package org.gluu.oxauth.fido2.persist;

import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.TimeZone;
import java.util.UUID;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationData;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationEntry;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationStatus;
import org.gluu.oxauth.model.common.User;
import org.gluu.oxauth.model.config.StaticConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.service.UserService;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.model.ProcessBatchOperation;
import org.gluu.persist.model.SearchScope;
import org.gluu.persist.model.base.SimpleBranch;
import org.gluu.search.filter.Filter;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/persist/RegistrationPersistenceService.class */
public class RegistrationPersistenceService {

    @Inject
    private Logger log;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private UserService userService;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    public Optional<Fido2RegistrationEntry> findByPublicKeyId(String str) {
        List findEntries = this.ldapEntryManager.findEntries(getBaseDnForFido2RegistrationEntries(null), Fido2RegistrationEntry.class, Filter.createEqualityFilter("oxPublicKeyId", str));
        return findEntries.size() > 0 ? Optional.of((Fido2RegistrationEntry) findEntries.get(0)) : Optional.empty();
    }

    public List<Fido2RegistrationEntry> findAllByUsername(String str) {
        String userInum = this.userService.getUserInum(str);
        if (userInum == null) {
            return Collections.emptyList();
        }
        String baseDnForFido2RegistrationEntries = getBaseDnForFido2RegistrationEntries(userInum);
        if (this.ldapEntryManager.hasBranchesSupport(baseDnForFido2RegistrationEntries) && !containsBranch(baseDnForFido2RegistrationEntries)) {
            return Collections.emptyList();
        }
        return this.ldapEntryManager.findEntries(baseDnForFido2RegistrationEntries, Fido2RegistrationEntry.class, Filter.createEqualityFilter("personInum", userInum));
    }

    public List<Fido2RegistrationEntry> findAllRegisteredByUsername(String str) {
        String userInum = this.userService.getUserInum(str);
        if (userInum == null) {
            return Collections.emptyList();
        }
        String baseDnForFido2RegistrationEntries = getBaseDnForFido2RegistrationEntries(userInum);
        return (!this.ldapEntryManager.hasBranchesSupport(baseDnForFido2RegistrationEntries) || containsBranch(baseDnForFido2RegistrationEntries)) ? this.ldapEntryManager.findEntries(baseDnForFido2RegistrationEntries, Fido2RegistrationEntry.class, Filter.createANDFilter(new Filter[]{Filter.createEqualityFilter("personInum", userInum), Filter.createEqualityFilter("oxStatus", Fido2RegistrationStatus.registered.getValue())})) : Collections.emptyList();
    }

    public List<Fido2RegistrationEntry> findAllByChallenge(String str) {
        return this.ldapEntryManager.findEntries(getBaseDnForFido2RegistrationEntries(null), Fido2RegistrationEntry.class, Filter.createANDFilter(new Filter[]{Filter.createEqualityFilter("oxCodeChallenge", str), Filter.createEqualityFilter("oxCodeChallengeHash", String.valueOf(getChallengeHashCode(str)))}));
    }

    public void save(Fido2RegistrationData fido2RegistrationData) {
        String username = fido2RegistrationData.getUsername();
        User user = this.userService.getUser(username, new String[]{"inum"});
        if (user == null) {
            if (!this.appConfiguration.getFido2Configuration().isUserAutoEnrollment()) {
                throw new Fido2RPRuntimeException("Auto user enrollment was disabled. User not exists!");
            }
            user = this.userService.addDefaultUser(username);
        }
        String userInum = this.userService.getUserInum(user);
        prepareBranch(userInum);
        Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        String uuid = UUID.randomUUID().toString();
        String challenge = fido2RegistrationData.getChallenge();
        Fido2RegistrationEntry fido2RegistrationEntry = new Fido2RegistrationEntry(getDnForRegistrationEntry(userInum, uuid), uuid, time, null, userInum, fido2RegistrationData, challenge);
        fido2RegistrationEntry.setRegistrationStatus(fido2RegistrationData.getStatus());
        fido2RegistrationEntry.setChallangeHash(String.valueOf(getChallengeHashCode(challenge)));
        fido2RegistrationData.setCreatedDate(time);
        fido2RegistrationData.setCreatedBy(username);
        this.ldapEntryManager.persist(fido2RegistrationEntry);
    }

    public void update(Fido2RegistrationEntry fido2RegistrationEntry) {
        Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        Fido2RegistrationData registrationData = fido2RegistrationEntry.getRegistrationData();
        registrationData.setUpdatedDate(time);
        registrationData.setUpdatedBy(registrationData.getUsername());
        fido2RegistrationEntry.setPublicKeyId(registrationData.getPublicKeyId());
        fido2RegistrationEntry.setRegistrationStatus(registrationData.getStatus());
        this.ldapEntryManager.merge(fido2RegistrationEntry);
    }

