<?php

namespace BradyMcD\TAATP\RFC;
use Psr\Clock\ClockInterface;

class _6238
{
    public function __construct(
        private string $key,
        private int $window,
        private int $floor,
        private int $grace,
        private int $digits,
        private ClockInterface $clock,
        private \BradyMcD\TAATP\HashInterface $hash,
    )
    {}

    public function validate(string $q): bool|int
    {
        $windowNum = $this->clock->now()->getTimestamp()/$this->window;
        $hotp = new _4226(
            $this->key,
            $windowNum,
            $this->grace,
            $this->digits,
            $this->hash,
            -1
        );

        $valid = $hotp->validate($q) * $this->window;
        if ($valid != false && $valid <= $this->floor)
        {
            $valid = false;
            // TODO: OTP reuse, should be reported rather than silent failing in harder security contexts
        }

        return $valid;
    }
}

?>