package otoroshi.controllers;

import akka.http.scaladsl.model.Uri$;
import akka.http.scaladsl.util.FastFuture$;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.yubico.webauthn.AssertionRequest;
import com.yubico.webauthn.AssertionResult;
import com.yubico.webauthn.FinishAssertionOptions;
import com.yubico.webauthn.FinishRegistrationOptions;
import com.yubico.webauthn.RegistrationResult;
import com.yubico.webauthn.RelyingParty;
import com.yubico.webauthn.StartAssertionOptions;
import com.yubico.webauthn.StartRegistrationOptions;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions;
import com.yubico.webauthn.data.RelyingPartyIdentity;
import com.yubico.webauthn.data.UserIdentity;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.joda.time.DateTime;
import org.mindrot.jbcrypt.BCrypt;
import otoroshi.actions.BackOfficeAction;
import otoroshi.actions.BackOfficeActionAuth;
import otoroshi.actions.BackOfficeActionContext;
import otoroshi.env.Env;
import otoroshi.events.AdminFirstLogin;
import otoroshi.events.AdminFirstLogin$;
import otoroshi.events.AdminLoggedInAlert;
import otoroshi.events.AdminLoggedInAlert$;
import otoroshi.events.Alerts$;
import otoroshi.models.BackOfficeUser;
import otoroshi.models.BackOfficeUser$;
import otoroshi.models.EntityLocation;
import otoroshi.models.OtoroshiAdminType$WebAuthnAdmin$;
import otoroshi.models.RightsChecker$SuperAdminOnly$;
import otoroshi.models.RightsChecker$TenantAdminOnly$;
import otoroshi.models.SimpleOtoroshiAdmin;
import otoroshi.models.TeamAccess$;
import otoroshi.models.TeamId$;
import otoroshi.models.TenantAccess$;
import otoroshi.models.UserRight;
import otoroshi.models.UserRights;
import otoroshi.models.WebAuthnOtoroshiAdmin;
import otoroshi.models.WebAuthnOtoroshiAdmin$;
import otoroshi.security.IdGenerator$;
import otoroshi.utils.syntax.implicits$;
import otoroshi.utils.syntax.implicits$BetterSyntax$;
import otoroshi.views.html.backoffice.u2flogin$;
import play.api.Logger;
import play.api.Logger$;
import play.api.MarkerContext$;
import play.api.http.ContentTypeOf$;
import play.api.http.Writeable$;
import play.api.libs.json.JsLookup$;
import play.api.libs.json.JsLookupResult$;
import play.api.libs.json.JsObject;
import play.api.libs.json.JsValue;
import play.api.libs.json.JsValue$;
import play.api.libs.json.Json$;
import play.api.libs.json.Reads$;
import play.api.libs.json.Writes$;
import play.api.mvc.AbstractController;
import play.api.mvc.Action;
import play.api.mvc.AnyContent;
import play.api.mvc.Codec$;
import play.api.mvc.ControllerComponents;
import play.api.mvc.Request;
import play.api.mvc.Result;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.Tuple2;
import scala.collection.JavaConverters$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.mutable.ArrayOps;
import scala.concurrent.ExecutionContext;
import scala.concurrent.Future;
import scala.concurrent.duration.Duration$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try;
import scala.util.Try$;

