package org.apache.syncope.wa.starter.webauthn;

import com.fasterxml.jackson.core.type.TypeReference;
import com.yubico.data.CredentialRegistration;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.wa.WebAuthnAccount;
import org.apache.syncope.common.lib.wa.WebAuthnDeviceCredential;
import org.apache.syncope.common.rest.api.service.wa.WebAuthnRegistrationService;
import org.apache.syncope.wa.bootstrap.WARestClient;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.webauthn.WebAuthnUtils;
import org.apereo.cas.webauthn.storage.BaseWebAuthnCredentialRepository;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.class */
public class WAWebAuthnCredentialRepository extends BaseWebAuthnCredentialRepository {
    private static final Logger LOG = LoggerFactory.getLogger(WAWebAuthnCredentialRepository.class);
    private final WARestClient waRestClient;

    public WAWebAuthnCredentialRepository(CasConfigurationProperties casConfigurationProperties, WARestClient wARestClient) {
        super(casConfigurationProperties, CipherExecutor.noOpOfStringToString());
        this.waRestClient = wARestClient;
    }

    public boolean removeRegistrationByUsername(String str, CredentialRegistration credentialRegistration) {
        getService().delete(str, credentialRegistration.getCredential().getCredentialId().getHex());
        return true;
    }

    public boolean removeAllRegistrations(String str) {
        getService().delete(str);
        return true;
    }

    public Stream<? extends CredentialRegistration> stream() {
        return getService().list().stream().map((v0) -> {
            return v0.getCredentials();
        }).flatMap((v0) -> {
            return v0.stream();
        }).map(Unchecked.function(webAuthnDeviceCredential -> {
            return (CredentialRegistration) WebAuthnUtils.getObjectMapper().readValue((String) getCipherExecutor().decode(webAuthnDeviceCredential.getJson()), new TypeReference<CredentialRegistration>() { // from class: org.apache.syncope.wa.starter.webauthn.WAWebAuthnCredentialRepository.1
            });
        }));
    }

    protected void update(String str, Collection<CredentialRegistration> collection) {
        try {
            List list = (List) collection.stream().map(Unchecked.function(credentialRegistration -> {
                return new WebAuthnDeviceCredential.Builder().json((String) getCipherExecutor().encode(WebAuthnUtils.getObjectMapper().writeValueAsString(credentialRegistration))).identifier(credentialRegistration.getCredential().getCredentialId().getHex()).build();
            })).collect(Collectors.toList());
            WebAuthnAccount read = getService().read(str);
            if (read != null) {
                read.getCredentials().addAll(list);
                getService().update(str, read);
            } else {
                getService().create(str, new WebAuthnAccount.Builder().credentials(list).build());
            }
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
        }
    }

    public Collection<CredentialRegistration> getRegistrationsByUsername(String str) {
        try {
            return (Collection) getService().read(str).getCredentials().stream().map(Unchecked.function(webAuthnDeviceCredential -> {
                return (CredentialRegistration) WebAuthnUtils.getObjectMapper().readValue((String) getCipherExecutor().decode(webAuthnDeviceCredential.getJson()), new TypeReference<CredentialRegistration>() { // from class: org.apache.syncope.wa.starter.webauthn.WAWebAuthnCredentialRepository.2
                });
            })).collect(Collectors.toList());
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            return List.of();
        } catch (SyncopeClientException e2) {
            if (e2.getType() == ClientExceptionType.NotFound) {
                LOG.info("Could not locate account for {}", str);
            } else {
                LOG.error(e2.getMessage(), e2);
            }
            return List.of();
        }
    }

    private WebAuthnRegistrationService getService() {
        if (WARestClient.isReady()) {
            return (WebAuthnRegistrationService) this.waRestClient.getSyncopeClient().getService(WebAuthnRegistrationService.class);
        }
        throw new IllegalStateException("Syncope core is not yet ready");
    }
}
