package org.thingsboard.server.service.security.auth.mfa.provider.impl;

import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.User;
import org.thingsboard.server.common.data.security.model.mfa.account.BackupCodeTwoFaAccountConfig;
import org.thingsboard.server.common.data.security.model.mfa.provider.BackupCodeTwoFaProviderConfig;
import org.thingsboard.server.common.data.security.model.mfa.provider.TwoFaProviderType;
import org.thingsboard.server.common.data.util.CollectionsUtil;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.security.auth.mfa.config.TwoFaConfigManager;
import org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider;
import org.thingsboard.server.service.security.model.SecurityUser;

@TbCoreComponent
@Service
/* loaded from: input_file:org/thingsboard/server/service/security/auth/mfa/provider/impl/BackupCodeTwoFaProvider.class */
public class BackupCodeTwoFaProvider implements TwoFaProvider<BackupCodeTwoFaProviderConfig, BackupCodeTwoFaAccountConfig> {

    @Autowired
    @Lazy
    private TwoFaConfigManager twoFaConfigManager;

    @Override // org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider
    public BackupCodeTwoFaAccountConfig generateNewAccountConfig(User user, BackupCodeTwoFaProviderConfig backupCodeTwoFaProviderConfig) {
        BackupCodeTwoFaAccountConfig backupCodeTwoFaAccountConfig = new BackupCodeTwoFaAccountConfig();
        backupCodeTwoFaAccountConfig.setCodes(generateCodes(backupCodeTwoFaProviderConfig.getCodesQuantity(), 8));
        backupCodeTwoFaAccountConfig.setSerializeHiddenFields(true);
        return backupCodeTwoFaAccountConfig;
    }

    private static Set<String> generateCodes(int i, int i2) {
        return (Set) Stream.generate(() -> {
            return StringUtils.random(i2, "0123456789abcdef");
        }).distinct().limit(i).collect(Collectors.toSet());
    }

    @Override // org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider
    public boolean checkVerificationCode(SecurityUser securityUser, String str, BackupCodeTwoFaProviderConfig backupCodeTwoFaProviderConfig, BackupCodeTwoFaAccountConfig backupCodeTwoFaAccountConfig) {
        if (!CollectionsUtil.contains(backupCodeTwoFaAccountConfig.getCodes(), str)) {
            return false;
        }
        backupCodeTwoFaAccountConfig.getCodes().remove(str);
        this.twoFaConfigManager.saveTwoFaAccountConfig(securityUser.getTenantId(), securityUser.getId(), backupCodeTwoFaAccountConfig);
        return true;
    }

    @Override // org.thingsboard.server.service.security.auth.mfa.provider.TwoFaProvider
    public TwoFaProviderType getType() {
        return TwoFaProviderType.BACKUP_CODE;
    }
}
