package com.centrify.directcontrol.otp;

import android.content.Context;
import android.net.Uri;
import android.support.annotation.NonNull;
import com.centrify.agent.samsung.utils.LogUtil;
import com.centrify.android.CentrifyHttpException;
import com.centrify.android.centrifypreference.CentrifyPreferenceUtils;
import com.centrify.android.rest.CentrifyRestService;
import com.centrify.android.rest.JSONTags;
import com.centrify.android.rest.RestServiceFactory;
import com.centrify.android.rest.data.OTPEnrollResult;
import com.centrify.android.rest.data.OtpSaveProfilerResult;
import com.centrify.android.rest.data.SubmitOTPResult;
import com.centrify.android.utils.AppUtils;
import com.centrify.android.utils.SecurityUtils;
import com.centrify.directcontrol.CentrifyApplication;
import com.centrify.directcontrol.otp.Base32String;
import com.centrify.directcontrol.otp.OtpAccount;
import com.centrify.directcontrol.otp.PasscodeGenerator;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class OTPUtil {
    private static final String ALGORITHM = "algorithm";
    private static final String DIGITS = "digits";
    private static final String END_POINT_URL = "endpointUrl";
    private static final String HMACMD5 = "HmacMD5";
    private static final String HMACSHA1 = "HmacSha1";
    private static final String HMACSHA256 = "HmacSha256";
    private static final String HMACSHA512 = "HmacSha512";
    private static final String ISSUER = "issuer";
    private static final int MAX_DIGITS = 8;
    private static final String MD5 = "Md5";
    private static final int MIN_DIGITS = 6;
    private static final int ONE_SECOND_IN_MILLISECOND = 1000;
    private static final String OTP_CODE = "otpCode";
    private static final String OTP_SCHEME = "otpauth";
    private static final String PERIOD = "period";
    private static final String SECRET_PARAM = "secret";
    private static final String SHA1 = "Sha1";
    private static final String SHA256 = "Sha256";
    private static final String SHA512 = "Sha512";
    private static final String TAG = "OTPUtil";

    private OTPUtil() {
    }

    private static String convertAlgorithm(String str) {
        if (StringUtils.equalsIgnoreCase("Sha1", str)) {
            return HMACSHA1;
        }
        if (StringUtils.equalsIgnoreCase(SHA256, str)) {
            return HMACSHA256;
        }
        if (StringUtils.equalsIgnoreCase(SHA512, str)) {
            return HMACSHA512;
        }
        if (StringUtils.equalsIgnoreCase(MD5, str)) {
            return HMACMD5;
        }
        LogUtil.error(TAG, "unknown algorithm: " + str);
        return null;
    }

    private static JSONObject convertToJsonObject(OtpAccount otpAccount) throws JSONException, OtpException {
        JSONObject jSONObject = new JSONObject();
        String uuid = otpAccount.getUuid();
        if (StringUtils.isNotBlank(uuid)) {
            jSONObject.put("Uuid", uuid);
        }
        jSONObject.put("Issuer", otpAccount.getIssuer());
        String accountName = otpAccount.getAccountName();
        if (StringUtils.isBlank(accountName)) {
            throw new OtpException("missing account name");
        }
        jSONObject.put(JSONTags.OTP_ACCOUNT_NAME, accountName);
        String base32Secret = otpAccount.getBase32Secret();
        if (StringUtils.isBlank(base32Secret)) {
            throw new OtpException("missing secret");
        }
        jSONObject.put(JSONTags.OTP_BASE32_SECRET, base32Secret);
        String hmacAlgorithm = otpAccount.getHmacAlgorithm();
        if (StringUtils.isBlank(hmacAlgorithm)) {
            throw new OtpException("missing algorithm");
        }
        jSONObject.put("Algorithm", hmacAlgorithm);
        int digits = otpAccount.getDigits();
        if (digits == -1) {
            throw new OtpException("missing digits");
        }
        jSONObject.put(JSONTags.OTP_DIGITS, digits);
        int period = otpAccount.getPeriod();
        if (period == -1) {
            throw new OtpException("missing period");
        }
        jSONObject.put(JSONTags.OTP_PERIOD, period);
        String oathType = otpAccount.getOathType();
        if (StringUtils.isBlank(oathType)) {
            throw new OtpException("missing type");
        }
        jSONObject.put("Type", oathType);
        jSONObject.put(JSONTags.OTP_AUTH_END_POINT_URL, otpAccount.getAuthEndPointUrl());
        return jSONObject;
    }