/* compiled from: U2FController.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005\u0015c\u0001\u0002\f\u0018\u0001qA\u0001b\n\u0001\u0003\u0002\u0003\u0006I\u0001\u000b\u0005\t]\u0001\u0011\t\u0011)A\u0005_!I!\u0007\u0001B\u0001B\u0003%1G\u000e\u0005\tq\u0001\u0011\t\u0011)A\u0006s!)a\b\u0001C\u0001\u007f!Aq\t\u0001EC\u0002\u0013\r\u0001\n\u0003\u0005R\u0001!\u0015\r\u0011\"\u0001S\u0011\u001d9\u0006A1A\u0005\naCaa\u001b\u0001!\u0002\u0013I\u0006b\u00027\u0001\u0005\u0004%I!\u001c\u0005\u0007c\u0002\u0001\u000b\u0011\u00028\t\u000fI\u0004!\u0019!C\u0005g\"1!\u0010\u0001Q\u0001\nQDqa\u001f\u0001C\u0002\u0013%A\u0010C\u0004\u0002\u0014\u0001\u0001\u000b\u0011B?\t\u000f\u0005U\u0001\u0001\"\u0001\u0002\u0018!9\u0011Q\u0005\u0001\u0005\u0002\u0005\u001d\u0002bBA\u001e\u0001\u0011\u0005\u0011Q\b\u0005\b\u0003\u007f\u0001A\u0011AA\u001f\u0011\u001d\t\t\u0005\u0001C\u0001\u0003{Aq!a\u0011\u0001\t\u0003\tiDA\u0007Ve\u0019\u001buN\u001c;s_2dWM\u001d\u0006\u00031e\t1bY8oiJ|G\u000e\\3sg*\t!$\u0001\u0005pi>\u0014xn\u001d5j\u0007\u0001\u0019\"\u0001A\u000f\u0011\u0005y)S\"A\u0010\u000b\u0005\u0001\n\u0013aA7wG*\u0011!eI\u0001\u0004CBL'\"\u0001\u0013\u0002\tAd\u0017-_\u0005\u0003M}\u0011!#\u00112tiJ\f7\r^\"p]R\u0014x\u000e\u001c7fe\u0006\u0001\")Y2l\u001f\u001a4\u0017nY3BGRLwN\u001c\t\u0003S1j\u0011A\u000b\u0006\u0003We\tq!Y2uS>t7/\u0003\u0002.U\t\u0001\")Y2l\u001f\u001a4\u0017nY3BGRLwN\\\u0001\u0015\u0005\u0006\u001c7n\u00144gS\u000e,\u0017i\u0019;j_:\fU\u000f\u001e5\u0011\u0005%\u0002\u0014BA\u0019+\u0005Q\u0011\u0015mY6PM\u001aL7-Z!di&|g.Q;uQ\u0006\u00111m\u0019\t\u0003=QJ!!N\u0010\u0003)\r{g\u000e\u001e:pY2,'oQ8na>tWM\u001c;t\u0013\t9T%\u0001\u000bd_:$(o\u001c7mKJ\u001cu.\u001c9p]\u0016tGo]\u0001\u0004K:4\bC\u0001\u001e=\u001b\u0005Y$B\u0001\u001d\u001a\u0013\ti4HA\u0002F]Z\fa\u0001P5oSRtD\u0003\u0002!E\u000b\u001a#\"!Q\"\u0011\u0005\t\u0003Q\"A\f\t\u000ba*\u00019A\u001d\t\u000b\u001d*\u0001\u0019\u0001\u0015\t\u000b9*\u0001\u0019A\u0018\t\u000bI*\u0001\u0019A\u001a\u0002\u0005\u0015\u001cW#A%\u0011\u0005){U\"A&\u000b\u00051k\u0015AC2p]\u000e,(O]3oi*\ta*A\u0003tG\u0006d\u0017-\u0003\u0002Q\u0017\n\u0001R\t_3dkRLwN\\\"p]R,\u0007\u0010^\u0001\u0007Y><w-\u001a:\u0016\u0003M\u0003\"\u0001V+\u000e\u0003\u0005J!AV\u0011\u0003\r1{wmZ3s\u00035\u0011\u0017m]37i\u0015s7m\u001c3feV\t\u0011\f\u0005\u0002[Q:\u00111,\u001a\b\u00039\nt!!\u00181\u000e\u0003yS!aX\u000e\u0002\rq\u0012xn\u001c;?\u0013\u0005\t\u0017\u0001\u00026bm\u0006L!a\u00193\u0002\tU$\u0018\u000e\u001c\u0006\u0002C&\u0011amZ\u0001\u0007\u0005\u0006\u001cXM\u000e\u001b\u000b\u0005\r$\u0017BA5k\u0005\u001d)enY8eKJT!AZ4\u0002\u001d\t\f7/\u001a\u001c5\u000b:\u001cw\u000eZ3sA\u0005i!-Y:fmQ\"UmY8eKJ,\u0012A\u001c\t\u00035>L!\u0001\u001d6\u0003\u000f\u0011+7m\u001c3fe\u0006q!-Y:fmQ\"UmY8eKJ\u0004\u0013A\u0002:b]\u0012|W.F\u0001u!\t)\b0D\u0001w\u0015\t9H-\u0001\u0005tK\u000e,(/\u001b;z\u0013\tIhO\u0001\u0007TK\u000e,(/\u001a*b]\u0012|W.A\u0004sC:$w.\u001c\u0011\u0002\u0015)\u001cxN\\'baB,'/F\u0001~!\rq\u0018qB\u0007\u0002\u007f*!\u0011\u0011AA\u0002\u0003!!\u0017\r^1cS:$'\u0002BA\u0003\u0003\u000f\tqA[1dWN|gN\u0003\u0003\u0002\n\u0005-\u0011!\u00034bgR,'\u000f_7m\u0015\t\ti!A\u0002d_6L1!!\u0005��\u00051y%M[3di6\u000b\u0007\u000f]3s\u0003-Q7o\u001c8NCB\u0004XM\u001d\u0011\u0002\u00131|w-\u001b8QC\u001e,GCAA\r!\u0015q\u00121DA\u0010\u0013\r\tib\b\u0002\u0007\u0003\u000e$\u0018n\u001c8\u0011\u0007y\t\t#C\u0002\u0002$}\u0011!\"\u00118z\u0007>tG/\u001a8u\u0003-\u0019\u0018.\u001c9mK2{w-\u001b8\u0016\u0005\u0005%\u0002#\u0002\u0010\u0002\u001c\u0005-\u0002\u0003BA\u0017\u0003oi!!a\f\u000b\t\u0005E\u00121G\u0001\u0005UN|gNC\u0002\u00026\u0005\nA\u0001\\5cg&!\u0011\u0011HA\u0018\u0005\u001dQ5OV1mk\u0016\f\u0011d^3c\u0003V$\bN\u001c*fO&\u001cHO]1uS>t7\u000b^1siR\u0011\u0011\u0011F\u0001\u001bo\u0016\u0014\u0017)\u001e;i]J+w-[:ue\u0006$\u0018n\u001c8GS:L7\u000f[\u0001\u0013o\u0016\u0014\u0017)\u001e;i]2{w-\u001b8Ti\u0006\u0014H/A\nxK\n\fU\u000f\u001e5o\u0019><\u0017N\u001c$j]&\u001c\b\u000e")
/* loaded from: input_file:otoroshi/controllers/U2FController.class */
public class U2FController extends AbstractController {
    private ExecutionContext ec;
    private Logger logger;
    private final BackOfficeAction BackOfficeAction;
    private final BackOfficeActionAuth BackOfficeActionAuth;
    private final Env env;
    private final Base64.Encoder base64Encoder;
    private final Base64.Decoder base64Decoder;
    private final SecureRandom random;
    private final ObjectMapper jsonMapper;
    private volatile byte bitmap$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [otoroshi.controllers.U2FController] */
    private ExecutionContext ec$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.ec = this.env.otoroshiExecutionContext();
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
        }
        return this.ec;
    }

    public ExecutionContext ec() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? ec$lzycompute() : this.ec;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v10, types: [otoroshi.controllers.U2FController] */
    private Logger logger$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                this.logger = Logger$.MODULE$.apply("otoroshi-u2f-controller");
                r0 = this;
                r0.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
        }
        return this.logger;
    }

    public Logger logger() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? logger$lzycompute() : this.logger;
    }

    private Base64.Encoder base64Encoder() {
        return this.base64Encoder;
    }

