package org.gluu.oxauth.fido2.persist;

import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import java.util.TimeZone;
import java.util.UUID;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationData;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationEntry;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationStatus;
import org.gluu.oxauth.model.common.User;
import org.gluu.oxauth.model.config.StaticConfiguration;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.service.UserService;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.model.ProcessBatchOperation;
import org.gluu.persist.model.SearchScope;
import org.gluu.persist.model.base.SimpleBranch;
import org.gluu.search.filter.Filter;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/persist/AuthenticationPersistenceService.class */
public class AuthenticationPersistenceService {

    @Inject
    private Logger log;

    @Inject
    private StaticConfiguration staticConfiguration;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private UserService userService;

    @Inject
    private PersistenceEntryManager ldapEntryManager;

    public List<Fido2AuthenticationEntry> findByChallenge(String str) {
        return this.ldapEntryManager.findEntries(getBaseDnForFido2AuthenticationEntries(null), Fido2AuthenticationEntry.class, Filter.createEqualityFilter("oxCodeChallenge", str));
    }

    public void save(Fido2AuthenticationData fido2AuthenticationData) {
        String username = fido2AuthenticationData.getUsername();
        User user = this.userService.getUser(username, new String[]{"inum"});
        if (user == null) {
            if (!this.appConfiguration.getFido2Configuration().isUserAutoEnrollment()) {
                throw new Fido2RPRuntimeException("Auto user enrollment was disabled. User not exists!");
            }
            user = this.userService.addDefaultUser(username);
        }
        String userInum = this.userService.getUserInum(user);
        prepareBranch(userInum);
        Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        Fido2AuthenticationEntry fido2AuthenticationEntry = new Fido2AuthenticationEntry(getDnForAuthenticationEntry(userInum, UUID.randomUUID().toString()), fido2AuthenticationData.getId(), time, null, userInum, fido2AuthenticationData);
        fido2AuthenticationEntry.setAuthenticationStatus(fido2AuthenticationData.getStatus());
        fido2AuthenticationData.setCreatedDate(time);
        fido2AuthenticationData.setCreatedBy(username);
        this.ldapEntryManager.persist(fido2AuthenticationEntry);
    }

    public void update(Fido2AuthenticationEntry fido2AuthenticationEntry) {
        Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        Fido2AuthenticationData authenticationData = fido2AuthenticationEntry.getAuthenticationData();
        authenticationData.setUpdatedDate(time);
        authenticationData.setUpdatedBy(authenticationData.getUsername());
        fido2AuthenticationEntry.setAuthenticationStatus(authenticationData.getStatus());
        this.ldapEntryManager.merge(fido2AuthenticationEntry);
        System.err.println("Updated: " + fido2AuthenticationEntry.getDn());
    }

    public void addBranch(String str) {
        SimpleBranch simpleBranch = new SimpleBranch();
        simpleBranch.setOrganizationalUnitName("fido2_auth");
        simpleBranch.setDn(str);
        this.ldapEntryManager.persist(simpleBranch);
    }

    public boolean containsBranch(String str) {
        return this.ldapEntryManager.contains(str, SimpleBranch.class);
    }

    public void prepareBranch(String str) {
        String baseDnForFido2AuthenticationEntries = getBaseDnForFido2AuthenticationEntries(str);
        if (this.ldapEntryManager.hasBranchesSupport(baseDnForFido2AuthenticationEntries) && !containsBranch(baseDnForFido2AuthenticationEntries)) {
            addBranch(baseDnForFido2AuthenticationEntries);
        }
    }

    public String getDnForAuthenticationEntry(String str, String str2) {
        String baseDnForFido2AuthenticationEntries = getBaseDnForFido2AuthenticationEntries(str);
        return StringHelper.isEmpty(str2) ? baseDnForFido2AuthenticationEntries : String.format("oxId=%s,%s", str2, baseDnForFido2AuthenticationEntries);
    }

    public String getBaseDnForFido2AuthenticationEntries(String str) {
        String dnForUser = getDnForUser(str);
        return StringHelper.isEmpty(str) ? dnForUser : String.format("ou=fido2_auth,%s", dnForUser);
    }

