package org.molgenis.security.twofactor.auth;

import java.util.Objects;
import org.molgenis.security.twofactor.service.OtpService;
import org.molgenis.security.twofactor.service.RecoveryService;
import org.molgenis.security.twofactor.service.TwoFactorAuthenticationService;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:org/molgenis/security/twofactor/auth/TwoFactorAuthenticationProviderImpl.class */
public class TwoFactorAuthenticationProviderImpl implements TwoFactorAuthenticationProvider {
    private final TwoFactorAuthenticationService twoFactorAuthenticationService;
    private final OtpService otpService;
    private final RecoveryService recoveryService;

    public TwoFactorAuthenticationProviderImpl(TwoFactorAuthenticationService twoFactorAuthenticationService, OtpService otpService, RecoveryService recoveryService) {
        this.twoFactorAuthenticationService = (TwoFactorAuthenticationService) Objects.requireNonNull(twoFactorAuthenticationService);
        this.otpService = (OtpService) Objects.requireNonNull(otpService);
        this.recoveryService = (RecoveryService) Objects.requireNonNull(recoveryService);
    }

    public Authentication authenticate(Authentication authentication) {
        if (!supports(authentication.getClass())) {
            throw new IllegalArgumentException("Only TwoFactorAuthenticationToken is supported");
        }
        TwoFactorAuthenticationToken twoFactorAuthenticationToken = (TwoFactorAuthenticationToken) authentication;
        if (this.twoFactorAuthenticationService.isConfiguredForUser()) {
            if (twoFactorAuthenticationToken.getVerificationCode() == null) {
                throw new BadCredentialsException("Invalid verification code entered");
            }
            if (this.twoFactorAuthenticationService.isVerificationCodeValidForUser(twoFactorAuthenticationToken.getVerificationCode())) {
                UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
                twoFactorAuthenticationToken = new TwoFactorAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities(), twoFactorAuthenticationToken.getVerificationCode(), null);
            }
        } else {
            if (twoFactorAuthenticationToken.getSecretKey() == null) {
                throw new BadCredentialsException("Invalid secret generated");
            }
            if (this.otpService.tryVerificationCode(twoFactorAuthenticationToken.getVerificationCode(), twoFactorAuthenticationToken.getSecretKey())) {
                activateTwoFactorAuthentication(twoFactorAuthenticationToken);
                UserDetails userDetails2 = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
                twoFactorAuthenticationToken = new TwoFactorAuthenticationToken(userDetails2, userDetails2.getPassword(), userDetails2.getAuthorities(), twoFactorAuthenticationToken.getVerificationCode(), twoFactorAuthenticationToken.getSecretKey());
            }
        }
        return twoFactorAuthenticationToken;
    }

    private void activateTwoFactorAuthentication(TwoFactorAuthenticationToken twoFactorAuthenticationToken) {
        this.twoFactorAuthenticationService.enableForUser();
        this.twoFactorAuthenticationService.saveSecretForUser(twoFactorAuthenticationToken.getSecretKey());
        this.recoveryService.generateRecoveryCodes();
    }

    public boolean supports(Class<?> cls) {
        return TwoFactorAuthenticationToken.class.isAssignableFrom(cls);
    }
}