    public static JSONObject deleteProfiles(Context context, OtpAccount otpAccount) throws JSONException, CentrifyHttpException, IOException {
        CentrifyRestService createRestService = RestServiceFactory.createRestService(context);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(JSONTags.OTP_UUIDS, new JSONArray().put(otpAccount.getUuid()));
        return createRestService.deleteProfiles(jSONObject);
    }

    public static int getCountDown(OtpAccount otpAccount) {
        if (StringUtils.isBlank(otpAccount.getOtpCode())) {
            return otpAccount.getPeriod();
        }
        return (int) ((otpAccount.getPeriod() * (otpAccount.getCurrentRound() + 1)) - (System.currentTimeMillis() / 1000));
    }

    public static String getCurrentEndPointUrl() {
        String string = CentrifyPreferenceUtils.getString("POD_URL", null);
        if (StringUtils.isBlank(string)) {
            string = CentrifyPreferenceUtils.getString("LOGINURL", null);
        }
        String string2 = CentrifyPreferenceUtils.getString("LI_USERID", null);
        if (StringUtils.isNoneBlank(string) && StringUtils.isNoneBlank(string2)) {
            return Uri.parse(string).buildUpon().appendPath("security").appendPath("SubmitOathOtpCode").appendQueryParameter("userUuid", string2).build().toString();
        }
        LogUtil.error(TAG, "url: " + string + " userID " + string2 + " is Null");
        return null;
    }

    private static String getOTPCode(String str) {
        OtpAccount account = CentrifyApplication.getAppInstance().getOtpAccountManager().getAccount(str);
        if (account == null) {
            return null;
        }
        long j = 0;
        if (StringUtils.equalsIgnoreCase(account.getOathType(), OtpAccount.TOTP)) {
            j = account.getCurrentRound();
        } else if (StringUtils.equals(account.getOathType(), OtpAccount.HOTP)) {
            LogUtil.error(TAG, "we don't support the HOTP");
        }
        return makePCode(account, j);
    }

    public static OTPEnrollResult getProfileListForDevice(Context context) throws CentrifyHttpException, IOException, JSONException {
        return RestServiceFactory.createRestService(context).getProfileListForDevice();
    }

    public static PasscodeGenerator.Signer getSigningOracle(OtpAccount otpAccount) throws Base32String.DecodingException, NoSuchAlgorithmException, InvalidKeyException {
        byte[] decode = Base32String.decode(otpAccount.getBase32Secret());
        final Mac mac = Mac.getInstance(convertAlgorithm(otpAccount.getHmacAlgorithm()));
        mac.init(new SecretKeySpec(decode, ""));
        return new PasscodeGenerator.Signer() { // from class: com.centrify.directcontrol.otp.OTPUtil.1
            @Override // com.centrify.directcontrol.otp.PasscodeGenerator.Signer
            public byte[] sign(byte[] bArr) {
                return mac.doFinal(bArr);
            }
        };
    }

    public static String getSubmitOtpUrl(@NonNull OtpAccount otpAccount) {
        if (StringUtils.isNoneBlank(otpAccount.getAuthEndPointUrl()) && StringUtils.isNoneBlank(otpAccount.getOtpCode())) {
            return otpAccount.getAuthEndPointUrl() + "&otpCode=" + otpAccount.getOtpCode();
        }
        LogUtil.info(TAG, "getSubmitOtpUrl is null");
        return null;
    }