    private Base64.Decoder base64Decoder() {
        return this.base64Decoder;
    }

    private SecureRandom random() {
        return this.random;
    }

    private ObjectMapper jsonMapper() {
        return this.jsonMapper;
    }

    public Action<AnyContent> loginPage() {
        return this.BackOfficeAction.apply(backOfficeActionContext -> {
            return this.Ok().apply(u2flogin$.MODULE$.apply(this.env), Writeable$.MODULE$.writeableOf_Content(Codec$.MODULE$.utf_8(), ContentTypeOf$.MODULE$.contentTypeOf_Html(Codec$.MODULE$.utf_8())));
        });
    }

    public Action<JsValue> simpleLogin() {
        return this.BackOfficeAction.async(parse().json(), backOfficeActionContext -> {
            Request request = backOfficeActionContext.request();
            Tuple2 tuple2 = new Tuple2(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContext.request().body()), "username").asOpt(Reads$.MODULE$.StringReads()), JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContext.request().body()), "password").asOpt(Reads$.MODULE$.StringReads()));
            if (tuple2 != null) {
                Some some = (Option) tuple2._1();
                Some some2 = (Option) tuple2._2();
                if (some instanceof Some) {
                    String str = (String) some.value();
                    if (some2 instanceof Some) {
                        String str2 = (String) some2.value();
                        return this.env.datastores().simpleAdminDataStore().findByUsername(str, this.ec(), this.env).flatMap(option -> {
                            if (!(option instanceof Some)) {
                                if (None$.MODULE$.equals(option)) {
                                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("not authorized", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                                }
                                throw new MatchError(option);
                            }
                            SimpleOtoroshiAdmin simpleOtoroshiAdmin = (SimpleOtoroshiAdmin) ((Some) option).value();
                            String password = simpleOtoroshiAdmin.password();
                            String label = simpleOtoroshiAdmin.label();
                            if (!BCrypt.checkpw(str2, password)) {
                                return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("not authorized", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                            }
                            if (this.logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                                this.logger().debug(() -> {
                                    return new StringBuilder(36).append("Login successful for simple admin '").append(str).append("'").toString();
                                }, MarkerContext$.MODULE$.NoMarker());
                            }
                            return new BackOfficeUser(IdGenerator$.MODULE$.token(64), str, str, Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("name"), Json$.MODULE$.toJsFieldJsValueWrapper(label, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("email"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), Json$.MODULE$.obj(Nil$.MODULE$), "none", true, BackOfficeUser$.MODULE$.apply$default$8(), BackOfficeUser$.MODULE$.apply$default$9(), BackOfficeUser$.MODULE$.apply$default$10(), Nil$.MODULE$, Predef$.MODULE$.Map().empty(), simpleOtoroshiAdmin.rights(), simpleOtoroshiAdmin.location()).save(Duration$.MODULE$.apply(this.env.backOfficeSessionExp(), TimeUnit.MILLISECONDS), this.ec(), this.env).map(backOfficeUser -> {
                                this.env.datastores().simpleAdminDataStore().hasAlreadyLoggedIn(str, this.ec(), this.env).map(obj -> {
                                    $anonfun$simpleLogin$5(this, str, backOfficeUser, backOfficeActionContext, BoxesRunTime.unboxToBoolean(obj));
                                    return BoxedUnit.UNIT;
                                }, this.ec());
                                return this.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()).addingToSession(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("bousr"), backOfficeUser.randomId())}), request);
                            }, this.ec());
                        }, this.ec());
                    }
                }
            }
            return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("not authorized", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
        });
    }

    public Action<JsValue> webAuthnRegistrationStart() {
        return this.BackOfficeActionAuth.async(parse().json(), backOfficeActionContextAuth -> {
            String mkString;
            RightsChecker$TenantAdminOnly$ rightsChecker$TenantAdminOnly$ = RightsChecker$TenantAdminOnly$.MODULE$;
            String str = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContextAuth.request().body()), "username").as(Reads$.MODULE$.StringReads());
            String str2 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContextAuth.request().body()), "label").as(Reads$.MODULE$.StringReads());
            String str3 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContextAuth.request().body()), "origin").as(Reads$.MODULE$.StringReads());
            $colon.colon reverse = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(Uri$.MODULE$.apply(str3).authority().host().address().split("\\."))).toList().reverse();
            if (reverse instanceof $colon.colon) {
                $colon.colon colonVar = reverse;
                String str4 = (String) colonVar.head();
                $colon.colon tl$access$1 = colonVar.tl$access$1();
                if (tl$access$1 instanceof $colon.colon) {
                    mkString = new StringBuilder(1).append((String) tl$access$1.head()).append(".").append(str4).toString();
                    String str5 = mkString;
                    return backOfficeActionContextAuth.checkRights(rightsChecker$TenantAdminOnly$, this.env.datastores().webAuthnAdminDataStore().findAll(this.ec(), this.env).flatMap(seq -> {
                        RelyingParty build = RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(str5).name("Otoroshi").build()).credentialRepository(new LocalCredentialRepository(seq, this.jsonMapper(), this.base64Decoder())).origins((Set) JavaConverters$.MODULE$.setAsJavaSetConverter(new $colon.colon(str3, new $colon.colon(str5, Nil$.MODULE$)).toSet()).asJava()).build();
                        byte[] bArr = new byte[64];
                        this.random().nextBytes(bArr);
                        String str6 = IdGenerator$.MODULE$.token(32);
                        JsValue obj = Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("requestId"), Json$.MODULE$.toJsFieldJsValueWrapper(str6, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("request"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.parse(this.jsonMapper().writeValueAsString(build.startRegistration(StartRegistrationOptions.builder().user(UserIdentity.builder().name(str).displayName(str2).id(new ByteArray(bArr)).build()).build()))), Writes$.MODULE$.jsValueWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper(str2, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("handle"), Json$.MODULE$.toJsFieldJsValueWrapper(this.base64Encoder().encodeToString(bArr), Writes$.MODULE$.StringWrites()))}));
                        return this.env.datastores().webAuthnRegistrationsDataStore().setRegistrationRequest(str6, obj, this.ec(), this.env).map(boxedUnit -> {
                            return this.Ok().apply(obj, Writeable$.MODULE$.writeableOf_JsValue());
                        }, this.ec());
                    }, this.ec()), this.ec(), this.env);
                }
            }
            mkString = reverse.mkString(".");
            String str52 = mkString;
            return backOfficeActionContextAuth.checkRights(rightsChecker$TenantAdminOnly$, this.env.datastores().webAuthnAdminDataStore().findAll(this.ec(), this.env).flatMap(seq2 -> {
                RelyingParty build = RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(str52).name("Otoroshi").build()).credentialRepository(new LocalCredentialRepository(seq2, this.jsonMapper(), this.base64Decoder())).origins((Set) JavaConverters$.MODULE$.setAsJavaSetConverter(new $colon.colon(str3, new $colon.colon(str52, Nil$.MODULE$)).toSet()).asJava()).build();
                byte[] bArr = new byte[64];
                this.random().nextBytes(bArr);
                String str6 = IdGenerator$.MODULE$.token(32);
                JsObject obj = Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("requestId"), Json$.MODULE$.toJsFieldJsValueWrapper(str6, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("request"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.parse(this.jsonMapper().writeValueAsString(build.startRegistration(StartRegistrationOptions.builder().user(UserIdentity.builder().name(str).displayName(str2).id(new ByteArray(bArr)).build()).build()))), Writes$.MODULE$.jsValueWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper(str2, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("handle"), Json$.MODULE$.toJsFieldJsValueWrapper(this.base64Encoder().encodeToString(bArr), Writes$.MODULE$.StringWrites()))}));
                return this.env.datastores().webAuthnRegistrationsDataStore().setRegistrationRequest(str6, obj, this.ec(), this.env).map(boxedUnit -> {
                    return this.Ok().apply(obj, Writeable$.MODULE$.writeableOf_JsValue());
                }, this.ec());
            }, this.ec()), this.ec(), this.env);
        });
    }

