package org.apereo.cas.webauthn.web;

import com.fasterxml.jackson.core.type.TypeReference;
import com.yubico.data.CredentialRegistration;
import com.yubico.webauthn.data.ByteArray;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import lombok.Generated;
import org.apache.commons.io.IOUtils;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.util.CompressionUtils;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.web.BaseCasActuatorEndpoint;
import org.apereo.cas.webauthn.WebAuthnUtils;
import org.apereo.cas.webauthn.storage.WebAuthnCredentialRepository;
import org.jooq.lambda.Unchecked;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.actuate.endpoint.web.annotation.RestControllerEndpoint;
import org.springframework.core.io.Resource;
import org.springframework.core.io.WritableResource;
import org.springframework.http.ContentDisposition;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@RestControllerEndpoint(id = "webAuthnDevices", enableByDefault = false)
/* loaded from: input_file:org/apereo/cas/webauthn/web/WebAuthnRegisteredDevicesEndpoint.class */
public class WebAuthnRegisteredDevicesEndpoint extends BaseCasActuatorEndpoint {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(WebAuthnRegisteredDevicesEndpoint.class);
    private final WebAuthnCredentialRepository registrationStorage;

    public WebAuthnRegisteredDevicesEndpoint(CasConfigurationProperties casConfigurationProperties, WebAuthnCredentialRepository webAuthnCredentialRepository) {
        super(casConfigurationProperties);
        this.registrationStorage = webAuthnCredentialRepository;
    }

    @GetMapping(path = {"{username}"}, produces = {"application/json"})
    @Operation(summary = "Fetch registered devices for username", parameters = {@Parameter(name = "username", required = true)})
    public Collection<? extends CredentialRegistration> fetch(@PathVariable String str) {
        return this.registrationStorage.getRegistrationsByUsername(str);
    }

    @PostMapping(path = {"{username}"}, produces = {"application/json"})
    @Operation(summary = "Add device registration for username", parameters = {@Parameter(name = "username", required = true), @Parameter(name = "record", required = true)})
    public boolean write(@PathVariable String str, @RequestParam String str2) throws Exception {
        return this.registrationStorage.addRegistrationByUsername(str, (CredentialRegistration) WebAuthnUtils.getObjectMapper().readValue(EncodingUtils.decodeBase64ToString(str2), CredentialRegistration.class));
    }

    @DeleteMapping(path = {"{username}"}, produces = {"application/json"})
    @Operation(summary = "Remove device registrations for username", parameters = {@Parameter(name = "username", required = true)})
    public void delete(@PathVariable String str) {
        this.registrationStorage.removeAllRegistrations(str);
    }

    @DeleteMapping(path = {"{username}/{credentialId}"}, produces = {"application/json"})
    @Operation(summary = "Remove device registration for username and credential id", parameters = {@Parameter(name = "username", required = true), @Parameter(name = "credentialId", required = true)})
    public void delete(@PathVariable String str, @PathVariable String str2) throws Exception {
        this.registrationStorage.getRegistrationByUsernameAndCredentialId(str, ByteArray.fromBase64Url(str2)).ifPresent(credentialRegistration -> {
            this.registrationStorage.removeRegistrationByUsername(str, credentialRegistration);
        });
    }

    @GetMapping(path = {"/export"}, produces = {"application/octet-stream"})
    @Operation(summary = "Export device registrations as a zip file")
    @ResponseBody
    public ResponseEntity<Resource> export() {
        WritableResource zipFile = CompressionUtils.toZipFile(this.registrationStorage.stream(), Unchecked.function(obj -> {
            CredentialRegistration credentialRegistration = (CredentialRegistration) CredentialRegistration.class.cast(obj);
            File createTempFile = File.createTempFile(String.format("%s-%s", credentialRegistration.getUsername(), credentialRegistration.getCredential().getCredentialId().getBase64Url()), ".json");
            WebAuthnUtils.getObjectMapper().writeValue(createTempFile, credentialRegistration);
            return createTempFile;
        }), "webauthnbaccts");
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentDisposition(ContentDisposition.attachment().filename((String) Objects.requireNonNull(zipFile.getFilename())).build());
        return new ResponseEntity<>(zipFile, httpHeaders, HttpStatus.OK);
    }

    @PostMapping(path = {"/import"}, consumes = {"application/json"})
    @Operation(summary = "Import a device registration as a JSON document")
    public HttpStatus importAccount(HttpServletRequest httpServletRequest) throws Exception {
        String iOUtils = IOUtils.toString(httpServletRequest.getInputStream(), StandardCharsets.UTF_8);
        LOGGER.trace("Submitted account: [{}]", iOUtils);
        CredentialRegistration credentialRegistration = (CredentialRegistration) WebAuthnUtils.getObjectMapper().readValue(iOUtils, new TypeReference<CredentialRegistration>() { // from class: org.apereo.cas.webauthn.web.WebAuthnRegisteredDevicesEndpoint.1
        });
        LOGGER.trace("Storing account: [{}]", credentialRegistration);
        this.registrationStorage.addRegistrationByUsername(credentialRegistration.getUsername(), credentialRegistration);
        return HttpStatus.CREATED;
    }
}