    public String getDnForUser(String str) {
        String people = this.staticConfiguration.getBaseDn().getPeople();
        return StringHelper.isEmpty(str) ? people : String.format("inum=%s,%s", str, people);
    }

    public void cleanup(Date date, int i) {
        ProcessBatchOperation<Fido2AuthenticationEntry> processBatchOperation = new ProcessBatchOperation<Fido2AuthenticationEntry>() { // from class: org.gluu.oxauth.fido2.persist.AuthenticationPersistenceService.1
            public void performAction(List<Fido2AuthenticationEntry> list) {
                for (Fido2AuthenticationEntry fido2AuthenticationEntry : list) {
                    AuthenticationPersistenceService.this.log.debug("Removing Fido2 authentication entry: {}, Creation date: {}", fido2AuthenticationEntry.getChallange(), fido2AuthenticationEntry.getCreationDate());
                    try {
                        AuthenticationPersistenceService.this.ldapEntryManager.remove(fido2AuthenticationEntry);
                    } catch (Exception e) {
                        AuthenticationPersistenceService.this.log.error("Failed to remove entry", e);
                    }
                }
            }
        };
        String dnForUser = getDnForUser(null);
        this.ldapEntryManager.findEntries(dnForUser, Fido2AuthenticationEntry.class, getExpiredAuthenticationFilter(dnForUser), SearchScope.SUB, new String[]{"oxCodeChallenge", "creationDate"}, processBatchOperation, 0, 0, i);
        if (this.ldapEntryManager.hasBranchesSupport(getDnForUser(null))) {
            this.ldapEntryManager.findEntries(getDnForUser(null), SimpleBranch.class, getEmptyAuthenticationBranchFilter(), SearchScope.SUB, new String[]{"ou"}, new ProcessBatchOperation<SimpleBranch>() { // from class: org.gluu.oxauth.fido2.persist.AuthenticationPersistenceService.2
                public void performAction(List<SimpleBranch> list) {
                    Iterator<SimpleBranch> it = list.iterator();
                    while (it.hasNext()) {
                        try {
                            AuthenticationPersistenceService.this.ldapEntryManager.remove(it.next());
                        } catch (Exception e) {
                            AuthenticationPersistenceService.this.log.error("Failed to remove entry", e);
                        }
                    }
                }
            }, 0, 0, i);
        }
    }

    private Filter getExpiredAuthenticationFilter(String str) {
        int unfinishedRequestExpiration = this.appConfiguration.getFido2Configuration().getUnfinishedRequestExpiration();
        int i = unfinishedRequestExpiration == 0 ? 120 : unfinishedRequestExpiration;
        int authenticationHistoryExpiration = this.appConfiguration.getFido2Configuration().getAuthenticationHistoryExpiration();
        int i2 = authenticationHistoryExpiration == 0 ? 1296000 : authenticationHistoryExpiration;
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.add(13, -i);
        Date time = gregorianCalendar.getTime();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar2.add(13, -i2);
        return Filter.createORFilter(new Filter[]{Filter.createANDFilter(new Filter[]{Filter.createNOTFilter(Filter.createEqualityFilter("oxStatus", Fido2AuthenticationStatus.authenticated.getValue())), Filter.createLessOrEqualFilter("creationDate", this.ldapEntryManager.encodeTime(str, time))}), Filter.createANDFilter(new Filter[]{Filter.createEqualityFilter("oxStatus", Fido2AuthenticationStatus.authenticated.getValue()), Filter.createLessOrEqualFilter("creationDate", this.ldapEntryManager.encodeTime(str, gregorianCalendar2.getTime()))})});
    }

    private Filter getEmptyAuthenticationBranchFilter() {
        return Filter.createANDFilter(new Filter[]{Filter.createEqualityFilter("ou", "fido2_auth"), Filter.createORFilter(new Filter[]{Filter.createEqualityFilter("numsubordinates", "0"), Filter.createEqualityFilter("hasSubordinates", "FALSE")})});
    }
}