    public static boolean isCurrentUserOtp(@NonNull OtpAccount otpAccount) {
        String authEndPointUrl = otpAccount.getAuthEndPointUrl();
        if (StringUtils.isBlank(authEndPointUrl)) {
            return false;
        }
        String string = CentrifyPreferenceUtils.getString("POD_URL", null);
        if (StringUtils.isBlank(string)) {
            string = CentrifyPreferenceUtils.getString("LOGINURL", null);
        }
        String string2 = CentrifyPreferenceUtils.getString("LI_USERID", null);
        if (!StringUtils.isNoneBlank(string) || !StringUtils.isNoneBlank(string2)) {
            return false;
        }
        Uri parse = Uri.parse(string);
        Uri parse2 = Uri.parse(authEndPointUrl);
        return StringUtils.equalsIgnoreCase(parse.getHost(), parse2.getHost()) && StringUtils.equalsIgnoreCase(string2, parse2.getQueryParameter("userUuid"));
    }

    public static boolean isSubmitCodeSupported(@NonNull OtpAccount otpAccount) {
        return AppUtils.isCloud177Above() && StringUtils.isNotBlank(otpAccount.getAuthEndPointUrl()) && otpAccount.getUsage() != OtpAccount.Usage.OfflineOtp;
    }

    private static String makePCode(OtpAccount otpAccount, long j) {
        try {
            return new PasscodeGenerator(getSigningOracle(otpAccount), otpAccount.getDigits()).generateResponseCode(j);
        } catch (Base32String.DecodingException e) {
            LogUtil.error(TAG, e);
            return null;
        } catch (IllegalStateException e2) {
            LogUtil.error(TAG, e2);
            return null;
        } catch (InvalidKeyException e3) {
            LogUtil.error(TAG, e3);
            return null;
        } catch (NoSuchAlgorithmException e4) {
            LogUtil.error(TAG, e4);
            return null;
        } catch (GeneralSecurityException e5) {
            LogUtil.error(TAG, e5);
            return null;
        }
    }

