package org.xdi.oxauth.service.fido.u2f;

import com.unboundid.ldap.sdk.Filter;
import java.util.ArrayList;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import java.util.UUID;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.log.Log;
import org.xdi.oxauth.crypto.random.ChallengeGenerator;
import org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.fido.u2f.DeviceRegistration;
import org.xdi.oxauth.model.fido.u2f.DeviceRegistrationResult;
import org.xdi.oxauth.model.fido.u2f.DeviceRegistrationStatus;
import org.xdi.oxauth.model.fido.u2f.RegisterRequestMessageLdap;
import org.xdi.oxauth.model.fido.u2f.RequestMessageLdap;
import org.xdi.oxauth.model.fido.u2f.exception.BadInputException;
import org.xdi.oxauth.model.fido.u2f.message.RawRegisterResponse;
import org.xdi.oxauth.model.fido.u2f.protocol.ClientData;
import org.xdi.oxauth.model.fido.u2f.protocol.DeviceData;
import org.xdi.oxauth.model.fido.u2f.protocol.RegisterRequest;
import org.xdi.oxauth.model.fido.u2f.protocol.RegisterRequestMessage;
import org.xdi.oxauth.model.fido.u2f.protocol.RegisterResponse;
import org.xdi.oxauth.model.util.Base64Util;
import org.xdi.oxauth.service.UserService;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.util.StringHelper;

@Name("u2fRegistrationService")
@AutoCreate
@Scope(ScopeType.STATELESS)
/* loaded from: input_file:org/xdi/oxauth/service/fido/u2f/RegistrationService.class */
public class RegistrationService extends RequestService {

    @Logger
    private Log log;

    @In
    private LdapEntryManager ldapEntryManager;

    @In
    private ApplicationService applicationService;

    @In
    private UserService userService;

    @In
    private AuthenticationService u2fAuthenticationService;

    @In
    private RawRegistrationService rawRegistrationService;

    @In
    private ClientDataValidationService clientDataValidationService;

    @In
    private DeviceRegistrationService deviceRegistrationService;

    @In("randomChallengeGenerator")
    private ChallengeGenerator challengeGenerator;

    public RegisterRequestMessage builRegisterRequestMessage(String str, String str2) {
        if (this.applicationService.isValidateApplication()) {
            this.applicationService.checkIsValid(str);
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (StringHelper.isNotEmpty(str2)) {
            for (DeviceRegistration deviceRegistration : this.deviceRegistrationService.findUserDeviceRegistrations(str2, str, new String[0])) {
                if (!deviceRegistration.isCompromised()) {
                    try {
                        arrayList.add(this.u2fAuthenticationService.startAuthentication(str, deviceRegistration));
                    } catch (DeviceCompromisedException e) {
                        this.log.error("Faield to authenticate device", e, new Object[0]);
                    }
                }
            }
        }
        arrayList2.add(startRegistration(str));
        return new RegisterRequestMessage(arrayList, arrayList2);
    }

    public RegisterRequest startRegistration(String str) {
        return startRegistration(str, this.challengeGenerator.generateChallenge());
    }

    public RegisterRequest startRegistration(String str, byte[] bArr) {
        return new RegisterRequest(Base64Util.base64urlencode(bArr), str);
    }

    public DeviceRegistrationResult finishRegistration(RegisterRequestMessage registerRequestMessage, RegisterResponse registerResponse, String str) throws BadInputException {
        return finishRegistration(registerRequestMessage, registerResponse, str, null);
    }

