package org.openvpms.web.security.login;

import java.net.URLEncoder;
import org.jboss.aerogear.security.otp.Totp;
import org.jboss.aerogear.security.otp.api.Base32;
import org.openvpms.archetype.rules.practice.PracticeService;
import org.openvpms.component.model.party.Party;
import org.openvpms.component.model.user.User;
import org.openvpms.component.security.crypto.PasswordEncryptor;
import org.openvpms.component.service.archetype.ArchetypeService;
import org.openvpms.web.security.login.SecurityCodeService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openvpms/web/security/login/MfaService.class */
public class MfaService extends SecurityCodeService {
    private final MfaMailer mailer;
    private final PasswordEncryptor encryptor;
    private static final String APP_NAME = "OpenVPMS";
    private static final Logger log = LoggerFactory.getLogger(MfaService.class);
    private static final String TOTP_SECRET = "totpSecret";

    public MfaService(ArchetypeService archetypeService, PracticeService practiceService, MfaMailer mfaMailer, PasswordEncryptor passwordEncryptor) {
        super(archetypeService, practiceService);
        this.mailer = mfaMailer;
        this.encryptor = passwordEncryptor;
    }

    @Override // org.openvpms.web.security.login.SecurityCodeService
    public String sendCode(User user, String str) {
        return super.sendCode(user, str);
    }

    public String generateTOTPCode(User user) {
        return generateCode(user, SecurityCodeService.Factor.TOTP).getId();
    }

    public SecurityCodeService.Status verifyCode(String str, String str2, SecurityCodeService.Factor factor, User user) {
        SecurityCode code = getCode(str);
        return (code == null || factor == null) ? SecurityCodeService.Status.EXPIRED : code.getFactor() == SecurityCodeService.Factor.TOTP ? verifyTOTP(str2, user, code) : verifyCode(str, str2, factor, code);
    }

    public boolean hasTOTP(User user) {
        return getArchetypeService().getBean(user).getString(TOTP_SECRET) != null;
    }

    public void configureTOTP(User user) {
        getArchetypeService().getBean(user).setValue(TOTP_SECRET, this.encryptor.encrypt(Base32.random()));
        save(user);
    }

    public void removeTOTP(User user) {
        if (hasTOTP(user)) {
            getArchetypeService().getBean(user).setValue(TOTP_SECRET, (Object) null);
            save(user);
        }
    }

    public String getQRCodeURL(User user) {
        String str = null;
        String tOTPSecret = getTOTPSecret(user);
        if (tOTPSecret != null) {
            String name = user.getName();
            if (name == null) {
                name = user.getUsername();
            }
            Party practice = getPracticeService().getPractice();
            String replaceAll = (practice != null ? practice.getName() : APP_NAME).replaceAll("[:&]", " ");
            try {
                String format = String.format("otpauth://totp/%s:%s?secret=%s&issuer=%s", replaceAll, name, tOTPSecret, replaceAll);
                str = format;
                URLEncoder.encode(format, "utf8");
            } catch (Exception e) {
                log.error("Failed to encode QRCode url for user {}: {}", new Object[]{user.getUsername(), e.getMessage(), e});
            }
        }
        return str;
    }

    @Override // org.openvpms.web.security.login.SecurityCodeService
    protected boolean sendCode(User user, String str, String str2, String str3) {
        boolean z = false;
        try {
            this.mailer.sendCode(str2, str3, str);
            z = true;
        } catch (Exception e) {
            log.error("Failed to send code to user={}, email={}: {}", new Object[]{user.getUsername(), str3, e.getMessage(), e});
        }
        return z;
    }

    private SecurityCodeService.Status verifyTOTP(String str, User user, SecurityCode securityCode) {
        String tOTPSecret = getTOTPSecret(user);
        return tOTPSecret != null ? !new Totp(tOTPSecret).verify(str) ? codeMismatch(securityCode) : SecurityCodeService.Status.SUCCESS : SecurityCodeService.Status.ERROR;
    }

    private String getTOTPSecret(User user) {
        String str = null;
        try {
            String string = getArchetypeService().getBean(user).getString(TOTP_SECRET);
            str = string != null ? this.encryptor.decrypt(string) : null;
        } catch (Exception e) {
            log.error("Failed to decrypt TOTP secret for user {}: {}", new Object[]{user.getUsername(), e.getMessage(), e});
        }
        return str;
    }
}