    public Action<JsValue> webAuthnRegistrationFinish() {
        return this.BackOfficeActionAuth.async(parse().json(), backOfficeActionContextAuth -> {
            String mkString;
            RightsChecker$SuperAdminOnly$ rightsChecker$SuperAdminOnly$ = RightsChecker$SuperAdminOnly$.MODULE$;
            JsValue jsValue = (JsValue) backOfficeActionContextAuth.request().body();
            String stringify = Json$.MODULE$.stringify((JsValue) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "webauthn").as(Reads$.MODULE$.JsValueReads()));
            JsObject jsObject = (JsObject) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "otoroshi").as(Reads$.MODULE$.JsObjectReads());
            String str = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "origin").as(Reads$.MODULE$.StringReads());
            String str2 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "requestId").as(Reads$.MODULE$.StringReads());
            String str3 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "handle").as(Reads$.MODULE$.StringReads());
            $colon.colon reverse = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(Uri$.MODULE$.apply(str).authority().host().address().split("\\."))).toList().reverse();
            if (reverse instanceof $colon.colon) {
                $colon.colon colonVar = reverse;
                String str4 = (String) colonVar.head();
                $colon.colon tl$access$1 = colonVar.tl$access$1();
                if (tl$access$1 instanceof $colon.colon) {
                    mkString = new StringBuilder(1).append((String) tl$access$1.head()).append(".").append(str4).toString();
                    String str5 = mkString;
                    return backOfficeActionContextAuth.checkRights(rightsChecker$SuperAdminOnly$, this.env.datastores().webAuthnAdminDataStore().findAll(this.ec(), this.env).flatMap(seq -> {
                        return this.env.datastores().webAuthnRegistrationsDataStore().getRegistrationRequest(str2, this.ec(), this.env).flatMap(option -> {
                            if (None$.MODULE$.equals(option)) {
                                return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                            }
                            if (!(option instanceof Some)) {
                                throw new MatchError(option);
                            }
                            JsValue jsValue2 = (JsValue) ((Some) option).value();
                            Failure apply = Try$.MODULE$.apply(() -> {
                                PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions = (PublicKeyCredentialCreationOptions) this.jsonMapper().readValue(Json$.MODULE$.stringify((JsValue) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), "request").as(Reads$.MODULE$.JsValueReads())), PublicKeyCredentialCreationOptions.class);
                                return RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(str5).name("Otoroshi").build()).credentialRepository(new LocalCredentialRepository(seq, this.jsonMapper(), this.base64Decoder())).origins((Set) JavaConverters$.MODULE$.setAsJavaSetConverter(new $colon.colon(str, new $colon.colon(str5, Nil$.MODULE$)).toSet()).asJava()).build().finishRegistration(FinishRegistrationOptions.builder().request(publicKeyCredentialCreationOptions).response(PublicKeyCredential.parseRegistrationResponseJson(stringify)).build());
                            });
                            if (apply instanceof Failure) {
                                apply.exception().printStackTrace();
                                return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request 111", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                            }
                            if (!(apply instanceof Success)) {
                                throw new MatchError(apply);
                            }
                            RegistrationResult registrationResult = (RegistrationResult) ((Success) apply).value();
                            String str6 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "username").as(Reads$.MODULE$.StringReads());
                            String str7 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "password").as(Reads$.MODULE$.StringReads());
                            String str8 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "label").as(Reads$.MODULE$.StringReads());
                            UserRights userRights = new UserRights(new $colon.colon(new UserRight(TenantAccess$.MODULE$.apply(backOfficeActionContextAuth.currentTenant().value()), new $colon.colon(TeamAccess$.MODULE$.apply("*"), Nil$.MODULE$)), Nil$.MODULE$));
                            String hashpw = BCrypt.hashpw(str7, BCrypt.gensalt());
                            JsValue parse = Json$.MODULE$.parse(this.jsonMapper().writeValueAsString(registrationResult));
                            return this.env.datastores().webAuthnAdminDataStore().findByUsername(str6, this.ec(), this.env).flatMap(option -> {
                                boolean z = false;
                                if (None$.MODULE$.equals(option)) {
                                    return this.env.datastores().webAuthnAdminDataStore().registerUser(new WebAuthnOtoroshiAdmin(str6, hashpw, str8, str3, Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(JsLookup$.MODULE$.$bslash$extension1(JsLookupResult$.MODULE$.jsLookupResultToJsLookup(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(parse), "keyId")), "id").as(Reads$.MODULE$.StringReads())), parse)})), DateTime.now(), OtoroshiAdminType$WebAuthnAdmin$.MODULE$, WebAuthnOtoroshiAdmin$.MODULE$.apply$default$8(), Predef$.MODULE$.Map().empty(), userRights, new EntityLocation(backOfficeActionContextAuth.currentTenant(), new $colon.colon(TeamId$.MODULE$.all(), Nil$.MODULE$))), this.ec(), this.env).map(obj -> {
                                        return $anonfun$webAuthnRegistrationFinish$6(this, str6, BoxesRunTime.unboxToBoolean(obj));
                                    }, this.ec());
                                }
                                if (option instanceof Some) {
                                    z = true;
                                    WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin = (WebAuthnOtoroshiAdmin) ((Some) option).value();
                                    if (BCrypt.checkpw(str7, webAuthnOtoroshiAdmin.password())) {
                                        return this.env.datastores().webAuthnAdminDataStore().registerUser(webAuthnOtoroshiAdmin.copy(webAuthnOtoroshiAdmin.copy$default$1(), webAuthnOtoroshiAdmin.copy$default$2(), webAuthnOtoroshiAdmin.copy$default$3(), webAuthnOtoroshiAdmin.copy$default$4(), webAuthnOtoroshiAdmin.credentials().$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(JsLookup$.MODULE$.$bslash$extension1(JsLookupResult$.MODULE$.jsLookupResultToJsLookup(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(parse), "keyId")), "id").as(Reads$.MODULE$.StringReads())), parse)), webAuthnOtoroshiAdmin.copy$default$6(), webAuthnOtoroshiAdmin.copy$default$7(), webAuthnOtoroshiAdmin.copy$default$8(), webAuthnOtoroshiAdmin.copy$default$9(), webAuthnOtoroshiAdmin.copy$default$10(), webAuthnOtoroshiAdmin.copy$default$11()), this.ec(), this.env).map(obj2 -> {