    public DeviceRegistrationResult finishRegistration(RegisterRequestMessage registerRequestMessage, RegisterResponse registerResponse, String str, Set<String> set) throws BadInputException {
        RegisterRequest registerRequest = registerRequestMessage.getRegisterRequest();
        String appId = registerRequest.getAppId();
        ClientData clientData = registerResponse.getClientData();
        this.clientDataValidationService.checkContent(clientData, RawRegistrationService.SUPPORTED_REGISTER_TYPES, registerRequest.getChallenge(), set);
        RawRegisterResponse parseRawRegisterResponse = this.rawRegistrationService.parseRawRegisterResponse(registerResponse.getRegistrationData());
        this.rawRegistrationService.checkSignature(appId, clientData, parseRawRegisterResponse);
        Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        DeviceRegistration createDevice = this.rawRegistrationService.createDevice(parseRawRegisterResponse);
        createDevice.setStatus(DeviceRegistrationStatus.ACTIVE);
        createDevice.setApplication(appId);
        createDevice.setCreationDate(time);
        createDevice.setKeyHandleHashCode(Integer.valueOf(this.deviceRegistrationService.getKeyHandleHashCode(parseRawRegisterResponse.getKeyHandle())));
        String valueOf = String.valueOf(System.currentTimeMillis());
        createDevice.setId(valueOf);
        String deviceData = registerResponse.getDeviceData();
        if (StringHelper.isNotEmpty(deviceData)) {
            try {
                createDevice.setDeviceData((DeviceData) ServerUtil.jsonMapperWithWrapRoot().readValue(new String(Base64Util.base64urldecode(deviceData)), DeviceData.class));
            } catch (Exception e) {
                throw new BadInputException(String.format("Device data is invalid: %s", deviceData), e);
            }
        }
        if (!StringHelper.equals(RawRegistrationService.REGISTER_FINISH_TYPE, registerResponse.getClientData().getTyp())) {
            this.log.debug("Registratio request with keyHandle '{0}' was canceled", new Object[]{parseRawRegisterResponse.getKeyHandle()});
            return new DeviceRegistrationResult(createDevice, DeviceRegistrationResult.Status.CANCELED);
        }
        if (StringHelper.isNotEmpty(str)) {
            createDevice.setDn(this.deviceRegistrationService.getDnForU2fDevice(str, valueOf));
            if (this.deviceRegistrationService.findDeviceRegistrationsByKeyHandle(appId, createDevice.getKeyHandle(), "oxId").size() != 0) {
                throw new BadInputException(String.format("KeyHandle %s was compromised", createDevice.getKeyHandle()));
            }
            this.deviceRegistrationService.addUserDeviceRegistration(str, createDevice);
        } else {
            createDevice.setDn(this.deviceRegistrationService.getDnForOneStepU2fDevice(valueOf));
            this.deviceRegistrationService.addOneStepDeviceRegistration(createDevice);
        }
        return new DeviceRegistrationResult(createDevice, DeviceRegistrationResult.Status.APPROVED);
    }

    public void storeRegisterRequestMessage(RegisterRequestMessage registerRequestMessage, String str, String str2) {
        Date time = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        String uuid = UUID.randomUUID().toString();
        this.ldapEntryManager.persist(new RegisterRequestMessageLdap(getDnForRegisterRequestMessage(uuid), uuid, time, str2, str, registerRequestMessage));
    }

    public RegisterRequestMessage getRegisterRequestMessage(String str) {
        RegisterRequestMessageLdap registerRequestMessageLdap = (RegisterRequestMessageLdap) this.ldapEntryManager.find(RegisterRequestMessageLdap.class, getDnForRegisterRequestMessage(str));
        if (registerRequestMessageLdap == null) {
            return null;
        }
        return registerRequestMessageLdap.getRegisterRequestMessage();
    }

    public RegisterRequestMessageLdap getRegisterRequestMessageByRequestId(String str) {
        List findEntries = this.ldapEntryManager.findEntries(getDnForRegisterRequestMessage(null), RegisterRequestMessageLdap.class, Filter.createEqualityFilter("oxRequestId", str));
        if (findEntries == null || findEntries.isEmpty()) {
            return null;
        }
        return (RegisterRequestMessageLdap) findEntries.get(0);
    }

    public void removeRegisterRequestMessage(RequestMessageLdap requestMessageLdap) {
        removeRequestMessage(requestMessageLdap);
    }

    public String getDnForRegisterRequestMessage(String str) {
        String u2fBase = ConfigurationFactory.instance().getBaseDn().getU2fBase();
        return StringHelper.isEmpty(str) ? String.format("ou=registration_requests,%s", u2fBase) : String.format("oxid=%s,ou=registration_requests,%s", str, u2fBase);
    }
}
