package com.inet.authentication.passkeys.server.authentication;

import com.inet.authentication.AuthenticationDescription;
import com.inet.authentication.RemoteLoginProcessor;
import com.inet.authentication.base.LoginManager;
import com.inet.authentication.passkeys.server.handler.PasskeyGetCredentialsRequest;
import com.inet.authentication.passkeys.server.handler.PasskeyGetCredentialsResponse;
import com.inet.authentication.passkeys.server.handler.PasskeySignupCredentialsResponse;
import com.inet.authentication.passkeys.server.handler.PasskeyVerifyCredentialsRequest;
import com.inet.http.ClientMessageException;
import com.inet.http.PluginDispatcherServlet;
import com.inet.http.servlet.SessionStore;
import com.inet.lib.json.EncodedReader;
import com.inet.lib.json.Json;
import com.inet.lib.util.EncodingFunctions;
import com.inet.lib.util.StringFunctions;
import com.inet.remote.gui.modules.login.LoginServlet;
import com.inet.shared.servlet.ProxyHttpServletRequest;
import com.inet.shared.servlet.ServletUtils;
import com.inet.usersandgroups.api.user.LoginSettings;
import com.inet.usersandgroups.api.user.UserAccount;
import com.inet.usersandgroups.api.user.UserManager;
import com.webauthn4j.WebAuthnManager;
import com.webauthn4j.authenticator.AuthenticatorImpl;
import com.webauthn4j.data.AuthenticationData;
import com.webauthn4j.data.AuthenticationParameters;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.data.RegistrationData;
import com.webauthn4j.data.RegistrationRequest;
import com.webauthn4j.data.client.Origin;
import com.webauthn4j.server.ServerProperty;
import java.io.IOException;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/inet/authentication/passkeys/server/authentication/b.class */
public class b extends RemoteLoginProcessor {
    private static final WebAuthnManager b = WebAuthnManager.createNonStrictWebAuthnManager();
    private String c;
    private LoginSettings d;

    /* JADX INFO: Access modifiers changed from: protected */
    public b(AuthenticationDescription authenticationDescription) {
        super(authenticationDescription);
    }

    public void requestLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (LoginManager.isApplicationRequest(httpServletRequest)) {
            if (!transferClientLoginData(httpServletRequest, httpServletResponse)) {
                return;
            } else {
                httpServletResponse.setStatus(401);
            }
        }
        try {
            PluginDispatcherServlet.forward("/login/passkeys/ui", httpServletRequest, httpServletResponse);
        } catch (ServletException | IOException e) {
            LOGGER.error(e);
        }
    }

    public boolean transferClientLoginData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = httpServletRequest.getParameter("passkeys.credentials") != null;
        boolean z2 = httpServletRequest.getParameter("passkeys.verify") != null;
        Object obj = null;
        if (z) {
            obj = a(httpServletRequest, httpServletResponse);
        } else if (z2) {
            obj = b(httpServletRequest, httpServletResponse);
        }
        if (obj == null) {
            return true;
        }
        try {
            httpServletResponse.setStatus(200);
            new Json().toJson(obj, httpServletResponse.getOutputStream());
            return false;
        } catch (IOException e) {
            LOGGER.error(e);
            throw new ClientMessageException(e.getMessage());
        }
    }

    @SuppressFBWarnings(value = {"TRUST_BOUNDARY_VIOLATION"}, justification = "We're storing the sent user name temporarily")
    public Object a(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletResponse.setContentType("application/binary-json");
            PasskeyGetCredentialsRequest passkeyGetCredentialsRequest = (PasskeyGetCredentialsRequest) new Json().fromJson(new EncodedReader(httpServletRequest.getInputStream()), PasskeyGetCredentialsRequest.class);
            if (passkeyGetCredentialsRequest == null) {
                return null;
            }
            if (!passkeyGetCredentialsRequest.getIsSignup()) {
                return PasskeyGetCredentialsResponse.forLogin(httpServletRequest);
            }
            String userName = passkeyGetCredentialsRequest.getUserName();
            httpServletRequest.getSession().setAttribute("passkeys.username", userName);
            return PasskeySignupCredentialsResponse.from(httpServletRequest, userName);
        } catch (Throwable th) {
            LOGGER.error(th);
            throw new ClientMessageException(th.getMessage());
        }
    }

