package si.irm.mm.ejb.user;

import com.google.zxing.BarcodeFormat;
import com.google.zxing.MultiFormatWriter;
import com.google.zxing.WriterException;
import com.google.zxing.client.j2se.MatrixToImageWriter;
import com.google.zxing.common.BitMatrix;
import de.taimos.totp.TOTP;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.binary.Hex;
import si.irm.mm.ejb.SettingsEJBLocal;
import si.irm.mm.entities.Nuser;
import si.irm.mm.enums.SNastavitveNaziv;
import si.irm.mm.exceptions.CheckException;
import si.irm.mm.messages.TransKey;
import si.irm.mm.util.QueryUtils;
import si.irm.mm.utils.data.MarinaProxy;

@Stateless
/* loaded from: input_file:MarinaMaster.jar:si/irm/mm/ejb/user/MfaUtilsEJB.class */
public class MfaUtilsEJB implements MfaUtilsEJBLocal {
    private static final String GA_KEY_FILENAME = "ga_key.bin";
    private static final String ENC_KEY_ALGHORITM = "AES";
    private static final int DEFAULT_ENC_KEY_KEYSIZE = 256;
    private static final String QR_IMAGE_TYPE = "png";
    private static final int QR_HEIGHT = 200;
    private static final int QR_WIDTH = 200;

    @PersistenceContext
    private EntityManager em;

    @EJB
    private SettingsEJBLocal settingsEJB;

    @Override // si.irm.mm.ejb.user.MfaUtilsEJBLocal
    public String generateAndEncryptGoogleAuthenticatorKey(MarinaProxy marinaProxy) throws Exception {
        return encryptString(generateGoogleAuthenticatorSecretKey(), loadSecretKey(marinaProxy));
    }

    @Override // si.irm.mm.ejb.user.MfaUtilsEJBLocal
    public String decryptEncryptedGoogleAuthenticatorKey(MarinaProxy marinaProxy, String str) throws Exception {
        return decryptString(str, loadSecretKey(marinaProxy));
    }

    @Override // si.irm.mm.ejb.user.MfaUtilsEJBLocal
    public byte[] generateQRCodeForEncryptedGoogleAuthenticatorKey(MarinaProxy marinaProxy, String str, String str2) throws Exception {
        return generateQRCode(decryptEncryptedGoogleAuthenticatorKey(marinaProxy, str), str2, "MarinaMasterWeb");
    }

    @Override // si.irm.mm.ejb.user.MfaUtilsEJBLocal
    public boolean isGgoogleAuthenticatorCodeValid(MarinaProxy marinaProxy, String str, String str2) throws Exception {
        String tOTPCode = getTOTPCode(decryptEncryptedGoogleAuthenticatorKey(marinaProxy, str));
        return tOTPCode != null && tOTPCode.equals(str2);
    }

    @Override // si.irm.mm.ejb.user.MfaUtilsEJBLocal
    public void resetMfaKeyForUser(MarinaProxy marinaProxy, String str) throws Exception {
        Nuser nuser = (Nuser) this.em.find(Nuser.class, str);
        if (nuser == null) {
            throw new CheckException(String.valueOf(marinaProxy.getTranslation(TransKey.USER_NOT_FOUND)) + ": " + str);
        }
        nuser.setMfaKey(null);
        this.em.persist(nuser);
    }

    private SecretKey loadSecretKey(MarinaProxy marinaProxy) throws Exception {
        String marinaMarinaStringSetting = this.settingsEJB.getMarinaMarinaStringSetting(SNastavitveNaziv.MFA_KEY_FILE);
        boolean z = false;
        if (marinaMarinaStringSetting == null || "".equals(marinaMarinaStringSetting.trim())) {
            marinaMarinaStringSetting = String.valueOf(System.getProperty("jboss.server.config.dir")) + "/" + GA_KEY_FILENAME;
            z = true;
        }
        if (Files.exists(Paths.get(marinaMarinaStringSetting, new String[0]), new LinkOption[0])) {
            return loadKeyFromFile(marinaMarinaStringSetting);
        }
        if (!z || getUserMfaKeyCount().compareTo((Long) 0L) > 0) {
            throw new CheckException(marinaProxy.getTranslation(TransKey.ERROR_MFA_KEY_FILE_NOT_FOUND, marinaMarinaStringSetting));
        }
        generateNewKey(marinaMarinaStringSetting);
        return loadKeyFromFile(marinaMarinaStringSetting);
    }

    private void generateNewKey(String str) throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        Integer marinaMarinaIntegerSetting = this.settingsEJB.getMarinaMarinaIntegerSetting(SNastavitveNaziv.MFA_KEY_SIZE);
        keyGenerator.init(Integer.valueOf((marinaMarinaIntegerSetting == null || marinaMarinaIntegerSetting.intValue() <= 0) ? 256 : marinaMarinaIntegerSetting.intValue()).intValue());
        SecretKey generateKey = keyGenerator.generateKey();
        Throwable th = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            try {
                fileOutputStream.write(generateKey.getEncoded());
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (Throwable th2) {
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private Long getUserMfaKeyCount() {
        return (Long) QueryUtils.getSingleResultOrNull(this.em.createNamedQuery(Nuser.QUERY_NAME_COUNT_NON_EMPTY_MFA_KEY, Long.class));
    }

    private byte[] generateQRCode(String str, String str2, String str3) throws Exception {
        return createQRCode(getGoogleAuthenticatorBarCode(str, str2, str3), 200, 200);
    }

    private byte[] createQRCode(String str, int i, int i2) throws WriterException, IOException {
        BitMatrix encode = new MultiFormatWriter().encode(str, BarcodeFormat.QR_CODE, i2, i);
        Throwable th = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                MatrixToImageWriter.writeToStream(encode, "png", byteArrayOutputStream);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                return byteArray;
            } catch (Throwable th2) {
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private String generateGoogleAuthenticatorSecretKey() {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        return new Base32().encodeToString(bArr);
    }

    private String getGoogleAuthenticatorBarCode(String str, String str2, String str3) {
        String trim;
        if (str2 != null) {
            try {
                trim = str2.trim();
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException(e);
            }
        } else {
            trim = "";
        }
        return "otpauth://totp/" + URLEncoder.encode(String.valueOf(str3) + ":" + trim, "UTF-8").replace("+", "%20") + "?secret=" + URLEncoder.encode(str, "UTF-8").replace("+", "%20") + "&issuer=" + URLEncoder.encode(str3, "UTF-8").replace("+", "%20");
    }

    private String getTOTPCode(String str) {
        return TOTP.getOTP(Hex.encodeHexString(new Base32().decode(str)));
    }

    private SecretKey loadKeyFromFile(String str) throws Exception {
        Throwable th = null;
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                byte[] bArr = new byte[fileInputStream.available()];
                fileInputStream.read(bArr);
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                return secretKeySpec;
            } catch (Throwable th2) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private String decryptString(String str, SecretKey secretKey) throws Exception {
        byte[] decode = Base64.getDecoder().decode(str);
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(2, secretKey);
        return new String(cipher.doFinal(decode));
    }

    private String encryptString(String str, SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(1, secretKey);
        return Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes()));
    }
}
