package org.wso2.carbon.identity.rest.api.user.fido2.v1.impl;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.io.IOException;
import java.net.URLDecoder;
import java.text.MessageFormat;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.wso2.carbon.identity.api.user.fido2.common.Constants;
import org.wso2.carbon.identity.api.user.fido2.common.Util;
import org.wso2.carbon.identity.application.authenticator.fido2.core.WebAuthnService;
import org.wso2.carbon.identity.application.authenticator.fido2.exception.FIDO2AuthenticatorException;
import org.wso2.carbon.identity.application.authenticator.fido2.exception.FIDO2AuthenticatorServerException;
import org.wso2.carbon.identity.application.authenticator.fido2.util.Either;
import org.wso2.carbon.identity.application.authenticator.fido2.util.FIDOUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.rest.api.user.fido2.v1.MeApiService;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.rest.api.user.fido2.v1-1.2.3.jar:org/wso2/carbon/identity/rest/api/user/fido2/v1/impl/MeApiServiceImpl.class */
public class MeApiServiceImpl extends MeApiService {
    private static final Log log = LogFactory.getLog(MeApiServiceImpl.class);

    @Autowired
    private WebAuthnService webAuthnService;

    @Override // org.wso2.carbon.identity.rest.api.user.fido2.v1.MeApiService
    public Response meWebauthnCredentialIdDelete(String str) {
        if (!isValidAuthenticationType()) {
            throw Util.handleError(Response.Status.FORBIDDEN, Constants.ErrorMessages.ERROR_CODE_ACCESS_DENIED_FOR_BASIC_AUTH, new String[0]);
        }
        try {
            this.webAuthnService.deregisterCredential(str);
            return Response.ok().build();
        } catch (IOException e) {
            throw Util.handleError(Response.Status.INTERNAL_SERVER_ERROR, Constants.ErrorMessages.ERROR_CODE_DELETE_CREDENTIALS, str);
        }
    }

    @Override // org.wso2.carbon.identity.rest.api.user.fido2.v1.MeApiService
    public Response meWebauthnFinishRegistrationPost(String str) {
        if (!isValidAuthenticationType()) {
            throw Util.handleError(Response.Status.FORBIDDEN, Constants.ErrorMessages.ERROR_CODE_ACCESS_DENIED_FOR_BASIC_AUTH, new String[0]);
        }
        if (log.isDebugEnabled()) {
            log.debug(MessageFormat.format("Received finish registration response: {0}", str));
        }
        try {
            this.webAuthnService.finishRegistration(str);
            return Response.ok().entity(str).build();
        } catch (FIDO2AuthenticatorException | IOException e) {
            throw Util.handleError(Response.Status.BAD_REQUEST, Constants.ErrorMessages.ERROR_CODE_FINISH_REGISTRATION_BY_USER, str);
        } catch (FIDO2AuthenticatorServerException e2) {
            throw Util.handleError(Response.Status.INTERNAL_SERVER_ERROR, Constants.ErrorMessages.ERROR_CODE_FINISH_REGISTRATION, new String[0]);
        }
    }

    @Override // org.wso2.carbon.identity.rest.api.user.fido2.v1.MeApiService
    public Response meWebauthnGet(String str) {
        if (!isValidAuthenticationType()) {
            throw Util.handleError(Response.Status.FORBIDDEN, Constants.ErrorMessages.ERROR_CODE_ACCESS_DENIED_FOR_BASIC_AUTH, new String[0]);
        }
        if (log.isDebugEnabled()) {
            log.debug(MessageFormat.format("fetching device metadata for the user : {0}", str));
        }
        try {
            if (str.contains("=")) {
                str = URLDecoder.decode(str.split("=")[1], "UTF-8");
            }
            return Response.ok().entity(FIDOUtil.writeJson(this.webAuthnService.getDeviceMetaData(str))).build();
        } catch (IOException e) {
            throw Util.handleError(Response.Status.INTERNAL_SERVER_ERROR, Constants.ErrorMessages.ERROR_CODE_FETCH_CREDENTIALS, str);
        }
    }

    @Override // org.wso2.carbon.identity.rest.api.user.fido2.v1.MeApiService
    public Response meWebauthnStartRegistrationPost(String str) {
        if (!isValidAuthenticationType()) {
            throw Util.handleError(Response.Status.FORBIDDEN, Constants.ErrorMessages.ERROR_CODE_ACCESS_DENIED_FOR_BASIC_AUTH, new String[0]);
        }
        try {
            Either startRegistration = this.webAuthnService.startRegistration(str);
            if (startRegistration.isRight()) {
                return Response.ok().entity(FIDOUtil.writeJson(startRegistration.right().get())).build();
            }
            throw Util.handleError(Response.Status.INTERNAL_SERVER_ERROR, Constants.ErrorMessages.ERROR_CODE_START_REGISTRATION, str);
        } catch (FIDO2AuthenticatorException | JsonProcessingException e) {
            throw Util.handleError(Response.Status.INTERNAL_SERVER_ERROR, Constants.ErrorMessages.ERROR_CODE_START_REGISTRATION, str);
        }
    }

    private boolean isValidAuthenticationType() {
        if (!Boolean.parseBoolean((String) ((Map) IdentityUtil.threadLocalProperties.get()).get("AuthenticatedWithBasicAuth"))) {
            return true;
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("Not a valid authentication method. This method is blocked for the requests with basic authentication.");
        return false;
    }
}
