package com.inet.authentication.twofactor.server.webauthn;

import com.inet.authentication.LoginProcessor;
import com.inet.authentication.twofactor.TwoFactorAuthenticationServerPlugin;
import com.inet.authentication.twofactor.client.handler.WebAuthnGetCredentialsResponse;
import com.inet.error.ErrorCode;
import com.inet.http.servlet.SessionStore;
import com.inet.id.GUID;
import com.inet.lib.json.Json;
import com.inet.lib.util.IOFunctions;
import com.inet.plugin.ApplicationDescription;
import com.inet.remote.gui.angular.ReplaceOutputStream;
import com.inet.shared.servlet.ProxyHttpServletRequest;
import com.inet.usersandgroups.api.user.UserAccount;
import com.webauthn4j.WebAuthnManager;
import com.webauthn4j.authenticator.AuthenticatorImpl;
import com.webauthn4j.data.AuthenticationData;
import com.webauthn4j.data.AuthenticationParameters;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.data.RegistrationData;
import com.webauthn4j.data.RegistrationRequest;
import com.webauthn4j.data.client.Origin;
import com.webauthn4j.server.ServerProperty;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/inet/authentication/twofactor/server/webauthn/a.class */
public class a implements com.inet.authentication.twofactor.api.a {
    private static final WebAuthnManager l = WebAuthnManager.createNonStrictWebAuthnManager();

    @Nonnull
    public String getExtensionName() {
        return "webauthn";
    }

    @Override // com.inet.authentication.twofactor.api.a
    public String a() {
        return TwoFactorAuthenticationServerPlugin.MSG.getMsg("twofactor.webauthn.displayname", new Object[0]);
    }

    @Override // com.inet.authentication.twofactor.api.a
    public boolean a(@Nonnull UserAccount userAccount) {
        HttpServletRequest httpServletRequest = SessionStore.getHttpServletRequest();
        if (httpServletRequest == null) {
            return false;
        }
        try {
            URL url = new URL(ProxyHttpServletRequest.getHttpServerPort(httpServletRequest).toString());
            String protocol = url.getProtocol();
            String host = url.getHost();
            if (!"https".equals(protocol)) {
                return "localhost".equals(host);
            }
            for (int i = 0; i < host.length(); i++) {
                if (Character.isAlphabetic(host.charAt(i))) {
                    return true;
                }
            }
            return false;
        } catch (MalformedURLException e) {
            ErrorCode.throwAny(e);
            return false;
        }
    }

    @Override // com.inet.authentication.twofactor.api.a
    @Nullable
    public String a(GUID guid) {
        return "";
    }

    @Override // com.inet.authentication.twofactor.api.a
    public String a(@Nonnull UserAccount userAccount, String str) {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("userID", userAccount.getID().toString());
            hashMap.put("displayName", userAccount.getDisplayName());
            hashMap.put("challenge", GUID.generateNew().toString());
            hashMap.put("app", ApplicationDescription.get().getApplicationName());
            hashMap.put("instructions", TwoFactorAuthenticationServerPlugin.MSG.getMsg("twofactor.webauthn.instructions", new Object[0]));
            InputStream resourceAsStream = getClass().getResourceAsStream("showCurrentSettings.html");
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                ReplaceOutputStream replaceOutputStream = new ReplaceOutputStream(byteArrayOutputStream, hashMap);
                IOFunctions.copyData(resourceAsStream, replaceOutputStream);
                replaceOutputStream.close();
                String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return byteArrayOutputStream2;
            } finally {
            }
        } catch (IOException e) {
            ErrorCode.throwAny(e);
            return null;
        }
    }

    private static AuthenticatorImpl a(@Nonnull HashMap<String, Object> hashMap) {
        RegistrationData parse = l.parse(new RegistrationRequest(a(hashMap, "attestationObject"), a(hashMap, "clientDataJSON"), (String) null, new HashSet((Collection) hashMap.get("transports"))));
        return new AuthenticatorImpl(parse.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), parse.getAttestationObject().getAttestationStatement(), parse.getAttestationObject().getAuthenticatorData().getSignCount());
    }

    @Override // com.inet.authentication.twofactor.api.a
    public boolean a(String str, String str2) {
        try {
            HashMap hashMap = (HashMap) new Json().fromJson(str2, HashMap.class);
            List singletonList = Collections.singletonList(a((HashMap<String, Object>) hashMap, "rawId"));
            AuthenticatorImpl a = a((HashMap<String, Object>) hashMap);
            HashMap hashMap2 = (HashMap) new Json().fromJson(str, HashMap.class);
            AuthenticationData parse = l.parse(new AuthenticationRequest(a((HashMap<String, Object>) hashMap2, "rawId"), a((HashMap<String, Object>) hashMap2, "userHandle"), a((HashMap<String, Object>) hashMap2, "authenticatorData"), a((HashMap<String, Object>) hashMap2, "clientDataJSON"), (String) null, a((HashMap<String, Object>) hashMap2, "signature")));
            Origin origin = new Origin(ProxyHttpServletRequest.getHttpServerPort(SessionStore.getHttpServletRequest()).toString());
            l.validate(parse, new AuthenticationParameters(new ServerProperty(origin, origin.getHost(), () -> {
                return ((String) SessionStore.getHttpSession().getAttribute("webauthn.challenge")).getBytes();
            }, (byte[]) null), a, singletonList, false, true));
            return true;
        } catch (Throwable th) {
            LoginProcessor.LOGGER.error(th);
            return false;
        }
    }

    private static byte[] a(@Nonnull HashMap<String, Object> hashMap, @Nonnull String str) {
        String str2 = (String) hashMap.get(str);
        if (str2 != null) {
            return Base64.getDecoder().decode(str2);
        }
        return null;
    }

    @SuppressFBWarnings(value = {"TRUST_BOUNDARY_VIOLATION"}, justification = "data are save")
    public static WebAuthnGetCredentialsResponse a(@Nonnull String str, @Nonnull HttpServletRequest httpServletRequest) {
        String str2 = (String) ((HashMap) new Json().fromJson(str, HashMap.class)).get("rawId");
        HttpSession session = httpServletRequest.getSession();
        String guid = GUID.generateNew().toString();
        session.setAttribute("webauthn.challenge", guid);
        return new WebAuthnGetCredentialsResponse(str2, guid);
    }

    @Override // com.inet.authentication.twofactor.api.a
    public boolean b() {
        return true;
    }
}
