package com.duosecurity;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-duo-1.0.0-M5.jar:com/duosecurity/DuoWeb.class */
public final class DuoWeb {
    private static final String DUO_PREFIX = "TX";
    private static final String APP_PREFIX = "APP";
    private static final String AUTH_PREFIX = "AUTH";
    private static final int DUO_EXPIRE = 300;
    private static final int APP_EXPIRE = 3600;
    private static final int IKEY_LEN = 20;
    private static final int SKEY_LEN = 40;
    private static final int AKEY_LEN = 40;
    public static final String ERR_USER = "ERR|The username passed to sign_request() is invalid.";
    public static final String ERR_IKEY = "ERR|The Duo integration key passed to sign_request() is invalid.";
    public static final String ERR_SKEY = "ERR|The Duo secret key passed to sign_request() is invalid.";
    public static final String ERR_AKEY = "ERR|The application secret key passed to sign_request() must be at least 40 characters.";
    public static final String ERR_UNKNOWN = "ERR|An unknown error has occurred.";
    private static final Logger logger = LoggerFactory.getLogger(DuoWeb.class);

    public static String signRequest(String str, String str2, String str3, String str4) {
        logger.debug("username '{}'", str4);
        if (str4.equals("")) {
            logger.debug("username is empty");
            return ERR_USER;
        }
        if (str.equals("") || str.length() != 20) {
            logger.debug("ikey '{}' is invalid", str);
            return ERR_IKEY;
        }
        if (str2.equals("") || str2.length() != 40) {
            logger.debug("skey '{}' is invalid", str2);
            return ERR_SKEY;
        }
        if (str3.equals("") || str3.length() < 40) {
            logger.debug("akey '{}' is invalid", str3);
            return ERR_AKEY;
        }
        try {
            String signVals = signVals(str2, str4, str, DUO_PREFIX, 300);
            String signVals2 = signVals(str3, str4, str, APP_PREFIX, 3600);
            logger.debug("The generated signed request: '{}:{}'", signVals, signVals2);
            return String.valueOf(signVals) + ":" + signVals2;
        } catch (Exception e) {
            logger.error("Exception is caught during an attempt to signVals()", (Throwable) e);
            return ERR_UNKNOWN;
        }
    }

    public static String verifyResponse(String str, String str2, String str3, String str4) {
        logger.debug("Verifying sig_response: '{}'", str4);
        try {
            String[] split = str4.split(":");
            String str5 = split[0];
            String str6 = split[1];
            String parseVals = parseVals(str2, str5, AUTH_PREFIX);
            String parseVals2 = parseVals(str3, str6, APP_PREFIX);
            if (parseVals != null) {
                if (!((parseVals2 == null) | (!parseVals.equals(parseVals2)))) {
                    return parseVals;
                }
            }
            logger.debug("auth_user '{}' does not match app_user '{}' Returning null...", parseVals, parseVals2);
            return null;
        } catch (Exception e) {
            logger.error("Exception is caught during an attempt to parseVals(). Returning null...", (Throwable) e);
            return null;
        }
    }

    private static String signVals(String str, String str2, String str3, String str4, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        String str5 = String.valueOf(str4) + "|" + Base64.encodeBytes((String.valueOf(str2) + "|" + str3 + "|" + Long.toString((System.currentTimeMillis() / 1000) + i)).getBytes());
        return String.valueOf(str5) + "|" + Util.hmacSign(str, str5);
    }

    private static String parseVals(String str, String str2, String str3) throws InvalidKeyException, NoSuchAlgorithmException, IOException {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        String[] split = str2.split("\\|");
        String str4 = split[0];
        String str5 = split[1];
        String str6 = split[2];
        String hmacSign = Util.hmacSign(str, String.valueOf(str4) + "|" + str5);
        if (!Util.hmacSign(str, hmacSign).equals(Util.hmacSign(str, str6))) {
            logger.debug("Hmac of sig '{}' does not match hmac of u_sig '{}' for key '{}'. Returning null for prefix '{}'", hmacSign, str6, str, str3);
            return null;
        }
        if (!str4.equals(str3)) {
            logger.debug("u_prefix '{}' does not match prefix '{}'. Returning null...", str4, str3);
            return null;
        }
        String[] split2 = new String(Base64.decode(str5)).split("\\|");
        String str7 = split2[0];
        long parseLong = Long.parseLong(split2[2]);
        if (currentTimeMillis < parseLong) {
            return str7;
        }
        logger.debug("Current timestamp '{}' is >= expire timestamp (from Duo server) '{}'. Returning null...", Long.valueOf(currentTimeMillis), Long.valueOf(parseLong));
        return null;
    }
}