                                            return $anonfun$webAuthnRegistrationFinish$7(this, str6, BoxesRunTime.unboxToBoolean(obj2));
                                        }, this.ec());
                                    }
                                }
                                if (z) {
                                    return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad credentials", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                                }
                                throw new MatchError(option);
                            }, this.ec());
                        }, this.ec());
                    }, this.ec()), this.ec(), this.env);
                }
            }
            mkString = reverse.mkString(".");
            String str52 = mkString;
            return backOfficeActionContextAuth.checkRights(rightsChecker$SuperAdminOnly$, this.env.datastores().webAuthnAdminDataStore().findAll(this.ec(), this.env).flatMap(seq2 -> {
                return this.env.datastores().webAuthnRegistrationsDataStore().getRegistrationRequest(str2, this.ec(), this.env).flatMap(option -> {
                    if (None$.MODULE$.equals(option)) {
                        return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                    }
                    if (!(option instanceof Some)) {
                        throw new MatchError(option);
                    }
                    JsValue jsValue2 = (JsValue) ((Some) option).value();
                    Failure apply = Try$.MODULE$.apply(() -> {
                        PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions = (PublicKeyCredentialCreationOptions) this.jsonMapper().readValue(Json$.MODULE$.stringify((JsValue) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue2), "request").as(Reads$.MODULE$.JsValueReads())), PublicKeyCredentialCreationOptions.class);
                        return RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(str52).name("Otoroshi").build()).credentialRepository(new LocalCredentialRepository(seq2, this.jsonMapper(), this.base64Decoder())).origins((Set) JavaConverters$.MODULE$.setAsJavaSetConverter(new $colon.colon(str, new $colon.colon(str52, Nil$.MODULE$)).toSet()).asJava()).build().finishRegistration(FinishRegistrationOptions.builder().request(publicKeyCredentialCreationOptions).response(PublicKeyCredential.parseRegistrationResponseJson(stringify)).build());
                    });
                    if (apply instanceof Failure) {
                        apply.exception().printStackTrace();
                        return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request 111", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                    }
                    if (!(apply instanceof Success)) {
                        throw new MatchError(apply);
                    }
                    RegistrationResult registrationResult = (RegistrationResult) ((Success) apply).value();
                    String str6 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "username").as(Reads$.MODULE$.StringReads());
                    String str7 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "password").as(Reads$.MODULE$.StringReads());
                    String str8 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject), "label").as(Reads$.MODULE$.StringReads());
                    UserRights userRights = new UserRights(new $colon.colon(new UserRight(TenantAccess$.MODULE$.apply(backOfficeActionContextAuth.currentTenant().value()), new $colon.colon(TeamAccess$.MODULE$.apply("*"), Nil$.MODULE$)), Nil$.MODULE$));
                    String hashpw = BCrypt.hashpw(str7, BCrypt.gensalt());
                    JsValue parse = Json$.MODULE$.parse(this.jsonMapper().writeValueAsString(registrationResult));
                    return this.env.datastores().webAuthnAdminDataStore().findByUsername(str6, this.ec(), this.env).flatMap(option -> {
                        boolean z = false;
                        if (None$.MODULE$.equals(option)) {
                            return this.env.datastores().webAuthnAdminDataStore().registerUser(new WebAuthnOtoroshiAdmin(str6, hashpw, str8, str3, Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(JsLookup$.MODULE$.$bslash$extension1(JsLookupResult$.MODULE$.jsLookupResultToJsLookup(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(parse), "keyId")), "id").as(Reads$.MODULE$.StringReads())), parse)})), DateTime.now(), OtoroshiAdminType$WebAuthnAdmin$.MODULE$, WebAuthnOtoroshiAdmin$.MODULE$.apply$default$8(), Predef$.MODULE$.Map().empty(), userRights, new EntityLocation(backOfficeActionContextAuth.currentTenant(), new $colon.colon(TeamId$.MODULE$.all(), Nil$.MODULE$))), this.ec(), this.env).map(obj -> {
                                return $anonfun$webAuthnRegistrationFinish$6(this, str6, BoxesRunTime.unboxToBoolean(obj));
                            }, this.ec());
                        }
                        if (option instanceof Some) {
                            z = true;
                            WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin = (WebAuthnOtoroshiAdmin) ((Some) option).value();
                            if (BCrypt.checkpw(str7, webAuthnOtoroshiAdmin.password())) {
                                return this.env.datastores().webAuthnAdminDataStore().registerUser(webAuthnOtoroshiAdmin.copy(webAuthnOtoroshiAdmin.copy$default$1(), webAuthnOtoroshiAdmin.copy$default$2(), webAuthnOtoroshiAdmin.copy$default$3(), webAuthnOtoroshiAdmin.copy$default$4(), webAuthnOtoroshiAdmin.credentials().$plus(Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(JsLookup$.MODULE$.$bslash$extension1(JsLookupResult$.MODULE$.jsLookupResultToJsLookup(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(parse), "keyId")), "id").as(Reads$.MODULE$.StringReads())), parse)), webAuthnOtoroshiAdmin.copy$default$6(), webAuthnOtoroshiAdmin.copy$default$7(), webAuthnOtoroshiAdmin.copy$default$8(), webAuthnOtoroshiAdmin.copy$default$9(), webAuthnOtoroshiAdmin.copy$default$10(), webAuthnOtoroshiAdmin.copy$default$11()), this.ec(), this.env).map(obj2 -> {
                                    return $anonfun$webAuthnRegistrationFinish$7(this, str6, BoxesRunTime.unboxToBoolean(obj2));
                                }, this.ec());
                            }
                        }
                        if (z) {
                            return implicits$BetterSyntax$.MODULE$.future$extension(implicits$.MODULE$.BetterSyntax(this.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad credentials", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue())));
                        }
                        throw new MatchError(option);
                    }, this.ec());
                }, this.ec());
            }, this.ec()), this.ec(), this.env);
        });
    }

