] sharedSecret = defaultSharedSecretProvider.getSharedSecret(str);
                if (HOTP == sharedSecret) {
                    this.debug.error("OATH.getSharedSecret() SharedSecretProvider returned null value");
                    throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
                }
                if (sharedSecret.length * ERROR >= this.minSecretKeyLength) {
                    return sharedSecret;
                }
                this.debug.error("OATH.getSharedSecret(): Secret key of length " + (sharedSecret.length * ERROR) + " is less than the minimum secret key length of " + this.minSecretKeyLength);
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            } catch (ClassNotFoundException e) {
                this.debug.error("OATH.getSharedSecret() Unable to find SharedSecretProvider Class:" + this.sharedSecretImplClass, e);
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            } catch (IllegalAccessException e2) {
                this.debug.error("OATH.getSharedSecret()", e2);
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            } catch (InstantiationException e3) {
                this.debug.error("OATH.getSharedSecret()", e3);
                throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
            }
        } catch (IdRepoException e4) {
            this.debug.error("OATH.getSharedSecret(): error getting secret key attribute: ", e4);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        } catch (SSOException e5) {
            this.debug.error("OATH.getSharedSecret(): error invalid repo id: " + aMIdentity, e5);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        }
    }

    private AMIdentity getIdentity(String str) {
        AMIdentity aMIdentity = HOTP;
        AMIdentityRepository aMIdentityRepository = getAMIdentityRepository(getRequestOrg());
        IdSearchControl idSearchControl = new IdSearchControl();
        idSearchControl.setRecursive(true);
        idSearchControl.setAllReturnAttributes(true);
        Set set = Collections.EMPTY_SET;
        try {
            idSearchControl.setMaxResults(HOTP);
            IdSearchResults searchIdentities = aMIdentityRepository.searchIdentities(IdType.USER, str, idSearchControl);
            if (searchIdentities != null) {
                set = searchIdentities.getSearchResults();
            }
        } catch (IdRepoException e) {
            this.debug.error("OATH.getIdentity: error searching Identities with username : " + this.userName, e);
        } catch (SSOException e2) {
            this.debug.error("OATH.getIdentity: AuthOATH module exception : ", e2);
        }
        if (set == null || set.isEmpty()) {
            throw new IdRepoException("OATH.getIdentity : User " + this.userName + " is not found");
        }
        if (set.size() > TOTP) {
            throw new IdRepoException("OATH.getIdentity: More than one user found for the userName: " + this.userName);
        }
        aMIdentity = (AMIdentity) set.iterator().next();
        return aMIdentity;
    }

    private void setCounterAttr(AMIdentity aMIdentity, int i) throws AuthLoginException {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(Integer.toString(i));
        hashMap.put(this.counterAttrName, hashSet);
        try {
            aMIdentity.setAttributes(hashMap);
            aMIdentity.store();
        } catch (IdRepoException e) {
            this.debug.error("OATH.setCounterAttr : error setting counter attribute to : " + i, e);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        } catch (SSOException e2) {
            this.debug.error("OATH.setCounterAttr : error invalid token for id : " + aMIdentity, e2);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        }
    }

    private void setLoginTime(AMIdentity aMIdentity, long j) throws AuthLoginException {
        HashMap hashMap = new HashMap();
        hashMap.put(this.loginTimeAttrName, Collections.singleton(Long.toString(j * this.totpTimeStep)));
        long j2 = 0;
        if (this.clockDriftCheckEnabled) {
            j2 = j - (this.timeInSeconds / this.totpTimeStep);
            if (Math.abs(j2) > this.totpMaxClockDrift) {
                setFailureID(this.userName);
                throw new InvalidPasswordException(this.amAuthOATH, "outOfSync", (Object[]) null, this.userName, (Throwable) null);
            }
            hashMap.put(this.observedClockDriftAttrName, Collections.singleton(Long.toString(((int) j2) * this.totpTimeStep)));
        }
        try {
            aMIdentity.setAttributes(hashMap);
            aMIdentity.store();
        } catch (SSOException e) {
            this.debug.error("OATH.setLoginTime: error invalid token for id : " + aMIdentity, e);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        } catch (IdRepoException e2) {
            this.debug.error("OATH.setLoginTime: error setting attributes time: " + j + (this.clockDriftCheckEnabled ? " observedClockDrift:" + j2 : ""), e2);
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        }
    }

    private void validateTOTPParameters() throws AuthLoginException {
        StringBuilder sb = new StringBuilder();
        if (StringUtils.isEmpty(this.loginTimeAttrName)) {
            sb.append("Login time attribute name is empty \n");
        }
        if (this.clockDriftCheckEnabled && StringUtils.isEmpty(this.observedClockDriftAttrName)) {
            sb.append("Observed time drift attribute name is empty \n");
        }
        if (this.totpTimeStep <= 0) {
            sb.append("Invalid TOTP time step interval: " + this.totpTimeStep + " \n");
        }
        if (this.totpStepsInWindow < 0) {
            sb.append("Invalid TOTP steps in window value: " + this.totpStepsInWindow);
        }
        if (sb.length() > 0) {
            this.debug.error("OATH.validateTOTPParameters(): Invalid settings : " + sb.toString());
            throw new AuthLoginException(this.amAuthOATH, "authFailed", (Object[]) null);
        }
    }

    private boolean isEqual(String str, String str2) {
        return MessageDigest.isEqual(str.getBytes(), str2.getBytes());
    }
}
