package org.apereo.cas.adaptors.u2f.web.flow;

import com.yubico.u2f.U2F;
import com.yubico.u2f.data.messages.AuthenticateRequest;
import com.yubico.u2f.data.messages.AuthenticateRequestData;
import org.apereo.cas.adaptors.u2f.U2FAuthentication;
import org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.web.support.WebUtils;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/adaptors/u2f/web/flow/U2FStartAuthenticationAction.class */
public class U2FStartAuthenticationAction extends AbstractAction {
    private final U2F u2f = new U2F();
    private final String serverAddress;
    private final U2FDeviceRepository u2FDeviceRepository;

    public U2FStartAuthenticationAction(String str, U2FDeviceRepository u2FDeviceRepository) {
        this.serverAddress = str;
        this.u2FDeviceRepository = u2FDeviceRepository;
    }

    protected Event doExecute(RequestContext requestContext) throws Exception {
        Principal principal = WebUtils.getAuthentication(requestContext).getPrincipal();
        AuthenticateRequestData startAuthentication = this.u2f.startAuthentication(this.serverAddress, this.u2FDeviceRepository.getRegisteredDevices(principal.getId()));
        this.u2FDeviceRepository.requestDeviceAuthentication(startAuthentication.getRequestId(), principal.getId(), startAuthentication.toJson());
        if (startAuthentication.getAuthenticateRequests().isEmpty()) {
            return error();
        }
        AuthenticateRequest authenticateRequest = (AuthenticateRequest) startAuthentication.getAuthenticateRequests().get(0);
        requestContext.getFlowScope().put("u2fAuth", new U2FAuthentication(authenticateRequest.getChallenge(), authenticateRequest.getAppId(), authenticateRequest.getKeyHandle()));
        return success();
    }
}