    public static OtpAccount parseSecret(Uri uri) throws OtpException, JSONException {
        String scheme = uri.getScheme();
        if (!StringUtils.equalsIgnoreCase(scheme, OTP_SCHEME)) {
            LogUtil.error(TAG, "The uri doesn't follow the otp scheme expected : otpauth but " + scheme);
            throw new OtpException("The uri doesn't follow the otp scheme expected : otpauth but " + scheme);
        }
        OtpAccount otpAccount = new OtpAccount();
        String authority = uri.getAuthority();
        if (StringUtils.equalsIgnoreCase(OtpAccount.HOTP, authority)) {
            LogUtil.error(TAG, "HOTP is not supported");
            throw new OtpException("HOTP is not supported");
        }
        if (!StringUtils.equalsIgnoreCase(OtpAccount.TOTP, authority)) {
            LogUtil.error(TAG, "unknown oath type: " + authority + ", it should be TOTP");
            throw new OtpException("unknown oath type: " + authority + ", it should be TOTP");
        }
        otpAccount.setOathType(StringUtils.capitalize(authority.toLowerCase()));
        LogUtil.info(TAG, "type: " + otpAccount.getOathType());
        String queryParameter = uri.getQueryParameter("secret");
        if (StringUtils.isBlank(queryParameter) || queryParameter.length() < 2) {
            LogUtil.error(TAG, "invalid secret");
            throw new OtpException("invalid secret");
        }
        otpAccount.setBase32Secret(queryParameter);
        String queryParameter2 = uri.getQueryParameter(ALGORITHM);
        if (StringUtils.isBlank(queryParameter2)) {
            otpAccount.setHmacAlgorithm("Sha1");
        } else {
            otpAccount.setHmacAlgorithm(StringUtils.capitalize(queryParameter2.toLowerCase()));
        }
        LogUtil.info(TAG, "Algorithm: " + otpAccount.getHmacAlgorithm());
        String queryParameter3 = uri.getQueryParameter(DIGITS);
        if (StringUtils.isBlank(queryParameter3)) {
            otpAccount.setDigits(6);
        } else {
            int intValue = Integer.valueOf(queryParameter3).intValue();
            if (intValue < 6 || intValue > 8) {
                LogUtil.error(TAG, "DIGITS : " + intValue + " should be in between 6 And 8");
                throw new OtpException("DIGITS : " + intValue + " should be in between 6 And 8");
            }
            otpAccount.setDigits(intValue);
        }
        LogUtil.info(TAG, "digits: " + otpAccount.getDigits());
        String queryParameter4 = uri.getQueryParameter(PERIOD);
        if (StringUtils.isBlank(queryParameter4)) {
            otpAccount.setPeriod(30);
        } else {
            otpAccount.setPeriod(Integer.valueOf(queryParameter4).intValue());
        }
        LogUtil.info(TAG, "period: " + otpAccount.getPeriod());
        String path = uri.getPath();
        if (path == null || !path.startsWith("/")) {
            LogUtil.error(TAG, "invalid issuer or account name");
            throw new OtpException("invalid issuer or account name");
        }
        String trim = path.substring(1).trim();
        LogUtil.info(TAG, "label: " + trim);
        int indexOf = trim.indexOf(58);
        String queryParameter5 = uri.getQueryParameter(ISSUER);
        if (StringUtils.isBlank(queryParameter5)) {
            queryParameter5 = indexOf < 0 ? "" : trim.substring(0, indexOf);
        }
        otpAccount.setIssuer(queryParameter5);
        LogUtil.info(TAG, "issuer: " + otpAccount.getIssuer());
        String substring = trim.substring(indexOf >= 0 ? indexOf + 1 : 0);
        if (StringUtils.isBlank(substring)) {
            LogUtil.error(TAG, "Cannot find account name");
            throw new OtpException("Cannot find account name");
        }
        otpAccount.setAccountName(substring);
        LogUtil.info(TAG, "AccountName: " + otpAccount.getAccountName());
        otpAccount.setAuthEndPointUrl(uri.getQueryParameter(END_POINT_URL));
        if (isCurrentUserOtp(otpAccount)) {
            otpAccount.setOtpAccountCma(1);
        }
        return otpAccount;
    }

    public static OtpSaveProfilerResult saveProfile(Context context, String str, OtpAccount otpAccount) throws JSONException, OtpException, CentrifyHttpException, IOException {
        return RestServiceFactory.createRestService(context).saveProfile(str, convertToJsonObject(otpAccount));
    }

    public static void setOtpCodeAndRound(OtpAccount otpAccount) {
        if (otpAccount == null) {
            LogUtil.error(TAG, "the otp account is null");
            return;
        }
        long currentTimeMillis = (System.currentTimeMillis() / 1000) / otpAccount.getPeriod();
        if (otpAccount.getCurrentRound() != currentTimeMillis) {
            otpAccount.setCurrentRound(currentTimeMillis);
            otpAccount.setOtpCode(getOTPCode(otpAccount.getUuid()));
        }
    }

    public static SubmitOTPResult submitOtpCode(Context context, OtpAccount otpAccount, boolean z, String str) throws CentrifyHttpException, IOException, JSONException {
        LogUtil.info(TAG, "submitOtpCode-begin code generation time is: " + otpAccount.getCodeGeneratedTimeInMilliSecond() + " userAccepted: " + z);
        try {
            LogUtil.info(TAG, "the otp code in hash is: " + SecurityUtils.sha256(otpAccount.getOtpCode().getBytes("utf-8")));
        } catch (UnsupportedEncodingException e) {
            LogUtil.error(TAG, "failed to get the code in hash", e);
        }
        SubmitOTPResult submitOtpCode = RestServiceFactory.createRestService(context).submitOtpCode(otpAccount.getOtpCode(), otpAccount.getOtpSecretVersion(), otpAccount.getCodeGeneratedTimeInMilliSecond(), z, otpAccount.getPeriod(), str, otpAccount.getUuid());
        LogUtil.info(TAG, "submitOtpCode-end");
        return submitOtpCode;
    }
}
