package org.openidentityplatform.openam.authentication.modules.webauthn;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.iplanet.dpro.session.service.InternalSession;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.service.AuthException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdType;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.sm.DNMapper;
import com.webauthn4j.authenticator.Authenticator;
import com.webauthn4j.data.AttestationConveyancePreference;
import com.webauthn4j.data.AuthenticatorAttachment;
import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.login.LoginException;
import org.apache.commons.lang.SerializationUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:org/openidentityplatform/openam/authentication/modules/webauthn/WebAuthnRegistration.class */
public class WebAuthnRegistration extends AMLoginModule {
    protected Debug debug;
    static final ObjectMapper mapper = new ObjectMapper();
    private static final int LOGIN_REQUEST_CREDENTIALS_STATE = 2;
    private static final int CREDENTIALS_CB_INDEX = 0;
    private static final int CREDENTIAL_REQUEST_CB_INDEX = 1;
    private long timeout;
    private Map<String, Object> sharedState = null;
    private WebAuthnRegistrationProcessor webAuthnRegistrationProcessor = null;
    private AttestationConveyancePreference attestation = null;
    private AuthenticatorAttachment authenticatorAttachment = null;
    protected String userId = null;
    private String userAttribute = null;
    private int authLevel = CREDENTIALS_CB_INDEX;

    public WebAuthnRegistration() {
        this.debug = null;
        this.debug = Debug.getInstance("amWebAuthnRegistration");
    }

    public void init(Subject subject, Map map, Map map2) {
        this.sharedState = map;
        this.attestation = AttestationConveyancePreference.create(CollectionHelper.getMapAttr(map2, WebAuthnRegistration.class.getName().concat(".attestation"), "none"));
        String mapAttr = CollectionHelper.getMapAttr(map2, WebAuthnRegistration.class.getName().concat(".authType"), "unspecified");
        this.authenticatorAttachment = null;
        if (!StringUtils.isBlank(mapAttr) && !"unspecified".equals(mapAttr)) {
            this.authenticatorAttachment = AuthenticatorAttachment.create(mapAttr);
        }
        this.timeout = Long.parseLong(CollectionHelper.getMapAttr(map2, WebAuthnRegistration.class.getName().concat(".timeout"), "60000"));
        this.userAttribute = CollectionHelper.getMapAttr(map2, WebAuthnRegistration.class.getName().concat(".userAttribute"), "sunIdentityServerPPSignKey");
        this.authLevel = Integer.parseInt(CollectionHelper.getMapAttr(map2, WebAuthnRegistration.class.getName().concat(".authlevel"), "0"));
        this.webAuthnRegistrationProcessor = new WebAuthnRegistrationProcessor(getSessionId(), this.attestation, this.authenticatorAttachment, this.timeout);
        initUserId();
    }

    protected void initUserId() {
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            InternalSession oldSession = getLoginState(WebAuthnRegistration.class.getName()).getOldSession();
            if (oldSession == null) {
                throw new AuthLoginException("amAuth", "noInternalSession", (Object[]) null);
            }
            this.userId = sSOTokenManager.createSSOToken(oldSession.getID().toString()).getProperty("UserToken");
            if (this.debug.messageEnabled()) {
                this.debug.message("WebAuthnRegistration.initUserId() : Username from SSOToken : " + this.userId);
            }
        } catch (Exception e) {
            this.debug.error("WebAuthnRegistration.initUserId() : Exception", e);
        }
    }

    public int process(Callback[] callbackArr, int i) throws LoginException {
        if (StringUtils.isBlank(this.userId)) {
            throw new AuthLoginException("amAuth", "noUserName", (Object[]) null);
        }
        try {
            switch (i) {
                case CREDENTIAL_REQUEST_CB_INDEX /* 1 */:
                    return requestCredentials();
                case LOGIN_REQUEST_CREDENTIALS_STATE /* 2 */:
                    return processCredentials(callbackArr);
                default:
                    return CREDENTIAL_REQUEST_CB_INDEX;
            }
        } catch (Exception e) {
            this.debug.error("process: Exception {}", new Object[]{e.toString()});
            throw new AuthLoginException(e);
        } catch (AuthLoginException e2) {
            this.debug.error("process: AuthLoginException {}", new Object[]{e2.toString()});
            throw e2;
        }
    }

    public int requestCredentials() throws AuthLoginException, JsonProcessingException {
        replaceCallback(LOGIN_REQUEST_CREDENTIALS_STATE, CREDENTIAL_REQUEST_CB_INDEX, new TextOutputCallback(CREDENTIALS_CB_INDEX, mapper.writeValueAsString(this.webAuthnRegistrationProcessor.requestCredentials(this.userId, getHttpServletRequest()))));
        return LOGIN_REQUEST_CREDENTIALS_STATE;
    }

    private int processCredentials(Callback[] callbackArr) throws AuthLoginException {
        String str = new String(((PasswordCallback) callbackArr[CREDENTIALS_CB_INDEX]).getPassword());
        try {
            Map map = (Map) mapper.readValue(str, new TypeReference<Map<String, String>>() { // from class: org.openidentityplatform.openam.authentication.modules.webauthn.WebAuthnRegistration.1
            });
            save(this.webAuthnRegistrationProcessor.processCredentials((String) map.get("attestationObject"), (String) map.get("clientDataJSON"), getHttpServletRequest()));
            setAuthLevel(this.authLevel);
            return -1;
        } catch (Exception e) {
            this.debug.error("invalid credentials data: " + str, e);
            throw new AuthLoginException(e);
        }
    }

    protected void save(Authenticator authenticator) throws AuthLoginException {
        try {
            AMIdentity identity = AuthD.getAuth().getIdentity(IdType.USER, this.userId, DNMapper.orgNameToRealmName(getRequestOrg()));
            Set attribute = identity.getAttribute(this.userAttribute);
            attribute.add(Base64Utils.encodeToUrlSafeString(SerializationUtils.serialize(authenticator)));
            identity.setAttributes(Collections.singletonMap(this.userAttribute, attribute));
            identity.store();
        } catch (SSOException | IdRepoException | AuthException e) {
            this.debug.error("WebAuthnRegistration: save(): error update user : {}", e);
            throw new AuthLoginException(e);
        }
    }

    public Principal getPrincipal() {
        return new WebAuthnPrincipal(this.userId);
    }

    static {
        mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
    }
}
