package org.bubblecloud.ilves.security;

import com.vaadin.annotations.JavaScript;
import com.vaadin.server.AbstractJavaScriptExtension;
import com.vaadin.server.Page;
import com.vaadin.server.Sizeable;
import com.vaadin.ui.Alignment;
import com.vaadin.ui.JavaScriptFunction;
import com.vaadin.ui.Label;
import com.vaadin.ui.Notification;
import com.vaadin.ui.UI;
import com.vaadin.ui.VerticalLayout;
import com.vaadin.ui.Window;
import com.yubico.u2f.U2F;
import com.yubico.u2f.data.DeviceRegistration;
import com.yubico.u2f.data.messages.AuthenticateRequestData;
import com.yubico.u2f.data.messages.AuthenticateResponse;
import com.yubico.u2f.data.messages.RegisterRequestData;
import com.yubico.u2f.data.messages.RegisterResponse;
import com.yubico.u2f.exceptions.DeviceCompromisedException;
import elemental.json.JsonArray;
import elemental.json.impl.JreJsonNull;
import java.util.HashMap;
import java.util.Map;
import org.apache.log4j.Logger;
import org.bubblecloud.ilves.model.Company;
import org.bubblecloud.ilves.model.User;
import org.bubblecloud.ilves.site.SecurityProviderSessionImpl;
import org.bubblecloud.ilves.site.Site;

@JavaScript({"u2f-api.js", "u2f_connector.js"})
/* loaded from: input_file:org/bubblecloud/ilves/security/U2fConnector.class */
public class U2fConnector extends AbstractJavaScriptExtension {
    private static final Logger LOGGER = Logger.getLogger(U2fConnector.class);
    private final Site site;
    private final Company company;
    private final String appId;
    private U2fRegistrationListener u2FRegistrationListener;
    private U2fAuthenticationListener u2fAuthenticationListener;
    private final U2F u2f = new U2F();
    private final Map<String, String> requests = new HashMap();
    private final Window registerWindow = new Window(Site.getCurrent().localize("header-register-u2f-device"));
    private String authenticateEmailAddress = null;

    public U2fConnector() {
        extend(UI.getCurrent());
        addFunction("onRegisterResponse", new JavaScriptFunction() { // from class: org.bubblecloud.ilves.security.U2fConnector.1
            public void call(JsonArray jsonArray) {
                U2fConnector.this.onReqisterResponse(jsonArray);
            }
        });
        addFunction("onAuthenticateResponse", new JavaScriptFunction() { // from class: org.bubblecloud.ilves.security.U2fConnector.2
            public void call(JsonArray jsonArray) {
                U2fConnector.this.onAuthenticateResponse(jsonArray);
            }
        });
        this.site = Site.getCurrent();
        this.company = (Company) this.site.getSiteContext().getObject(Company.class);
        this.appId = this.company.getUrl().charAt(this.company.getUrl().length() - 1) == '/' ? this.company.getUrl().substring(0, this.company.getUrl().length() - 1) : this.company.getUrl();
    }

    public void startRegistration(U2fRegistrationListener u2fRegistrationListener) {
        this.u2FRegistrationListener = u2fRegistrationListener;
        sendRegisterRequest();
        this.registerWindow.setModal(true);
        VerticalLayout verticalLayout = new VerticalLayout();
        verticalLayout.setMargin(true);
        Label label = new Label(Site.getCurrent().localize("message-insert-u2f-device"));
        verticalLayout.addComponent(label);
        verticalLayout.setComponentAlignment(label, Alignment.MIDDLE_CENTER);
        this.registerWindow.setContent(verticalLayout);
        this.registerWindow.setResizable(false);
        this.registerWindow.setWidth(300.0f, Sizeable.Unit.PIXELS);
        this.registerWindow.setHeight(200.0f, Sizeable.Unit.PIXELS);
        this.registerWindow.center();
        UI.getCurrent().addWindow(this.registerWindow);
    }

    public void startAuthentication(String str, U2fAuthenticationListener u2fAuthenticationListener) {
        this.u2fAuthenticationListener = u2fAuthenticationListener;
        sendAuthenticateRequest(str);
    }

    private void sendRegisterRequest() {
        try {
            RegisterRequestData startRegistration = this.u2f.startRegistration(this.appId, U2fService.getDeviceRegistrations(this.site.getSiteContext(), ((SecurityProviderSessionImpl) this.site.getSecurityProvider()).getUserFromSession().getEmailAddress()));
            this.requests.put(startRegistration.getRequestId(), startRegistration.toJson());
            callFunction("register", new Object[]{startRegistration.toJson()});
        } catch (Exception e) {
            LOGGER.error("Error sending U2F registration request.", e);
            new Notification(this.site.localize("message-u2f-device-registration-failed"), Notification.Type.ERROR_MESSAGE).show(Page.getCurrent());
        }
    }

