package net.shibboleth.idp.plugin.authn.totp.impl;

import com.google.common.net.UrlEscapers;
import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorConfig;
import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
import com.warrenstrange.googleauth.KeyRepresentation;
import java.security.GeneralSecurityException;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.authn.totp.impl.TOTPAuthenticator;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.annotation.constraint.ThreadSafeAfterInit;
import net.shibboleth.shared.codec.Base32Support;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.DecodingException;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.StringSupport;

@ThreadSafeAfterInit
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/totp/impl/GoogleTOTPAuthenticator.class */
public class GoogleTOTPAuthenticator extends AbstractInitializableComponent implements TOTPAuthenticator {

    @NonnullAfterInit
    private GoogleAuthenticatorConfig authconfig;

    @NonnullAfterInit
    private GoogleAuthenticator authenticator;

    /* renamed from: net.shibboleth.idp.plugin.authn.totp.impl.GoogleTOTPAuthenticator$2, reason: invalid class name */
    /* loaded from: input_file:net/shibboleth/idp/plugin/authn/totp/impl/GoogleTOTPAuthenticator$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$warrenstrange$googleauth$KeyRepresentation = new int[KeyRepresentation.values().length];

        static {
            try {
                $SwitchMap$com$warrenstrange$googleauth$KeyRepresentation[KeyRepresentation.BASE32.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$warrenstrange$googleauth$KeyRepresentation[KeyRepresentation.BASE64.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void setGoogleAuthenticatorConfig(@Nonnull GoogleAuthenticatorConfig googleAuthenticatorConfig) {
        checkSetterPreconditions();
        this.authconfig = (GoogleAuthenticatorConfig) Constraint.isNotNull(googleAuthenticatorConfig, "GoogleAuthenticator cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.authconfig == null) {
            this.authconfig = new GoogleAuthenticatorConfig();
        }
        this.authenticator = new GoogleAuthenticator(this.authconfig);
    }

    @Override // net.shibboleth.idp.plugin.authn.totp.impl.TOTPAuthenticator
    @Nonnull
    public TOTPAuthenticator.TOTPCredential createCredential(@NotEmpty @Nullable final String str, @NotEmpty @Nullable String str2) throws GeneralSecurityException {
        byte[] decode;
        String encode;
        final GoogleAuthenticatorKey createCredentials = this.authenticator.createCredentials();
        final String trimOrNull = StringSupport.trimOrNull(str);
        final String trimOrNull2 = StringSupport.trimOrNull(str2);
        try {
            switch (AnonymousClass2.$SwitchMap$com$warrenstrange$googleauth$KeyRepresentation[this.authconfig.getKeyRepresentation().ordinal()]) {
                case 1:
                    decode = Base32Support.decode(createCredentials.getKey());
                    encode = createCredentials.getKey();
                    break;
                case 2:
                    decode = Base64Support.decode(createCredentials.getKey());
                    encode = Base32Support.encode(decode, false);
                    break;
                default:
                    throw new DecodingException("Unknown key representation type");
            }
            final byte[] bArr = decode;
            final String str3 = encode;
            return new TOTPAuthenticator.TOTPCredential() { // from class: net.shibboleth.idp.plugin.authn.totp.impl.GoogleTOTPAuthenticator.1
                @Override // net.shibboleth.idp.plugin.authn.totp.impl.TOTPAuthenticator.TOTPCredential
                @Nonnull
                public byte[] getKey() {
                    return bArr;
                }

                @Override // net.shibboleth.idp.plugin.authn.totp.impl.TOTPAuthenticator.TOTPCredential
                @Nonnull
                public String getTOTPURL() {
                    String str4 = trimOrNull2 != null ? trimOrNull != null ? trimOrNull + ":" + trimOrNull2 : trimOrNull2 : null;
                    StringBuilder sb = new StringBuilder();
                    sb.append("otpauth://totp/").append(UrlEscapers.urlPathSegmentEscaper().escape(str4)).append("?secret=").append(UrlEscapers.urlFormParameterEscaper().escape(str3));
                    if (trimOrNull != null) {
                        sb.append("&issuer=").append(UrlEscapers.urlFormParameterEscaper().escape(str));
                    }
                    return sb.toString();
                }

                @Override // net.shibboleth.idp.plugin.authn.totp.impl.TOTPAuthenticator.TOTPCredential
                @Nonnull
                public Collection<Integer> getScratchCodes() {
                    return createCredentials.getScratchCodes();
                }
            };
        } catch (EncodingException | DecodingException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }

    @Override // net.shibboleth.idp.plugin.authn.totp.impl.TOTPAuthenticator
    public boolean validate(@Nonnull @NotEmpty byte[] bArr, int i) {
        String encode;
        try {
            switch (AnonymousClass2.$SwitchMap$com$warrenstrange$googleauth$KeyRepresentation[this.authconfig.getKeyRepresentation().ordinal()]) {
                case 1:
                    encode = Base32Support.encode(bArr, false);
                    break;
                case 2:
                    encode = Base64Support.encode(bArr, false);
                    break;
                default:
                    throw new EncodingException("Unknown key representation type");
            }
            return this.authenticator.authorize(encode, i);
        } catch (EncodingException e) {
            return false;
        }
    }
}