    public void addBranch(String str) {
        SimpleBranch simpleBranch = new SimpleBranch();
        simpleBranch.setOrganizationalUnitName("fido2_register");
        simpleBranch.setDn(str);
        this.ldapEntryManager.persist(simpleBranch);
    }

    public boolean containsBranch(String str) {
        return this.ldapEntryManager.contains(str, SimpleBranch.class);
    }

    public void prepareBranch(String str) {
        String baseDnForFido2RegistrationEntries = getBaseDnForFido2RegistrationEntries(str);
        if (this.ldapEntryManager.hasBranchesSupport(baseDnForFido2RegistrationEntries) && !containsBranch(baseDnForFido2RegistrationEntries)) {
            addBranch(baseDnForFido2RegistrationEntries);
        }
    }

    public String getDnForRegistrationEntry(String str, String str2) {
        String baseDnForFido2RegistrationEntries = getBaseDnForFido2RegistrationEntries(str);
        return StringHelper.isEmpty(str2) ? baseDnForFido2RegistrationEntries : String.format("oxId=%s,%s", str2, baseDnForFido2RegistrationEntries);
    }

    public String getBaseDnForFido2RegistrationEntries(String str) {
        String dnForUser = getDnForUser(str);
        return StringHelper.isEmpty(str) ? dnForUser : String.format("ou=fido2_register,%s", dnForUser);
    }

    public String getDnForUser(String str) {
        String people = this.staticConfiguration.getBaseDn().getPeople();
        return StringHelper.isEmpty(str) ? people : String.format("inum=%s,%s", str, people);
    }

    public void cleanup(Date date, int i) {
        ProcessBatchOperation<Fido2RegistrationEntry> processBatchOperation = new ProcessBatchOperation<Fido2RegistrationEntry>() { // from class: org.gluu.oxauth.fido2.persist.RegistrationPersistenceService.1
            public void performAction(List<Fido2RegistrationEntry> list) {
                for (Fido2RegistrationEntry fido2RegistrationEntry : list) {
                    RegistrationPersistenceService.this.log.debug("Removing Fido2 registration entry: {}, Creation date: {}", fido2RegistrationEntry.getChallange(), fido2RegistrationEntry.getCreationDate());
                    try {
                        RegistrationPersistenceService.this.ldapEntryManager.remove(fido2RegistrationEntry);
                    } catch (Exception e) {
                        RegistrationPersistenceService.this.log.error("Failed to remove entry", e);
                    }
                }
            }
        };
        String dnForUser = getDnForUser(null);
        this.ldapEntryManager.findEntries(dnForUser, Fido2RegistrationEntry.class, getExpiredRegistrationFilter(dnForUser), SearchScope.SUB, new String[]{"oxCodeChallenge", "creationDate"}, processBatchOperation, 0, 0, i);
        String dnForUser2 = getDnForUser(null);
        if (this.ldapEntryManager.hasBranchesSupport(dnForUser2)) {
            this.ldapEntryManager.findEntries(dnForUser2, SimpleBranch.class, getEmptyRegistrationBranchFilter(), SearchScope.SUB, new String[]{"ou"}, new ProcessBatchOperation<SimpleBranch>() { // from class: org.gluu.oxauth.fido2.persist.RegistrationPersistenceService.2
                public void performAction(List<SimpleBranch> list) {
                    Iterator<SimpleBranch> it = list.iterator();
                    while (it.hasNext()) {
                        try {
                            RegistrationPersistenceService.this.ldapEntryManager.remove(it.next());
                        } catch (Exception e) {
                            RegistrationPersistenceService.this.log.error("Failed to remove entry", e);
                        }
                    }
                }
            }, 0, 0, i);
        }
    }

    private Filter getExpiredRegistrationFilter(String str) {
        int unfinishedRequestExpiration = this.appConfiguration.getFido2Configuration().getUnfinishedRequestExpiration();
        int i = unfinishedRequestExpiration == 0 ? 120 : unfinishedRequestExpiration;
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.add(13, -i);
        return Filter.createANDFilter(new Filter[]{Filter.createNOTFilter(Filter.createEqualityFilter("oxStatus", Fido2RegistrationStatus.registered.getValue())), Filter.createLessOrEqualFilter("creationDate", this.ldapEntryManager.encodeTime(str, gregorianCalendar.getTime()))});
    }

    private Filter getEmptyRegistrationBranchFilter() {
        return Filter.createANDFilter(new Filter[]{Filter.createEqualityFilter("ou", "fido2_register"), Filter.createORFilter(new Filter[]{Filter.createEqualityFilter("numsubordinates", "0"), Filter.createEqualityFilter("hasSubordinates", "FALSE")})});
    }

    public int getChallengeHashCode(String str) {
        int i = 0;
        byte[] bytes = str.getBytes();
        for (int i2 = 0; i2 < bytes.length; i2++) {
            i += bytes[i2] * i2;
        }
        return i;
    }
}