    public Action<JsValue> webAuthnLoginStart() {
        return this.BackOfficeAction.async(parse().json(), backOfficeActionContext -> {
            String mkString;
            Tuple2 tuple2;
            Option asOpt = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContext.request().body()), "username").asOpt(Reads$.MODULE$.StringReads());
            Option asOpt2 = JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContext.request().body()), "password").asOpt(Reads$.MODULE$.StringReads());
            String str = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) backOfficeActionContext.request().body()), "origin").as(Reads$.MODULE$.StringReads());
            $colon.colon reverse = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(Uri$.MODULE$.apply(str).authority().host().address().split("\\."))).toList().reverse();
            if (reverse instanceof $colon.colon) {
                $colon.colon colonVar = reverse;
                String str2 = (String) colonVar.head();
                $colon.colon tl$access$1 = colonVar.tl$access$1();
                if (tl$access$1 instanceof $colon.colon) {
                    mkString = new StringBuilder(1).append((String) tl$access$1.head()).append(".").append(str2).toString();
                    String str3 = mkString;
                    tuple2 = new Tuple2(asOpt, asOpt2);
                    if (tuple2 != null) {
                        Some some = (Option) tuple2._1();
                        Some some2 = (Option) tuple2._2();
                        if (some instanceof Some) {
                            String str4 = (String) some.value();
                            if (some2 instanceof Some) {
                                String str5 = (String) some2.value();
                                return this.env.datastores().webAuthnAdminDataStore().findAll(this.ec(), this.env).flatMap(seq -> {
                                    Some find = seq.find(webAuthnOtoroshiAdmin -> {
                                        return BoxesRunTime.boxToBoolean($anonfun$webAuthnLoginStart$3(str4, webAuthnOtoroshiAdmin));
                                    });
                                    if (!(find instanceof Some) || !BCrypt.checkpw(str5, ((WebAuthnOtoroshiAdmin) find.value()).password())) {
                                        return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                    }
                                    AssertionRequest startAssertion = RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(str3).name("Otoroshi").build()).credentialRepository(new LocalCredentialRepository(seq, this.jsonMapper(), this.base64Decoder())).origins((Set) JavaConverters$.MODULE$.setAsJavaSetConverter(new $colon.colon(str, new $colon.colon(str3, Nil$.MODULE$)).toSet()).asJava()).build().startAssertion(StartAssertionOptions.builder().username(Optional.of(str4)).build());
                                    String str6 = IdGenerator$.MODULE$.token(32);
                                    JsValue obj = Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("requestId"), Json$.MODULE$.toJsFieldJsValueWrapper(str6, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("request"), Json$.MODULE$.toJsFieldJsValueWrapper(Json$.MODULE$.parse(this.jsonMapper().writeValueAsString(startAssertion)), Writes$.MODULE$.jsValueWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str4, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("label"), Json$.MODULE$.toJsFieldJsValueWrapper("--", Writes$.MODULE$.StringWrites()))}));
                                    return this.env.datastores().webAuthnRegistrationsDataStore().setRegistrationRequest(str6, obj, this.ec(), this.env).map(boxedUnit -> {
                                        return this.Ok().apply(obj, Writeable$.MODULE$.writeableOf_JsValue());
                                    }, this.ec());
                                }, this.ec());
                            }
                        }
                    }
                    if (tuple2 == null) {
                        return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                    }
                    throw new MatchError(tuple2);
                }
            }
            mkString = reverse.mkString(".");
            String str32 = mkString;
            tuple2 = new Tuple2(asOpt, asOpt2);
            if (tuple2 != null) {
            }
            if (tuple2 == null) {
            }
        });
    }

