package org.akaza.openclinica.service.otp;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import dev.samstevens.totp.code.CodeVerifier;
import dev.samstevens.totp.code.DefaultCodeGenerator;
import dev.samstevens.totp.code.DefaultCodeVerifier;
import dev.samstevens.totp.code.HashingAlgorithm;
import dev.samstevens.totp.exceptions.QrGenerationException;
import dev.samstevens.totp.qr.QrData;
import dev.samstevens.totp.qr.ZxingPngQrGenerator;
import dev.samstevens.totp.secret.DefaultSecretGenerator;
import dev.samstevens.totp.time.SystemTimeProvider;
import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.time.LocalDate;
import java.time.format.DateTimeParseException;
import java.util.Base64;
import org.akaza.openclinica.dao.core.CoreResources;
import org.akaza.openclinica.domain.admin.TwoFactorType;
import org.apache.batik.svggen.SVGSyntax;
import org.apache.commons.lang.StringUtils;
import org.apache.pdfbox.pdmodel.font.PDType1Font;
import org.springframework.stereotype.Component;
import rst.pdfbox.layout.elements.Document;
import rst.pdfbox.layout.elements.ImageElement;
import rst.pdfbox.layout.elements.Paragraph;
import rst.pdfbox.layout.elements.PositionControl;

@Component("factorService")
/* loaded from: input_file:WEB-INF/lib/LibreClinica-core-1.2.1.jar:org/akaza/openclinica/service/otp/TwoFactorService.class */
public class TwoFactorService {
    private static final String FAR_FUTURE_ACTIVATION_DUE_DATE_AS_FALLBACK = "2050-01-01";
    private static final String FALSE_STRING = "false";
    private static final String SYS_URL = "sysURL";

    @VisibleForTesting
    static final String TWO_FACTOR_ACTIVATED_VERIFICATION_TYPE = "2fa.type";

    @VisibleForTesting
    static final String TWO_FACTOR_ACTIVATION_DUE_DATE = "2fa.dueDate";

    @VisibleForTesting
    static final String TWO_FACTOR_ACTIVATED_SETTING = "2fa.activated";
    private final CodeVerifier verifier = new DefaultCodeVerifier(new DefaultCodeGenerator(), new SystemTimeProvider());

    @VisibleForTesting
    CoreResources coreResources;

    public void setCoreResources(CoreResources coreResources) {
        this.coreResources = coreResources;
    }

    public boolean getTwoFactorActivated() {
        return Boolean.valueOf(this.coreResources.getDATAINFO().getProperty(TWO_FACTOR_ACTIVATED_SETTING, "false")).booleanValue();
    }

    public boolean getTwoFactorActivatedApplication() {
        return getTwoFactorActivated() && isTwoFactorApplication();
    }

    public boolean getTwoFactorActivatedLetter() {
        return getTwoFactorActivated() && isTwoFactorLetter();
    }

    public boolean isTwoFactorActivatedLetterAndOutDated() {
        return getTwoFactorActivatedLetter() && isTwoFactorOutdated();
    }

    public boolean isTwoFactorApplication() {
        return TwoFactorType.APPLICATION.equals(Enum.valueOf(TwoFactorType.class, extractedVerificationTypeSetting()));
    }

    public boolean isTwoFactorLetter() {
        return !isTwoFactorApplication();
    }

    public boolean isTwoFactorOutdated() {
        if (!isTwoFactorLetter()) {
            return false;
        }
        try {
            return LocalDate.parse(extractedDueDateSetting()).isBefore(LocalDate.now());
        } catch (NullPointerException | DateTimeParseException e) {
            return false;
        }
    }

    public boolean verify(String str, String str2) {
        return this.verifier.isValidCode(str, StringUtils.defaultIfEmpty(str2, ""));
    }

    public TowFactorBean generate() throws Exception {
        return generate(new DefaultSecretGenerator(64).generate());
    }