    public Object b(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        UserAccount findActiveUserAccount;
        try {
            httpServletResponse.setContentType("application/binary-json");
            PasskeyVerifyCredentialsRequest passkeyVerifyCredentialsRequest = (PasskeyVerifyCredentialsRequest) new Json().fromJson(new EncodedReader(httpServletRequest.getInputStream()), PasskeyVerifyCredentialsRequest.class);
            if (passkeyVerifyCredentialsRequest == null) {
                return null;
            }
            String rawId = passkeyVerifyCredentialsRequest.getRawId();
            String attestationObject = passkeyVerifyCredentialsRequest.getAttestationObject();
            String clientDataJSON = passkeyVerifyCredentialsRequest.getClientDataJSON();
            boolean z = (attestationObject == null || clientDataJSON == null) ? false : true;
            if (z) {
                this.d = new LoginSettings("passkeys", rawId, new Json().toJson(PasskeyData.from(clientDataJSON, attestationObject)), (String) httpServletRequest.getSession().getAttribute("passkeys.username"));
                findActiveUserAccount = getOrCreateUserAccount(rawId);
            } else {
                findActiveUserAccount = UserManager.getInstance().findActiveUserAccount("passkeys", rawId);
                if (findActiveUserAccount != null) {
                    Iterator it = findActiveUserAccount.getLoginSettings().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        LoginSettings loginSettings = (LoginSettings) it.next();
                        if (isSameAccount(rawId, null, loginSettings)) {
                            if (!a(loginSettings, passkeyVerifyCredentialsRequest)) {
                                findActiveUserAccount = null;
                            }
                        }
                    }
                }
            }
            String requestPage = ServletUtils.getRequestPage(httpServletRequest);
            HashMap hashMap = new HashMap();
            if (findActiveUserAccount != null) {
                this.c = rawId;
            } else {
                if (StringFunctions.isEmpty(requestPage)) {
                    requestPage = "";
                }
                requestPage = ProxyHttpServletRequest.getHttpServerPort(httpServletRequest) + httpServletRequest.getContextPath() + "/login?RequestPage=" + EncodingFunctions.encodeUrlParameter(requestPage);
                if (!z) {
                    hashMap.put("error", LoginServlet.MSG.getMsg("login.invalidCredentials", new Object[0]));
                }
            }
            String createRedirectURL = ServletUtils.createRedirectURL(httpServletRequest, requestPage, (String) null);
            hashMap.put("redirectURL", StringFunctions.isEmpty(createRedirectURL) ? "" : createRedirectURL);
            return hashMap;
        } catch (Throwable th) {
            LOGGER.error(th);
            throw new ClientMessageException(th.getMessage());
        }
    }

    private boolean a(LoginSettings loginSettings, PasskeyVerifyCredentialsRequest passkeyVerifyCredentialsRequest) {
        try {
            PasskeyData passkeyData = (PasskeyData) new Json().fromJson(loginSettings.getAdditionalData(), PasskeyData.class);
            RegistrationData parse = b.parse(new RegistrationRequest(a(passkeyData.getAttestationObject()), a(passkeyData.getClientDataJSON()), (String) null, passkeyData.getTransports()));
            AuthenticatorImpl authenticatorImpl = new AuthenticatorImpl(parse.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), parse.getAttestationObject().getAttestationStatement(), parse.getAttestationObject().getAuthenticatorData().getSignCount());
            byte[] a = a(loginSettings.getLoginID());
            AuthenticationData parse2 = b.parse(new AuthenticationRequest(a, a(passkeyVerifyCredentialsRequest.getUserHandle()), a(passkeyVerifyCredentialsRequest.getAuthenticatorData()), a(passkeyVerifyCredentialsRequest.getClientDataJSON()), (String) null, a(passkeyVerifyCredentialsRequest.getSignature())));
            Origin origin = new Origin(ProxyHttpServletRequest.getHttpServerPort(SessionStore.getHttpServletRequest()).toString());
            b.validate(parse2, new AuthenticationParameters(new ServerProperty(origin, origin.getHost(), () -> {
                return ((String) SessionStore.getHttpSession().getAttribute("passkeys.challenge")).getBytes();
            }, (byte[]) null), authenticatorImpl, Collections.singletonList(a), false, true));
            this.c = loginSettings.getLoginID();
            return true;
        } catch (Throwable th) {
            LOGGER.error(th);
            return false;
        }
    }

    private static byte[] a(@Nullable String str) {
        if (str != null) {
            return Base64.getDecoder().decode(str);
        }
        return null;
    }

    @Nonnull
    public String getLoginSource() {
        return "passkeys";
    }

    @Nullable
    public String getLoginID() {
        return this.c;
    }

    public boolean isWebUserInRole(String str) {
        return false;
    }

    @Nonnull
    public LoginSettings createLoginSettings(String str) {
        return this.d;
    }
}