    public Action<JsValue> webAuthnLoginFinish() {
        return this.BackOfficeAction.async(parse().json(), backOfficeActionContext -> {
            String mkString;
            Tuple2 tuple2;
            Request request = backOfficeActionContext.request();
            JsValue jsValue = (JsValue) backOfficeActionContext.request().body();
            JsObject jsObject = (JsObject) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "webauthn").as(Reads$.MODULE$.JsObjectReads());
            JsObject jsObject2 = (JsObject) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "otoroshi").as(Reads$.MODULE$.JsObjectReads());
            String str = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject2), "origin").as(Reads$.MODULE$.StringReads());
            String str2 = (String) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsValue), "requestId").as(Reads$.MODULE$.StringReads());
            $colon.colon reverse = new ArrayOps.ofRef(Predef$.MODULE$.refArrayOps(Uri$.MODULE$.apply(str).authority().host().address().split("\\."))).toList().reverse();
            if (reverse instanceof $colon.colon) {
                $colon.colon colonVar = reverse;
                String str3 = (String) colonVar.head();
                $colon.colon tl$access$1 = colonVar.tl$access$1();
                if (tl$access$1 instanceof $colon.colon) {
                    mkString = new StringBuilder(1).append((String) tl$access$1.head()).append(".").append(str3).toString();
                    String str4 = mkString;
                    tuple2 = new Tuple2(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject2), "username").asOpt(Reads$.MODULE$.StringReads()), JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject2), "password").asOpt(Reads$.MODULE$.StringReads()));
                    if (tuple2 != null) {
                        Some some = (Option) tuple2._1();
                        Some some2 = (Option) tuple2._2();
                        if (some instanceof Some) {
                            String str5 = (String) some.value();
                            if (some2 instanceof Some) {
                                String str6 = (String) some2.value();
                                return this.env.datastores().webAuthnAdminDataStore().findAll(this.ec(), this.env).flatMap(seq -> {
                                    Some find = seq.find(webAuthnOtoroshiAdmin -> {
                                        return BoxesRunTime.boxToBoolean($anonfun$webAuthnLoginFinish$3(str5, webAuthnOtoroshiAdmin));
                                    });
                                    if (None$.MODULE$.equals(find)) {
                                        return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("Bad user", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                    }
                                    if (!(find instanceof Some)) {
                                        throw new MatchError(find);
                                    }
                                    WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin2 = (WebAuthnOtoroshiAdmin) find.value();
                                    return this.env.datastores().webAuthnRegistrationsDataStore().getRegistrationRequest(str2, this.ec(), this.env).flatMap(option -> {
                                        if (None$.MODULE$.equals(option)) {
                                            return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                        }
                                        if (!(option instanceof Some)) {
                                            throw new MatchError(option);
                                        }
                                        AssertionRequest assertionRequest = (AssertionRequest) this.jsonMapper().readValue(Json$.MODULE$.stringify((JsValue) JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup((JsValue) ((Some) option).value()), "request").as(Reads$.MODULE$.JsValueReads())), AssertionRequest.class);
                                        String password = webAuthnOtoroshiAdmin2.password();
                                        String label = webAuthnOtoroshiAdmin2.label();
                                        if (!BCrypt.checkpw(str6, password)) {
                                            return (Future) FastFuture$.MODULE$.successful().apply(this.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("Not Authorized", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                        }
                                        boolean z = false;
                                        Success success = null;
                                        Try apply = Try$.MODULE$.apply(() -> {
                                            return RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(str4).name("Otoroshi").build()).credentialRepository(new LocalCredentialRepository(seq, this.jsonMapper(), this.base64Decoder())).origins((Set) JavaConverters$.MODULE$.setAsJavaSetConverter(new $colon.colon(str, new $colon.colon(str4, Nil$.MODULE$)).toSet()).asJava()).build().finishAssertion(FinishAssertionOptions.builder().request(assertionRequest).response(PublicKeyCredential.parseAssertionResponseJson(Json$.MODULE$.stringify(jsObject))).build());
                                        });
                                        if (apply instanceof Failure) {
                                            return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                        }
                                        if (apply instanceof Success) {
                                            z = true;
                                            success = (Success) apply;
                                            if (!((AssertionResult) success.value()).isSuccess()) {
                                                return (Future) FastFuture$.MODULE$.successful().apply(this.BadRequest().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("bad request", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                                            }
                                        }
                                        if (!z || !((AssertionResult) success.value()).isSuccess()) {
                                            throw new MatchError(apply);
                                        }
                                        if (this.logger().isDebugEnabled(MarkerContext$.MODULE$.NoMarker())) {
                                            this.logger().debug(() -> {
                                                return new StringBuilder(28).append("Login successful for user '").append(str5).append("'").toString();
                                            }, MarkerContext$.MODULE$.NoMarker());
                                        }
                                        return new BackOfficeUser(IdGenerator$.MODULE$.token(64), str5, str5, Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("name"), Json$.MODULE$.toJsFieldJsValueWrapper(label, Writes$.MODULE$.StringWrites())), Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("email"), Json$.MODULE$.toJsFieldJsValueWrapper(str5, Writes$.MODULE$.StringWrites()))})), Json$.MODULE$.obj(Nil$.MODULE$), "none", false, BackOfficeUser$.MODULE$.apply$default$8(), BackOfficeUser$.MODULE$.apply$default$9(), BackOfficeUser$.MODULE$.apply$default$10(), Nil$.MODULE$, Predef$.MODULE$.Map().empty(), webAuthnOtoroshiAdmin2.rights(), webAuthnOtoroshiAdmin2.location()).save(Duration$.MODULE$.apply(this.env.backOfficeSessionExp(), TimeUnit.MILLISECONDS), this.ec(), this.env).map(backOfficeUser -> {
                                            this.env.datastores().webAuthnAdminDataStore().hasAlreadyLoggedIn(str5, this.ec(), this.env).map(obj -> {
                                                $anonfun$webAuthnLoginFinish$8(this, str5, backOfficeUser, backOfficeActionContext, BoxesRunTime.unboxToBoolean(obj));
                                                return BoxedUnit.UNIT;
                                            }, this.ec());
                                            return this.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str5, Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()).addingToSession(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("bousr"), backOfficeUser.randomId())}), request);
                                        }, this.ec());
                                    }, this.ec());
                                }, this.ec());
                            }
                        }
                    }
                    if (tuple2 == null) {
                        return (Future) FastFuture$.MODULE$.successful().apply(this.Unauthorized().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("error"), Json$.MODULE$.toJsFieldJsValueWrapper("Not Authorized", Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue()));
                    }
                    throw new MatchError(tuple2);
                }
            }
            mkString = reverse.mkString(".");
            String str42 = mkString;
            tuple2 = new Tuple2(JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject2), "username").asOpt(Reads$.MODULE$.StringReads()), JsLookup$.MODULE$.$bslash$extension1(JsValue$.MODULE$.jsValueToJsLookup(jsObject2), "password").asOpt(Reads$.MODULE$.StringReads()));
            if (tuple2 != null) {
            }
            if (tuple2 == null) {
            }
        });
    }

