package software.netcore.unimus.aaa.impl;

import com.warrenstrange.googleauth.GoogleAuthenticator;
import com.warrenstrange.googleauth.GoogleAuthenticatorKey;
import com.warrenstrange.googleauth.GoogleAuthenticatorQRGenerator;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.util.HashSet;
import java.util.Set;
import lombok.NonNull;
import net.glxn.qrgen.core.image.ImageType;
import net.glxn.qrgen.javase.QRCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import software.netcore.common.domain.error.operation.OperationResult;
import software.netcore.unimus.aaa.impl.account.database.SystemAccountDatabaseService;
import software.netcore.unimus.aaa.impl.component.PasswordMigrator;
import software.netcore.unimus.aaa.spi.UnimusAAAService;
import software.netcore.unimus.aaa.spi.account.data.SystemAccount;
import software.netcore.unimus.common.aaa.spi.AAAService;
import software.netcore.unimus.common.aaa.spi.AccountingException;

@Service
/* loaded from: input_file:BOOT-INF/lib/unimus-application-aaa-impl-3.30.0-STAGE.jar:software/netcore/unimus/aaa/impl/UnimusAAAServiceImpl.class */
public class UnimusAAAServiceImpl implements UnimusAAAService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UnimusAAAServiceImpl.class);
    public static final String MFA_ISSUER = "Unimus";

    @NonNull
    private final AAAService commonAaaService;

    @NonNull
    private final PasswordMigrator passwordMigrator;

    @NonNull
    private final SystemAccountDatabaseService systemAccountDatabaseService;
    private final GoogleAuthenticator authenticator = new GoogleAuthenticator();

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public boolean validatePassword(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("password is marked non-null but is null");
        }
        return this.commonAaaService.validatePassword(str, str2);
    }

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public SystemAccount login(String str, String str2, String str3, String str4) throws AccountingException {
        log.debug("[login] username = '{}', password length = '{}', session ID = '{}', IP address = '{}'", str, str2, str3, str4);
        OperationResult<SystemAccount> findByUsername = this.systemAccountDatabaseService.findByUsername(str);
        if (findByUsername.isFailure()) {
            log.debug("[login] failed to fetch account '{}'", findByUsername.prettyErrorMessage());
        }
        SystemAccount data = findByUsername.getData();
        if (data != null) {
            log.debug("[login] found account = '{}'", data);
            if (this.passwordMigrator.migrate(data, str2).isFailure()) {
                log.warn("Failed to migrate account password, username = '{}', result = '{}'", str, findByUsername.getErrorMessages());
            }
        }
        if (!this.commonAaaService.login(str, str2, str3, str4)) {
            return null;
        }
        OperationResult<SystemAccount> findByUsername2 = this.systemAccountDatabaseService.findByUsername(str);
        if (findByUsername2.isFailure()) {
            log.debug("[login] failed to fetch account '{}'", findByUsername2.prettyErrorMessage());
            return null;
        }
        SystemAccount data2 = findByUsername2.getData();
        if (data2 != null) {
            return data2;
        }
        log.debug("[login] account not found");
        return null;
    }

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public void logout(@NonNull String str, @NonNull String str2, long j, boolean z) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("sessionId is marked non-null but is null");
        }
        this.commonAaaService.logout(str, str2, j, z);
    }

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public boolean validateMFATotpCodeSetup(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("secretKey is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("totpCode is marked non-null but is null");
        }
        return this.authenticator.authorize(str, cleanTotpCode(str2));
    }

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public boolean validateMFATotpCode(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("secretKey is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("totpCode is marked non-null but is null");
        }
        return this.authenticator.authorize(str, cleanTotpCode(str2));
    }

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public Set<String> generateScratchCodes(@NonNull GoogleAuthenticatorKey googleAuthenticatorKey) {
        if (googleAuthenticatorKey == null) {
            throw new NullPointerException("secretKey is marked non-null but is null");
        }
        HashSet hashSet = new HashSet();
        googleAuthenticatorKey.getScratchCodes().forEach(num -> {
            hashSet.add(String.valueOf(num));
        });
        return hashSet;
    }

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public InputStream generateQrCode(@NonNull String str, @NonNull GoogleAuthenticatorKey googleAuthenticatorKey) {
        if (str == null) {
            throw new NullPointerException("username is marked non-null but is null");
        }
        if (googleAuthenticatorKey == null) {
            throw new NullPointerException("secretKey is marked non-null but is null");
        }
        ByteArrayOutputStream stream = QRCode.from(GoogleAuthenticatorQRGenerator.getOtpAuthTotpURL(MFA_ISSUER, str, googleAuthenticatorKey)).to(ImageType.PNG).withCharset("UTF-8").withSize(200, 200).stream();
        return new ByteArrayInputStream(stream.toByteArray(), 0, stream.size());
    }

    @Override // software.netcore.unimus.aaa.spi.UnimusAAAService
    public GoogleAuthenticatorKey generateSecret() {
        return this.authenticator.createCredentials();
    }

    private int cleanTotpCode(String str) {
        return Integer.parseInt(str.replace(" ", ""));
    }

    public UnimusAAAServiceImpl(@NonNull AAAService aAAService, @NonNull PasswordMigrator passwordMigrator, @NonNull SystemAccountDatabaseService systemAccountDatabaseService) {
        if (aAAService == null) {
            throw new NullPointerException("commonAaaService is marked non-null but is null");
        }
        if (passwordMigrator == null) {
            throw new NullPointerException("passwordMigrator is marked non-null but is null");
        }
        if (systemAccountDatabaseService == null) {
            throw new NullPointerException("systemAccountDatabaseService is marked non-null but is null");
        }
        this.commonAaaService = aAAService;
        this.passwordMigrator = passwordMigrator;
        this.systemAccountDatabaseService = systemAccountDatabaseService;
    }
}
