package org.apereo.cas.webauthn.web.flow;

import com.yubico.core.RegistrationStorage;
import com.yubico.core.SessionManager;
import com.yubico.webauthn.data.ByteArray;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.DefaultAuthenticationBuilder;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.cas.webauthn.WebAuthnCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/webauthn/web/flow/WebAuthnValidateSessionCredentialTokenAction.class */
public class WebAuthnValidateSessionCredentialTokenAction extends AbstractAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(WebAuthnValidateSessionCredentialTokenAction.class);
    private final RegistrationStorage webAuthnCredentialRepository;
    private final SessionManager sessionManager;
    private final PrincipalFactory principalFactory;

    protected Event doExecute(RequestContext requestContext) {
        String parameter = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext).getParameter("token");
        if (StringUtils.isBlank(parameter)) {
            LOGGER.warn("Missing web authn token from the request");
            return new EventFactorySupport().event(this, "authenticationFailure");
        }
        LOGGER.debug("Received web authn token [{}]", parameter);
        WebAuthnCredential webAuthnCredential = new WebAuthnCredential(parameter);
        WebUtils.putCredential(requestContext, webAuthnCredential);
        Optional session = this.sessionManager.getSession(WebAuthnCredential.from(webAuthnCredential));
        if (session.isEmpty()) {
            LOGGER.warn("Unable to locate existing session from the current token [{}]", parameter);
            return new EventFactorySupport().event(this, "authenticationFailure");
        }
        Optional usernameForUserHandle = this.webAuthnCredentialRepository.getUsernameForUserHandle((ByteArray) session.get());
        if (usernameForUserHandle.isEmpty()) {
            LOGGER.warn("Unable to locate user based on the given user handle");
            return new EventFactorySupport().event(this, "authenticationFailure");
        }
        Authentication build = DefaultAuthenticationBuilder.newInstance().addCredential(webAuthnCredential).setPrincipal(this.principalFactory.createPrincipal((String) usernameForUserHandle.get())).build();
        LOGGER.warn("Finalized authentication attempt based on [{}]", build);
        WebUtils.putAuthentication(build, requestContext);
        return new EventFactorySupport().event(this, "finalize");
    }

    @Generated
    public WebAuthnValidateSessionCredentialTokenAction(RegistrationStorage registrationStorage, SessionManager sessionManager, PrincipalFactory principalFactory) {
        this.webAuthnCredentialRepository = registrationStorage;
        this.sessionManager = sessionManager;
        this.principalFactory = principalFactory;
    }
}