    public static final /* synthetic */ void $anonfun$simpleLogin$5(U2FController u2FController, String str, BackOfficeUser backOfficeUser, BackOfficeActionContext backOfficeActionContext, boolean z) {
        if (false == z) {
            u2FController.env.datastores().simpleAdminDataStore().alreadyLoggedIn(str, u2FController.ec(), u2FController.env);
            Alerts$.MODULE$.send(new AdminFirstLogin(u2FController.env.snowflakeGenerator().nextIdStr(), u2FController.env.env(), backOfficeUser, backOfficeActionContext.from(u2FController.env), backOfficeActionContext.ua(), AdminFirstLogin$.MODULE$.apply$default$6()), u2FController.env);
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (true != z) {
                throw new MatchError(BoxesRunTime.boxToBoolean(z));
            }
            Alerts$.MODULE$.send(new AdminLoggedInAlert(u2FController.env.snowflakeGenerator().nextIdStr(), u2FController.env.env(), backOfficeUser, backOfficeActionContext.from(u2FController.env), backOfficeActionContext.ua(), "local", AdminLoggedInAlert$.MODULE$.apply$default$7()), u2FController.env);
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
    }

    public static final /* synthetic */ Result $anonfun$webAuthnRegistrationFinish$6(U2FController u2FController, String str, boolean z) {
        return u2FController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ Result $anonfun$webAuthnRegistrationFinish$7(U2FController u2FController, String str, boolean z) {
        return u2FController.Ok().apply(Json$.MODULE$.obj(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("username"), Json$.MODULE$.toJsFieldJsValueWrapper(str, Writes$.MODULE$.StringWrites()))})), Writeable$.MODULE$.writeableOf_JsValue());
    }

    public static final /* synthetic */ boolean $anonfun$webAuthnLoginStart$3(String str, WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin) {
        String username = webAuthnOtoroshiAdmin.username();
        return username != null ? username.equals(str) : str == null;
    }

    public static final /* synthetic */ boolean $anonfun$webAuthnLoginFinish$3(String str, WebAuthnOtoroshiAdmin webAuthnOtoroshiAdmin) {
        String username = webAuthnOtoroshiAdmin.username();
        return username != null ? username.equals(str) : str == null;
    }

    public static final /* synthetic */ void $anonfun$webAuthnLoginFinish$8(U2FController u2FController, String str, BackOfficeUser backOfficeUser, BackOfficeActionContext backOfficeActionContext, boolean z) {
        if (false == z) {
            u2FController.env.datastores().webAuthnAdminDataStore().alreadyLoggedIn(str, u2FController.ec(), u2FController.env);
            Alerts$.MODULE$.send(new AdminFirstLogin(u2FController.env.snowflakeGenerator().nextIdStr(), u2FController.env.env(), backOfficeUser, backOfficeActionContext.from(u2FController.env), backOfficeActionContext.ua(), AdminFirstLogin$.MODULE$.apply$default$6()), u2FController.env);
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
        } else {
            if (true != z) {
                throw new MatchError(BoxesRunTime.boxToBoolean(z));
            }
            Alerts$.MODULE$.send(new AdminLoggedInAlert(u2FController.env.snowflakeGenerator().nextIdStr(), u2FController.env.env(), backOfficeUser, backOfficeActionContext.from(u2FController.env), backOfficeActionContext.ua(), "local", AdminLoggedInAlert$.MODULE$.apply$default$7()), u2FController.env);
            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
        }
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public U2FController(BackOfficeAction backOfficeAction, BackOfficeActionAuth backOfficeActionAuth, ControllerComponents controllerComponents, Env env) {
        super(controllerComponents);
        this.BackOfficeAction = backOfficeAction;
        this.BackOfficeActionAuth = backOfficeActionAuth;
        this.env = env;
        this.base64Encoder = Base64.getUrlEncoder();
        this.base64Decoder = Base64.getUrlDecoder();
        this.random = new SecureRandom();
        this.jsonMapper = new ObjectMapper().configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false).setSerializationInclusion(JsonInclude.Include.NON_ABSENT).registerModule(new Jdk8Module());
    }
}
