package at.damudo.flowy.admin.features.auth.services;

import at.damudo.flowy.admin.features.auth.models.QRResponse;
import at.damudo.flowy.core.components.AesEncryptor;
import at.damudo.flowy.core.entities.UserEntity;
import at.damudo.flowy.core.exceptions.HttpBadRequestException;
import at.damudo.flowy.core.exceptions.HttpNotFoundException;
import at.damudo.flowy.core.globalsettings.components.FrontendGlobalSettingManager;
import at.damudo.flowy.core.repositories.UserRepository;
import com.google.zxing.BarcodeFormat;
import com.google.zxing.MultiFormatWriter;
import com.google.zxing.WriterException;
import com.google.zxing.client.j2se.MatrixToImageWriter;
import com.google.zxing.common.BitMatrix;
import de.taimos.totp.TOTP;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Base64;
import lombok.Generated;
import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.binary.Hex;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:BOOT-INF/classes/at/damudo/flowy/admin/features/auth/services/TwoFactorAuthService.class */
public class TwoFactorAuthService {
    private static final String USER_NOT_FOUND_MESSAGE = "User was not found";
    private final AesEncryptor aesEncryptor;
    private final UserRepository userRepository;
    private final FrontendGlobalSettingManager frontendGlobalSettingManager;

    @Transactional
    public QRResponse getQRCode(long j) {
        UserEntity userEntity = (UserEntity) this.userRepository.findById(Long.valueOf(j)).orElseThrow(() -> {
            return new HttpNotFoundException(USER_NOT_FOUND_MESSAGE);
        });
        if (userEntity.isTwoFactorAuthEnabled()) {
            throw new HttpBadRequestException("Two factor auth is already enabled");
        }
        String generateSecretKey = generateSecretKey();
        userEntity.setTwoFactorAuthSecretKey(this.aesEncryptor.encrypt(generateSecretKey));
        return new QRResponse(createQrCode(generateSecretKey, userEntity.getEmail()));
    }

    @Transactional
    public void enable(long j, String str) {
        UserEntity userEntity = (UserEntity) this.userRepository.findById(Long.valueOf(j)).orElseThrow(() -> {
            return new HttpNotFoundException(USER_NOT_FOUND_MESSAGE);
        });
        if (userEntity.isTwoFactorAuthEnabled()) {
            throw new HttpBadRequestException("Two factor auth is already enabled");
        }
        if (userEntity.getTwoFactorAuthSecretKey() == null) {
            throw new HttpBadRequestException("You must generate QR code");
        }
        if (!isEquals(str, userEntity.getTwoFactorAuthSecretKey())) {
            throw new HttpBadRequestException("Bad OTP code");
        }
        userEntity.setTwoFactorAuthEnabled(true);
    }

    @Transactional
    public void disable(long j) {
        UserEntity userEntity = (UserEntity) this.userRepository.findById(Long.valueOf(j)).orElseThrow(() -> {
            return new HttpNotFoundException(USER_NOT_FOUND_MESSAGE);
        });
        userEntity.setTwoFactorAuthEnabled(false);
        userEntity.setTwoFactorAuthSecretKey(null);
    }

    public boolean isEquals(String str, String str2) {
        return str.equals(TOTP.getOTP(Hex.encodeHexString(new Base32().decode(this.aesEncryptor.decrypt(str2)))));
    }

    private String generateSecretKey() {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        return new Base32().encodeToString(bArr);
    }

    private String createQrCode(String str, String str2) throws WriterException, IOException {
        String str3 = "Flowy" + this.frontendGlobalSettingManager.getValues().getEnvironmentName();
        BitMatrix encode = new MultiFormatWriter().encode(String.format("otpauth://totp/%s?secret=%s&issuer=%s", URLEncoder.encode(str3 + ":" + str2, StandardCharsets.UTF_8).replace("+", "%20"), URLEncoder.encode(str, StandardCharsets.UTF_8).replace("+", "%20"), URLEncoder.encode(str3, StandardCharsets.UTF_8).replace("+", "%20")), BarcodeFormat.QR_CODE, 400, 400);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        MatrixToImageWriter.writeToStream(encode, "png", byteArrayOutputStream);
        return Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray());
    }

    @Generated
    public TwoFactorAuthService(AesEncryptor aesEncryptor, UserRepository userRepository, FrontendGlobalSettingManager frontendGlobalSettingManager) {
        this.aesEncryptor = aesEncryptor;
        this.userRepository = userRepository;
        this.frontendGlobalSettingManager = frontendGlobalSettingManager;
    }
}
