package com.appiancorp.security.auth.mfa;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.security.auth.mfa.exceptions.MfaVerificationCodeException;
import com.appiancorp.security.auth.mfa.metrics.MfaPerfomanceMetricsLogger;
import com.appiancorp.suiteapi.security.auth.UserDetailsAndSecurityContext;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:com/appiancorp/security/auth/mfa/MfaVerificationCodeManagerImpl.class */
public class MfaVerificationCodeManagerImpl implements MfaVerificationCodeManager {
    private static final int VERIFICATION_CODE_LENGTH = 6;
    public static final int VERIFICATION_CODE_EXPIRATION_IN_SECONDS = 300;
    public static final int BASE_10 = 10;
    private static final Logger LOG = LoggerFactory.getLogger(MfaVerificationCodeManagerImpl.class);
    private final SecureRandom secureRandom = new SecureRandom();
    private final MfaVerificationCodePersistence mfaVerificationCodePersistence;
    private final MfaVerificationCodeHasher mfaVerificationCodeHasher;
    private final VerificationCodeSender verificationCodeSender;

    public MfaVerificationCodeManagerImpl(MfaVerificationCodePersistence mfaVerificationCodePersistence, MfaVerificationCodeHasher mfaVerificationCodeHasher, VerificationCodeSender verificationCodeSender) {
        this.mfaVerificationCodePersistence = mfaVerificationCodePersistence;
        this.mfaVerificationCodeHasher = mfaVerificationCodeHasher;
        this.verificationCodeSender = verificationCodeSender;
    }

    public void generateAndPersistVerificationCode(UserDetailsAndSecurityContext userDetailsAndSecurityContext) throws MfaVerificationCodeException {
        long currentTimeMillis = System.currentTimeMillis();
        String newVerificationCode = getNewVerificationCode();
        MfaVerificationCodeObject mfaVerificationCodeObject = new MfaVerificationCodeObject(getHashedVerificationCode(newVerificationCode), System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(300L));
        this.mfaVerificationCodePersistence.persistVerificationCode(userDetailsAndSecurityContext, mfaVerificationCodeObject);
        String send = this.verificationCodeSender.send(userDetailsAndSecurityContext, newVerificationCode);
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        getSession(httpServletRequest).setAttribute("verification_code_sent", Boolean.TRUE);
        MfaVerificationCodeAuditLog.logEvent(userDetailsAndSecurityContext.getUsername(), send, httpServletRequest.getRemoteAddr(), MfaMethod.EMAIL, MfaAuditEvent.CODE_SENT, mfaVerificationCodeObject.getCodeID());
        MfaPerfomanceMetricsLogger.logVerificationCodeGenerationAndPersistTime(System.currentTimeMillis() - currentTimeMillis);
    }

    public boolean isVerificationCodeValid(UserDetailsAndSecurityContext userDetailsAndSecurityContext, String str) throws MfaVerificationCodeException {
        MfaVerificationCodeObject retrieveVerificationCode = this.mfaVerificationCodePersistence.retrieveVerificationCode(userDetailsAndSecurityContext);
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (System.currentTimeMillis() > retrieveVerificationCode.getVerificationCodeExpirationTs()) {
            LOG.warn("Expired Verification Code for MFA CodeId: {}", retrieveVerificationCode.getCodeID());
            this.mfaVerificationCodePersistence.invalidateVerificationCode(userDetailsAndSecurityContext);
            MfaVerificationCodeAuditLog.logEvent(userDetailsAndSecurityContext.getUsername(), "", httpServletRequest.getRemoteAddr(), MfaMethod.EMAIL, MfaAuditEvent.CODE_VERIFICATION_FAILED_EXPIRED_CODE, retrieveVerificationCode.getCodeID());
            ProductMetricsAggregatedDataCollector.recordData(MfaMetricsConstants.MFA_EMAIL_VERIFICATION_FAILURE);
            return false;
        }
        if (MessageDigest.isEqual(retrieveVerificationCode.getHashedVerificationCode(), this.mfaVerificationCodeHasher.getHashedVerificationCode(str))) {
            this.mfaVerificationCodePersistence.invalidateVerificationCode(userDetailsAndSecurityContext);
            MfaVerificationCodeAuditLog.logEvent(userDetailsAndSecurityContext.getUsername(), "", httpServletRequest.getRemoteAddr(), MfaMethod.EMAIL, MfaAuditEvent.CODE_VERIFICATION_SUCCESS, retrieveVerificationCode.getCodeID());
            ProductMetricsAggregatedDataCollector.recordData(MfaMetricsConstants.MFA_EMAIL_VERIFICATION_SUCCESS);
            return true;
        }
        LOG.warn("Invalid Verification Code for MFA CodeID: {}", retrieveVerificationCode.getCodeID());
        MfaVerificationCodeAuditLog.logEvent(userDetailsAndSecurityContext.getUsername(), "", httpServletRequest.getRemoteAddr(), MfaMethod.EMAIL, MfaAuditEvent.CODE_VERIFICATION_FAILED, retrieveVerificationCode.getCodeID());
        ProductMetricsAggregatedDataCollector.recordData(MfaMetricsConstants.MFA_EMAIL_VERIFICATION_FAILURE);
        return false;
    }

    private String getNewVerificationCode() {
        return String.format("%06d", Integer.valueOf(this.secureRandom.nextInt(((int) Math.pow(10.0d, 6.0d)) - 1)));
    }

    private byte[] getHashedVerificationCode(String str) {
        return this.mfaVerificationCodeHasher.getHashedVerificationCode(str);
    }

    private HttpSession getSession(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession();
    }

    private HttpServletRequest getHttpServletRequest() throws MfaVerificationCodeException {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes != null) {
            return requestAttributes.getRequest();
        }
        LOG.error("Could not obtain RequestAttributes from context holder");
        throw new MfaVerificationCodeException("Could not obtain RequestAttributes from context holder");
    }
}