    public TowFactorBean generate(String str) throws Exception {
        try {
            byte[] generateImageData = generateImageData(str);
            TowFactorBean towFactorBean = new TowFactorBean();
            towFactorBean.setAuthSecret(str);
            towFactorBean.setImageUrl(SVGSyntax.DATA_PROTOCOL_PNG_PREFIX + Base64.getEncoder().encodeToString(generateImageData));
            return towFactorBean;
        } catch (QrGenerationException e) {
            throw new Exception(e);
        }
    }

    public void printoutCertificate(CertificateBean certificateBean, OutputStream outputStream) throws Exception {
        Paragraph paragraph = new Paragraph();
        paragraph.setMaxWidth(500.0f);
        paragraph.addText("LibreClinica\n", 28.0f, PDType1Font.COURIER);
        paragraph.addText("2-Factor Authentication Certificate\n\n", 24.0f, PDType1Font.COURIER);
        paragraph.addText("General Information\n\n", 16.0f, PDType1Font.COURIER);
        paragraph.addText("Your user account is registered to use two-factor authentication in the future. A random secret has been generated by the system and associated with your user account. The security key is only available in our system and - after a successful scan - in your authenticator app.", 14.0f, PDType1Font.COURIER);
        String join = Joiner.on(" ").join(Splitter.fixedLength(4).split(certificateBean.getSecret()));
        Paragraph paragraph2 = new Paragraph();
        paragraph2.setMaxWidth(500.0f);
        paragraph2.addText("Account Information\n\n", 16.0f, PDType1Font.COURIER);
        paragraph2.addText("User: " + certificateBean.getUsername() + "\n", 14.0f, PDType1Font.COURIER);
        paragraph2.addText("Login: " + certificateBean.getLogin() + "\n", 14.0f, PDType1Font.COURIER);
        paragraph2.addText("E-Mail: " + certificateBean.getEmail() + "\n", 14.0f, PDType1Font.COURIER);
        paragraph2.addText("Secret: " + join + "\n", 14.0f, PDType1Font.COURIER);
        Paragraph paragraph3 = new Paragraph();
        paragraph3.setMaxWidth(500.0f);
        paragraph3.addText("QR-Code\n\n", 16.0f, PDType1Font.COURIER);
        paragraph3.addText("Scan the QR code shown on bottom with your authenticator app. Alternatively you can also enter the secret manually into your authenticator app.", 14.0f, PDType1Font.COURIER);
        paragraph3.addText("If you have any problems, please contact your administrator.", 14.0f, PDType1Font.COURIER);
        ImageElement imageElement = new ImageElement(new ByteArrayInputStream(generateImageData(certificateBean.getSecret())));
        imageElement.setHeight(100.0f);
        imageElement.setWidth(100.0f);
        Document document = new Document();
        document.add(PositionControl.createMovePosition(50.0f, 0.0f));
        document.add(paragraph);
        document.add(PositionControl.createMovePosition(0.0f, -10.0f));
        document.add(paragraph2);
        document.add(PositionControl.createMovePosition(0.0f, -10.0f));
        document.add(paragraph3);
        document.add(PositionControl.createMovePosition(0.0f, -10.0f));
        document.add(imageElement);
        document.save(outputStream);
    }

    @VisibleForTesting
    String extractedDueDateSetting() {
        return this.coreResources.getDATAINFO().getProperty(TWO_FACTOR_ACTIVATION_DUE_DATE, FAR_FUTURE_ACTIVATION_DUE_DATE_AS_FALLBACK);
    }

    @VisibleForTesting
    String extractedVerificationTypeSetting() {
        return this.coreResources.getDATAINFO().getProperty(TWO_FACTOR_ACTIVATED_VERIFICATION_TYPE, TwoFactorType.APPLICATION.name());
    }

    @VisibleForTesting
    String extractSystemInfo(String str) {
        return str.replaceAll("http(|s)://|/MainMenu", "");
    }

    private byte[] generateImageData(String str) throws QrGenerationException {
        return new ZxingPngQrGenerator().generate(new QrData.Builder().issuer("LibreClinica").label(String.format("LibreClinica (%1$s)", extractSystemInfo(this.coreResources.getDATAINFO().getProperty(SYS_URL)))).algorithm(HashingAlgorithm.SHA1).secret(str).digits(6).period(30).build());
    }
}