    public void onReqisterResponse(JsonArray jsonArray) {
        this.registerWindow.close();
        try {
            User userFromSession = ((SecurityProviderSessionImpl) this.site.getSecurityProvider()).getUserFromSession();
            if (jsonArray.length() == 2 && !(jsonArray.get(1) instanceof JreJsonNull)) {
                double number = jsonArray.getNumber(1);
                LOGGER.error("Error processing U2F registration due to error code: " + number);
                new Notification(this.site.localize("message-u2f-device-registration-failed") + " (" + number + ")", Notification.Type.ERROR_MESSAGE).show(Page.getCurrent());
                return;
            }
            RegisterResponse fromJson = RegisterResponse.fromJson(jsonArray.getString(0));
            U2fService.addDeviceRegistration(this.site.getSiteContext(), userFromSession.getEmailAddress(), this.u2f.finishRegistration(RegisterRequestData.fromJson(this.requests.remove(fromJson.getRequestId())), fromJson));
            AuditService.log(this.site.getSiteContext(), "u2f device register");
            this.u2FRegistrationListener.onDeviceRegistrationSuccess();
            new Notification(this.site.localize("message-u2f-device-registered"), Notification.Type.HUMANIZED_MESSAGE).show(Page.getCurrent());
        } catch (Exception e) {
            LOGGER.error("Error processing U2F registration response.", e);
            new Notification(this.site.localize("message-u2f-device-registration-failed"), Notification.Type.ERROR_MESSAGE).show(Page.getCurrent());
        }
    }

    private void sendAuthenticateRequest(String str) {
        this.authenticateEmailAddress = str;
        try {
            AuthenticateRequestData startAuthentication = this.u2f.startAuthentication(this.appId, U2fService.getDeviceRegistrations(this.site.getSiteContext(), str));
            this.requests.put(startAuthentication.getRequestId(), startAuthentication.toJson());
            callFunction("authenticate", new Object[]{startAuthentication.toJson(), str});
        } catch (Exception e) {
            LOGGER.error("Error sending U2F authentication request.", e);
            new Notification(this.site.localize("message-u2f-authentication-failed"), Notification.Type.ERROR_MESSAGE).show(Page.getCurrent());
        }
    }

    public void onAuthenticateResponse(JsonArray jsonArray) {
        this.registerWindow.close();
        try {
            if (jsonArray.length() == 2 && !(jsonArray.get(1) instanceof JreJsonNull)) {
                double number = jsonArray.getNumber(1);
                LOGGER.error("Error processing U2F authentication due to error code: " + number);
                new Notification(this.site.localize("message-u2f-authentication-failed") + " (" + number + ")", Notification.Type.ERROR_MESSAGE).show(Page.getCurrent());
                this.u2fAuthenticationListener.onDeviceAuthenticationFailure();
                return;
            }
            AuthenticateResponse fromJson = AuthenticateResponse.fromJson(jsonArray.getString(0));
            DeviceRegistration deviceRegistration = null;
            try {
                try {
                    deviceRegistration = this.u2f.finishAuthentication(AuthenticateRequestData.fromJson(this.requests.remove(fromJson.getRequestId())), fromJson, U2fService.getDeviceRegistrations(this.site.getSiteContext(), this.authenticateEmailAddress));
                    U2fService.updateDeviceRegistration(this.site.getSiteContext(), this.authenticateEmailAddress, deviceRegistration);
                } catch (Throwable th) {
                    U2fService.updateDeviceRegistration(this.site.getSiteContext(), this.authenticateEmailAddress, deviceRegistration);
                    throw th;
                }
            } catch (DeviceCompromisedException e) {
                deviceRegistration = e.getDeviceRegistration();
                LOGGER.error("Device compromised.");
                new Notification(this.site.localize("message-u2f-device-compromised"), Notification.Type.ERROR_MESSAGE).show(Page.getCurrent());
                U2fService.updateDeviceRegistration(this.site.getSiteContext(), this.authenticateEmailAddress, deviceRegistration);
            }
            AuditService.log(this.site.getSiteContext(), "u2f authentication success");
            new Notification(this.site.localize("message-u2f-device-authentication success"), Notification.Type.HUMANIZED_MESSAGE).show(Page.getCurrent());
            this.u2fAuthenticationListener.onDeviceAuthenticationSuccess();
        } catch (Exception e2) {
            LOGGER.error("Error processing U2F authenticate response.", e2);
            new Notification(this.site.localize("message-u2f-authentication-failed"), Notification.Type.ERROR_MESSAGE).show(Page.getCurrent());
            this.u2fAuthenticationListener.onDeviceAuthenticationFailure();
        }
    }
}
