package cn.dev33.satoken.secure.totp;

import cn.dev33.satoken.exception.TotpAuthException;
import cn.dev33.satoken.secure.SaBase32Util;
import cn.dev33.satoken.util.StrFormatter;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.time.Instant;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:cn/dev33/satoken/secure/totp/SaTotpTemplate.class */
public class SaTotpTemplate {
    public int timeStep;
    public int codeDigits;
    public String hmacAlgorithm;
    public int secretKeyLength;

    public SaTotpTemplate() {
        this.timeStep = 30;
        this.codeDigits = 6;
        this.hmacAlgorithm = "HmacSHA1";
        this.secretKeyLength = 16;
    }

    public SaTotpTemplate(int i, int i2, String str, int i3) {
        this.timeStep = 30;
        this.codeDigits = 6;
        this.hmacAlgorithm = "HmacSHA1";
        this.secretKeyLength = 16;
        this.timeStep = i;
        this.codeDigits = i2;
        this.hmacAlgorithm = str;
        this.secretKeyLength = i3;
    }

    public String generateSecretKey() {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[this.secretKeyLength];
        secureRandom.nextBytes(bArr);
        return SaBase32Util.encodeBytesToString(bArr).replace("=", "");
    }

    public String _generateTOTP(String str) {
        return _generateTOTP(str, Instant.now().getEpochSecond());
    }

    public boolean validateTOTP(String str, String str2, int i) {
        long epochSecond = Instant.now().getEpochSecond() / this.timeStep;
        for (int i2 = -i; i2 <= i; i2++) {
            if (_generateTOTP(str, (epochSecond + i2) * this.timeStep).equals(str2)) {
                return true;
            }
        }
        return false;
    }

    public void checkTOTP(String str, String str2, int i) {
        if (!validateTOTP(str, str2, i)) {
            throw new TotpAuthException();
        }
    }

    public String generateGoogleSecretKey(String str) {
        return generateGoogleSecretKey(str, generateSecretKey());
    }

    public String generateGoogleSecretKey(String str, String str2) {
        return StrFormatter.format("otpauth://totp/{}?secret={}", str, str2);
    }

    protected String _generateTOTP(String str, long j) {
        byte[] decodeStringToBytes = SaBase32Util.decodeStringToBytes(str);
        byte[] array = ByteBuffer.allocate(8).putLong(j / this.timeStep).array();
        try {
            Mac mac = Mac.getInstance(this.hmacAlgorithm);
            mac.init(new SecretKeySpec(decodeStringToBytes, this.hmacAlgorithm));
            byte[] doFinal = mac.doFinal(array);
            int i = doFinal[doFinal.length - 1] & 15;
            return String.format("%0" + this.codeDigits + "d", Integer.valueOf((((((doFinal[i] & Byte.MAX_VALUE) << 24) | ((doFinal[i + 1] & 255) << 16)) | ((doFinal[i + 2] & 255) << 8)) | (doFinal[i + 3] & 255)) % ((int) Math.pow(10.0d, this.codeDigits))));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("TOTP生成失败", e);
        }
    }
}
