package io.getlime.security.powerauth.crypto.lib.totp;

import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
import java.security.GeneralSecurityException;
import java.time.Duration;
import java.time.Instant;
import java.util.HexFormat;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/totp/Totp.class */
public final class Totp {
    private static final Logger logger = LoggerFactory.getLogger(Totp.class);
    private static final Duration DEFAULT_STEP_LENGTH = Duration.ofSeconds(30);
    private static final int[] DIGITS_POWER = {1, 10, 100, 1000, PowerAuthConfiguration.PBKDF_ITERATIONS, 100000, 1000000, 10000000, 100000000};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/getlime/security/powerauth/crypto/lib/totp/Totp$Algorithm.class */
    public enum Algorithm {
        HMAC_SHA256("HmacSHA256"),
        HMAC_SHA512("HmacSHA512");

        private final String code;

        Algorithm(String str) {
            this.code = str;
        }
    }

    private Totp() {
        throw new IllegalStateException("Should not be instantiated");
    }

    public static byte[] generateTotpSha256(byte[] bArr, Instant instant, int i) throws CryptoProviderException {
        return generateTotpSha256(bArr, instant, DEFAULT_STEP_LENGTH, i);
    }

    public static byte[] generateTotpSha256(byte[] bArr, Instant instant, Duration duration, int i) throws CryptoProviderException {
        return generateTotp(bArr, countTimeSteps(instant, duration), i, Algorithm.HMAC_SHA256.code);
    }

    public static byte[] generateTotpSha512(byte[] bArr, Instant instant, int i) throws CryptoProviderException {
        return generateTotpSha512(bArr, instant, DEFAULT_STEP_LENGTH, i);
    }

    public static byte[] generateTotpSha512(byte[] bArr, Instant instant, Duration duration, int i) throws CryptoProviderException {
        return generateTotp(bArr, countTimeSteps(instant, duration), i, Algorithm.HMAC_SHA512.code);
    }

    public static boolean validateTotpSha256(byte[] bArr, byte[] bArr2, Instant instant, int i) throws CryptoProviderException {
        return validateTotpSha256(bArr, bArr2, instant, i, 1, DEFAULT_STEP_LENGTH);
    }

    public static boolean validateTotpSha256(byte[] bArr, byte[] bArr2, Instant instant, int i, int i2, Duration duration) throws CryptoProviderException {
        return validateTotp(bArr, bArr2, instant, i, i2, duration, Algorithm.HMAC_SHA256.code);
    }

    public static boolean validateTotpSha512(byte[] bArr, byte[] bArr2, Instant instant, int i) throws CryptoProviderException {
        return validateTotpSha512(bArr, bArr2, instant, i, 1, DEFAULT_STEP_LENGTH);
    }

    public static boolean validateTotpSha512(byte[] bArr, byte[] bArr2, Instant instant, int i, int i2, Duration duration) throws CryptoProviderException {
        return validateTotp(bArr, bArr2, instant, i, i2, duration, Algorithm.HMAC_SHA512.code);
    }

    private static boolean validateTotp(byte[] bArr, byte[] bArr2, Instant instant, int i, int i2, Duration duration, String str) throws CryptoProviderException {
        logger.debug("Validating TOTP for instant={}, algorithm={}, steps={}, stepLength={}", new Object[]{instant, str, Integer.valueOf(i2), duration});
        if (bArr == null) {
            throw new CryptoProviderException("Otp is mandatory");
        }
        if (bArr.length != i) {
            throw new CryptoProviderException("Otp length %d is different from expected %d".formatted(Integer.valueOf(bArr.length), Integer.valueOf(i)));
        }
        if (i2 < 0) {
            throw new CryptoProviderException("Steps must not be negative number");
        }
        long countTimeSteps = countTimeSteps(instant, duration);
        for (int i3 = 0; i3 <= i2; i3++) {
            logger.debug("Validating TOTP for instant={}, algorithm={}, step={} out of allowed backward steps={}", new Object[]{instant, str, Integer.valueOf(i3), Integer.valueOf(i2)});
            if (Arrays.constantTimeAreEqual(generateTotp(bArr2, countTimeSteps - i3, bArr.length, str), bArr)) {
                return true;
            }
        }
        return false;
    }

    private static byte[] generateTotp(byte[] bArr, long j, int i, String str) throws CryptoProviderException {
        logger.debug("Generating TOTP for timeStep={}, algorithm={}", Long.valueOf(j), str);
        if (bArr == null) {
            throw new CryptoProviderException("Key is mandatory");
        }
        if (str == null) {
            throw new CryptoProviderException("Algorithm is mandatory");
        }
        if (i <= 0 || i >= DIGITS_POWER.length) {
            throw new CryptoProviderException("DigitsNumber must be positive number and smaller than " + DIGITS_POWER.length);
        }
        byte[] computeHash = computeHash(str, bArr, HexFormat.of().parseHex(padWithZeros(Long.toHexString(j), 16)));
        int i2 = computeHash[computeHash.length - 1] & 15;
        return padWithZeros(Integer.toString((((((computeHash[i2] & Byte.MAX_VALUE) << 24) | ((computeHash[i2 + 1] & 255) << 16)) | ((computeHash[i2 + 2] & 255) << 8)) | (computeHash[i2 + 3] & 255)) % DIGITS_POWER[i]), i).getBytes();
    }

    private static long countTimeSteps(Instant instant, Duration duration) throws CryptoProviderException {
        if (instant == null) {
            throw new CryptoProviderException("Instant is mandatory");
        }
        if (duration == null) {
            throw new CryptoProviderException("StepLength is mandatory");
        }
        return instant.getEpochSecond() / duration.getSeconds();
    }

    private static String padWithZeros(String str, int i) {
        return String.format("%1$" + i + "s", str).replace(' ', '0');
    }

    private static byte[] computeHash(String str, byte[] bArr, byte[] bArr2) throws CryptoProviderException {
        try {
            Mac mac = Mac.getInstance(str);
            mac.init(new SecretKeySpec(bArr, "RAW"));
            return mac.doFinal(bArr2);
        } catch (GeneralSecurityException e) {
            logger.error("Problem to compute hash for algorithm={}", str, e);
            throw new CryptoProviderException("Problem to compute hash for algorithm=" + str, e);
        }
    }
}
