package org.apereo.cas.webauthn.storage;

import com.yubico.data.CredentialRegistration;
import com.yubico.webauthn.AssertionResult;
import com.yubico.webauthn.RegisteredCredential;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.PublicKeyCredentialDescriptor;
import java.time.Instant;
import java.time.LocalDate;
import java.time.ZoneOffset;
import java.time.temporal.TemporalUnit;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnMultifactorAuthenticationCoreProperties;
import org.apereo.cas.util.DateTimeUtils;
import org.apereo.cas.util.LoggingUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/webauthn/storage/BaseWebAuthnCredentialRepository.class */
public abstract class BaseWebAuthnCredentialRepository implements WebAuthnCredentialRepository {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(BaseWebAuthnCredentialRepository.class);
    private final CasConfigurationProperties properties;
    private final CipherExecutor<String, String> cipherExecutor;

    public boolean addRegistrationByUsername(String str, CredentialRegistration credentialRegistration) {
        Collection registrationsByUsername = getRegistrationsByUsername(str);
        registrationsByUsername.add(credentialRegistration);
        update(str, new HashSet(registrationsByUsername));
        return true;
    }

    public Optional<CredentialRegistration> getRegistrationByUsernameAndCredentialId(String str, ByteArray byteArray) {
        return getRegistrationsByUsername(str).stream().filter(credentialRegistration -> {
            return byteArray.equals(credentialRegistration.getCredential().getCredentialId());
        }).findFirst();
    }

    public Collection<CredentialRegistration> getRegistrationsByUserHandle(ByteArray byteArray) {
        return (Collection) stream().filter(credentialRegistration -> {
            return byteArray.equals(credentialRegistration.getUserIdentity().getId());
        }).collect(Collectors.toList());
    }

    public boolean removeRegistrationByUsername(String str, CredentialRegistration credentialRegistration) {
        Collection registrationsByUsername = getRegistrationsByUsername(str);
        boolean remove = registrationsByUsername.remove(credentialRegistration);
        update(str, new HashSet(registrationsByUsername));
        return remove;
    }

    public boolean removeAllRegistrations(String str) {
        update(str, new HashSet());
        return true;
    }

    public void updateSignatureCount(AssertionResult assertionResult) {
        String username = assertionResult.getUsername();
        CredentialRegistration orElseThrow = getRegistrationByUsernameAndCredentialId(username, assertionResult.getCredentialId()).orElseThrow(() -> {
            return new NoSuchElementException(String.format("Credential \"%s\" is not registered to user \"%s\"", assertionResult.getCredentialId(), username));
        });
        Collection registrationsByUsername = getRegistrationsByUsername(username);
        registrationsByUsername.remove(orElseThrow);
        registrationsByUsername.add(orElseThrow.withSignatureCount(assertionResult.getSignatureCount()));
        update(username, new HashSet(registrationsByUsername));
    }

    public Set<PublicKeyCredentialDescriptor> getCredentialIdsForUsername(String str) {
        return (Set) getRegistrationsByUsername(str).stream().map(credentialRegistration -> {
            return PublicKeyCredentialDescriptor.builder().id(credentialRegistration.getCredential().getCredentialId()).build();
        }).collect(Collectors.toSet());
    }

    public Optional<ByteArray> getUserHandleForUsername(String str) {
        return getRegistrationsByUsername(str).stream().findAny().map(credentialRegistration -> {
            return credentialRegistration.getUserIdentity().getId();
        });
    }

    public Optional<String> getUsernameForUserHandle(ByteArray byteArray) {
        return getRegistrationsByUserHandle(byteArray).stream().findAny().map((v0) -> {
            return v0.getUsername();
        });
    }

    public Optional<RegisteredCredential> lookup(ByteArray byteArray, ByteArray byteArray2) {
        return stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(credentialRegistration -> {
            return byteArray.equals(credentialRegistration.getCredential().getCredentialId());
        }).findAny().flatMap(credentialRegistration2 -> {
            return Optional.of(RegisteredCredential.builder().credentialId(credentialRegistration2.getCredential().getCredentialId()).userHandle(credentialRegistration2.getUserIdentity().getId()).publicKeyCose(credentialRegistration2.getCredential().getPublicKeyCose()).signatureCount(credentialRegistration2.getSignatureCount()).build());
        });
    }

    public Set<RegisteredCredential> lookupAll(ByteArray byteArray) {
        return (Set) stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(credentialRegistration -> {
            return credentialRegistration.getCredential().getCredentialId().equals(byteArray);
        }).map(credentialRegistration2 -> {
            return RegisteredCredential.builder().credentialId(credentialRegistration2.getCredential().getCredentialId()).userHandle(credentialRegistration2.getUserIdentity().getId()).publicKeyCose(credentialRegistration2.getCredential().getPublicKeyCose()).signatureCount(credentialRegistration2.getSignatureCount()).build();
        }).collect(Collectors.toSet());
    }

    @Override // org.apereo.cas.webauthn.storage.WebAuthnRegistrationStorageCleaner
    public void clean() {
        try {
            WebAuthnMultifactorAuthenticationCoreProperties core = this.properties.getAuthn().getMfa().getWebAuthn().getCore();
            LocalDate minus = LocalDate.now(ZoneOffset.UTC).minus(core.getExpireDevices(), (TemporalUnit) DateTimeUtils.toChronoUnit(core.getExpireDevicesTimeUnit()));
            LOGGER.debug("Filtering devices based on device expiration date [{}]", minus);
            Instant instant = minus.atStartOfDay(ZoneOffset.UTC).toInstant();
            List list = (List) stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(credentialRegistration -> {
                return credentialRegistration.getRegistrationTime() != null && credentialRegistration.getRegistrationTime().isBefore(instant);
            }).collect(Collectors.toList());
            if (!list.isEmpty()) {
                LOGGER.debug("There are [{}] expired device(s) remaining in repository. Cleaning...", Integer.valueOf(list.size()));
                list.forEach(credentialRegistration2 -> {
                    removeRegistrationByUsername(credentialRegistration2.getUsername(), credentialRegistration2);
                });
            }
        } catch (Exception e) {
            LoggingUtils.error(LOGGER, e);
        }
    }

    protected abstract void update(String str, Collection<CredentialRegistration> collection);

    @Generated
    public CasConfigurationProperties getProperties() {
        return this.properties;
    }

    @Generated
    public CipherExecutor<String, String> getCipherExecutor() {
        return this.cipherExecutor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Generated
    public BaseWebAuthnCredentialRepository(CasConfigurationProperties casConfigurationProperties, CipherExecutor<String, String> cipherExecutor) {
        this.properties = casConfigurationProperties;
        this.cipherExecutor = cipherExecutor;
    }
}
