package org.bubblecloud.ilves.security;

import com.yubico.u2f.data.DeviceRegistration;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.persistence.EntityManager;
import org.bubblecloud.ilves.model.AuthenticationDevice;
import org.bubblecloud.ilves.model.AuthenticationDeviceType;
import org.bubblecloud.ilves.model.Company;
import org.bubblecloud.ilves.model.User;
import org.bubblecloud.ilves.site.SiteContext;

/* loaded from: input_file:org/bubblecloud/ilves/security/U2fService.class */
public class U2fService {
    public static boolean hasDeviceRegistrations(SiteContext siteContext, String str) {
        Company company = (Company) siteContext.getObject(Company.class);
        EntityManager entityManager = siteContext.getEntityManager();
        Iterator it = AuthenticationDeviceDao.getAuthenticationDevices(entityManager, UserDao.getUser(entityManager, company, str)).iterator();
        while (it.hasNext()) {
            if (((AuthenticationDevice) it.next()).getType() == AuthenticationDeviceType.UNIVERSAL_SECOND_FACTOR) {
                return true;
            }
        }
        return false;
    }

    public static Iterable<DeviceRegistration> getDeviceRegistrations(SiteContext siteContext, String str) {
        Company company = (Company) siteContext.getObject(Company.class);
        EntityManager entityManager = siteContext.getEntityManager();
        List<AuthenticationDevice> authenticationDevices = AuthenticationDeviceDao.getAuthenticationDevices(entityManager, UserDao.getUser(entityManager, company, str));
        ArrayList arrayList = new ArrayList();
        for (AuthenticationDevice authenticationDevice : authenticationDevices) {
            if (authenticationDevice.getType() == AuthenticationDeviceType.UNIVERSAL_SECOND_FACTOR) {
                arrayList.add(DeviceRegistration.fromJson(SecurityUtil.decryptSecretKey(authenticationDevice.getEncryptedSecret())));
            }
        }
        return arrayList;
    }

    public static void addDeviceRegistration(SiteContext siteContext, String str, DeviceRegistration deviceRegistration) {
        String str2;
        Company company = (Company) siteContext.getObject(Company.class);
        EntityManager entityManager = siteContext.getEntityManager();
        User user = UserDao.getUser(entityManager, company, str);
        String encryptSecretKey = SecurityUtil.encryptSecretKey(deviceRegistration.toJson());
        AuthenticationDevice authenticationDevice = new AuthenticationDevice();
        authenticationDevice.setKey(deviceRegistration.getKeyHandle());
        try {
            str2 = deviceRegistration.getAttestationCertificate().getSubjectDN().toString();
            if (str2.startsWith("CN=")) {
                str2 = str2.substring(3);
            }
        } catch (Exception e) {
            str2 = "u2f device";
        }
        authenticationDevice.setName(str2);
        authenticationDevice.setType(AuthenticationDeviceType.UNIVERSAL_SECOND_FACTOR);
        authenticationDevice.setUser(user);
        authenticationDevice.setEncryptedSecret(encryptSecretKey);
        AuthenticationDeviceDao.addAuthenticationDevice(entityManager, authenticationDevice);
    }

    public static void updateDeviceRegistration(SiteContext siteContext, String str, DeviceRegistration deviceRegistration) {
        Company company = (Company) siteContext.getObject(Company.class);
        EntityManager entityManager = siteContext.getEntityManager();
        User user = UserDao.getUser(entityManager, company, str);
        String encryptSecretKey = SecurityUtil.encryptSecretKey(deviceRegistration.toJson());
        AuthenticationDevice authenticationDeviceByKey = AuthenticationDeviceDao.getAuthenticationDeviceByKey(entityManager, deviceRegistration.getKeyHandle());
        if (!user.getUserId().equals(authenticationDeviceByKey.getUser().getUserId())) {
            throw new SecurityException("Authentication device user mismatch.");
        }
        authenticationDeviceByKey.setEncryptedSecret(encryptSecretKey);
        AuthenticationDeviceDao.updateAuthenticationDevice(entityManager, authenticationDeviceByKey);
    }

    public static void removeDeviceRegistrations(SiteContext siteContext, String str) {
        Company company = (Company) siteContext.getObject(Company.class);
        EntityManager entityManager = siteContext.getEntityManager();
        for (AuthenticationDevice authenticationDevice : AuthenticationDeviceDao.getAuthenticationDevices(entityManager, UserDao.getUser(entityManager, company, str))) {
            if (authenticationDevice.getType() == AuthenticationDeviceType.UNIVERSAL_SECOND_FACTOR) {
                AuthenticationDeviceDao.removeAuthenticationDevice(siteContext.getEntityManager(), authenticationDevice);
            }
        }
    }
}
