package org.clazzes.login.yubikey;

import java.io.IOException;
import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.util.Arrays;
import java.util.HashMap;
import java.util.concurrent.TimeUnit;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.osgi.services.HttpClientBuilderFactory;
import org.clazzes.util.http.UrlHelper;
import org.clazzes.util.sec.HashTools;
import org.clazzes.util.sec.TokenOtpChecker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/clazzes/login/yubikey/YubiKeyOtpCheckerImpl.class */
public class YubiKeyOtpCheckerImpl implements TokenOtpChecker {
    private static final Logger log = LoggerFactory.getLogger(YubiKeyOtpCheckerImpl.class);
    private int connectTimeout = 60000;
    private int socketTimeout = 30000;
    private String yubikeyVerifyLocation;
    private String yubikeyRequestorId;
    private CloseableHttpClient httpClient;

    public void setConnectTimeout(int i) {
        this.connectTimeout = i;
    }

    public void setSocketTimeout(int i) {
        this.socketTimeout = i;
    }

    private synchronized void setHttpClient(CloseableHttpClient closeableHttpClient) {
        this.httpClient = closeableHttpClient;
    }

    protected void setHttpClientBuilder(HttpClientBuilder httpClientBuilder) {
        httpClientBuilder.setConnectionTimeToLive(30000L, TimeUnit.MILLISECONDS);
        httpClientBuilder.setMaxConnTotal(8);
        RequestConfig.Builder custom = RequestConfig.custom();
        if (this.socketTimeout > 0) {
            custom.setSocketTimeout(this.socketTimeout);
        }
        if (this.connectTimeout > 0) {
            custom.setConnectTimeout(this.connectTimeout);
        }
        httpClientBuilder.setDefaultRequestConfig(custom.build());
        setHttpClient(httpClientBuilder.build());
    }

    public void httpClientBuilderFactoryBound(HttpClientBuilderFactory httpClientBuilderFactory) {
        setHttpClientBuilder(httpClientBuilderFactory.newBuilder());
        log.info("Service [org.apache.http.osgi.services.HttpClientBuilderFactory] became available, YubiKeyOtpCheckerImpl is now fully operational.");
    }

    public synchronized void httpClientBuilderFactoryUnbound(HttpClientBuilderFactory httpClientBuilderFactory) {
        if (this.httpClient != null) {
            log.info("Service [org.apache.http.osgi.services.HttpClientBuilderFactory] disappeared, YubiKeyOtpCheckerImpl will now be shut down.");
            try {
                this.httpClient.close();
            } catch (IOException e) {
                log.warn("Error closing HTTPClient", e);
            }
            this.httpClient = null;
        }
    }

    protected synchronized CloseableHttpClient getHttpClient() {
        if (this.httpClient == null) {
            throw new IllegalStateException("YubiKeyOtpCheckerImpl is not initialized, still waiting for OSGi Service [org.apache.http.osgi.services.HttpClientBuilderFactory].");
        }
        return this.httpClient;
    }

    public boolean checkOTP(String str, String[] strArr) throws IOException {
        if (str == null || str.length() < 12) {
            return false;
        }
        String substring = str.substring(0, 12);
        boolean z = false;
        for (String str2 : strArr) {
            z |= str2.equals(substring);
        }
        if (!z) {
            log.error("Yubikey ID [{}] is not in the list of known YubiKe IDs [{}].", substring, Arrays.toString(strArr));
            return false;
        }
        String randomSalt = HashTools.randomSalt(20, "0123456789abcdef");
        CloseableHttpClient httpClient = getHttpClient();
        String appendQueryParameterToUrl = UrlHelper.appendQueryParameterToUrl(UrlHelper.appendQueryParameterToUrl(UrlHelper.appendQueryParameterToUrl(this.yubikeyVerifyLocation, "otp", str), "id", this.yubikeyRequestorId), "nonce", randomSalt);
        HttpGet httpGet = new HttpGet(appendQueryParameterToUrl);
        if (log.isDebugEnabled()) {
            log.debug("Performing Yubikey check request to [{}]...", appendQueryParameterToUrl);
        }
        CloseableHttpResponse execute = httpClient.execute(httpGet);
        Throwable th = null;
        try {
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode == 200) {
                HashMap hashMap = new HashMap();
                LineNumberReader lineNumberReader = new LineNumberReader(new InputStreamReader(execute.getEntity().getContent(), "UTF-8"));
                Throwable th2 = null;
                while (true) {
                    try {
                        try {
                            String readLine = lineNumberReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            if (!readLine.isEmpty()) {
                                int indexOf = readLine.indexOf(61);
                                if (indexOf < 0) {
                                    hashMap.put(readLine, null);
                                } else {
                                    hashMap.put(readLine.substring(0, indexOf), readLine.substring(indexOf + 1));
                                }
                            }
                        } catch (Throwable th3) {
                            th2 = th3;
                            throw th3;
                        }
                    } catch (Throwable th4) {
                        if (lineNumberReader != null) {
                            if (th2 != null) {
                                try {
                                    lineNumberReader.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                lineNumberReader.close();
                            }
                        }
                        throw th4;
                    }
                }
                if (lineNumberReader != null) {
                    if (0 != 0) {
                        try {
                            lineNumberReader.close();
                        } catch (Throwable th6) {
                            th2.addSuppressed(th6);
                        }
                    } else {
                        lineNumberReader.close();
                    }
                }
                if (log.isDebugEnabled()) {
                    log.debug("Yubikey check request to [{}] returned [{}]", appendQueryParameterToUrl, hashMap);
                }
                if (!"OK".equals(hashMap.get("status"))) {
                    log.error("Yubikey check request to [{}] returned negative status [{}].", appendQueryParameterToUrl, hashMap.get("status"));
                } else if (!str.equals(hashMap.get("otp"))) {
                    log.error("Yubikey check request to [{}] returned non-matching OTP [{}].", appendQueryParameterToUrl, hashMap.get("otp"));
                } else {
                    if (randomSalt.equals(hashMap.get("nonce"))) {
                        log.info("Yubikey check request to [{}] succeeded.", appendQueryParameterToUrl);
                        if (execute != null) {
                            if (0 != 0) {
                                try {
                                    execute.close();
                                } catch (Throwable th7) {
                                    th.addSuppressed(th7);
                                }
                            } else {
                                execute.close();
                            }
                        }
                        return true;
                    }
                    log.error("Yubikey check request to [{}] returned non-matching nonce [{}].", appendQueryParameterToUrl, hashMap.get("nonce"));
                }
            } else {
                log.error("Yubikey check request to [{}] failed with HTTP reponse code [{}].", appendQueryParameterToUrl, Integer.valueOf(statusCode));
            }
            if (execute == null) {
                return false;
            }
            if (0 == 0) {
                execute.close();
                return false;
            }
            try {
                execute.close();
                return false;
            } catch (Throwable th8) {
                th.addSuppressed(th8);
                return false;
            }
        } catch (Throwable th9) {
            if (execute != null) {
                if (0 != 0) {
                    try {
                        execute.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    execute.close();
                }
            }
            throw th9;
        }
    }

    public void setYubikeyVerifyLocation(String str) {
        this.yubikeyVerifyLocation = str;
    }

    public void setYubikeyRequestorId(String str) {
        this.yubikeyRequestorId = str;
    }
}
