package com.duosecurity;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import net.sf.ehcache.distribution.PayloadUtil;

/* loaded from: input_file:WEB-INF/lib/cas-mfa-duo-1.0.0-RC3.jar:com/duosecurity/DuoWeb.class */
public final class DuoWeb {
    private static final String DUO_PREFIX = "TX";
    private static final String APP_PREFIX = "APP";
    private static final String AUTH_PREFIX = "AUTH";
    private static final int DUO_EXPIRE = 300;
    private static final int APP_EXPIRE = 3600;
    private static final int IKEY_LEN = 20;
    private static final int SKEY_LEN = 40;
    private static final int AKEY_LEN = 40;
    public static final String ERR_USER = "ERR|The username passed to sign_request() is invalid.";
    public static final String ERR_IKEY = "ERR|The Duo integration key passed to sign_request() is invalid.";
    public static final String ERR_SKEY = "ERR|The Duo secret key passed to sign_request() is invalid.";
    public static final String ERR_AKEY = "ERR|The application secret key passed to sign_request() must be at least 40 characters.";
    public static final String ERR_UNKNOWN = "ERR|An unknown error has occurred.";

    public static String signRequest(String str, String str2, String str3, String str4) {
        if (str4.equals("") || str4.indexOf(124) != -1) {
            return ERR_USER;
        }
        if (str.equals("") || str.length() != 20) {
            return ERR_IKEY;
        }
        if (str2.equals("") || str2.length() != 40) {
            return ERR_SKEY;
        }
        if (str3.equals("") || str3.length() < 40) {
            return ERR_AKEY;
        }
        try {
            return String.valueOf(signVals(str2, str4, str, DUO_PREFIX, 300)) + ":" + signVals(str3, str4, str, APP_PREFIX, 3600);
        } catch (Exception unused) {
            return ERR_UNKNOWN;
        }
    }

    public static String verifyResponse(String str, String str2, String str3, String str4) throws DuoWebException, NoSuchAlgorithmException, InvalidKeyException, IOException {
        String[] split = str4.split(":");
        String str5 = split[0];
        String str6 = split[1];
        String parseVals = parseVals(str2, str5, AUTH_PREFIX, str);
        if (parseVals.equals(parseVals(str3, str6, APP_PREFIX, str))) {
            return parseVals;
        }
        throw new DuoWebException("Authentication failed.");
    }

    private static String signVals(String str, String str2, String str3, String str4, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        String str5 = String.valueOf(str4) + PayloadUtil.URL_DELIMITER + Base64.encodeBytes((String.valueOf(str2) + PayloadUtil.URL_DELIMITER + str3 + PayloadUtil.URL_DELIMITER + Long.toString((System.currentTimeMillis() / 1000) + i)).getBytes());
        return String.valueOf(str5) + PayloadUtil.URL_DELIMITER + Util.hmacSign(str, str5);
    }

    private static String parseVals(String str, String str2, String str3, String str4) throws InvalidKeyException, NoSuchAlgorithmException, IOException, DuoWebException {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        String[] split = str2.split("\\|");
        if (split.length != 3) {
            throw new DuoWebException("Invalid response");
        }
        String str5 = split[0];
        String str6 = split[1];
        if (!Util.hmacSign(str, Util.hmacSign(str, String.valueOf(str5) + PayloadUtil.URL_DELIMITER + str6)).equals(Util.hmacSign(str, split[2]))) {
            throw new DuoWebException("Invalid response");
        }
        if (!str5.equals(str3)) {
            throw new DuoWebException("Invalid response");
        }
        String[] split2 = new String(Base64.decode(str6)).split("\\|");
        if (split2.length != 3) {
            throw new DuoWebException("Invalid response");
        }
        String str7 = split2[0];
        String str8 = split2[1];
        String str9 = split2[2];
        if (!str8.equals(str4)) {
            throw new DuoWebException("Invalid response");
        }
        if (currentTimeMillis >= Long.parseLong(str9)) {
            throw new DuoWebException("Transaction has expired. Please check that the system time is correct.");
        }
        return str7;
    }
}
