package org.apereo.cas.adaptors.u2f;

import com.yubico.u2f.U2F;
import com.yubico.u2f.data.DeviceRegistration;
import com.yubico.u2f.data.messages.SignRequestData;
import com.yubico.u2f.data.messages.SignResponse;
import com.yubico.u2f.exceptions.DeviceCompromisedException;
import org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository;
import org.apereo.cas.authentication.Authentication;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.WebUtils;

/* loaded from: input_file:org/apereo/cas/adaptors/u2f/U2FAuthenticationHandler.class */
public class U2FAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
    private final U2F u2f;
    private final U2FDeviceRepository u2FDeviceRepository;

    public U2FAuthenticationHandler(String str, ServicesManager servicesManager, PrincipalFactory principalFactory, U2FDeviceRepository u2FDeviceRepository, Integer num) {
        super(str, servicesManager, principalFactory, num);
        this.u2f = new U2F();
        this.u2FDeviceRepository = u2FDeviceRepository;
    }

    protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) {
        U2FTokenCredential u2FTokenCredential = (U2FTokenCredential) credential;
        Authentication inProgressAuthentication = WebUtils.getInProgressAuthentication();
        if (inProgressAuthentication == null) {
            throw new IllegalArgumentException("CAS has no reference to an authentication event to locate a principal");
        }
        Principal principal = inProgressAuthentication.getPrincipal();
        SignResponse fromJson = SignResponse.fromJson(u2FTokenCredential.getToken());
        SignRequestData fromJson2 = SignRequestData.fromJson(this.u2FDeviceRepository.getDeviceAuthenticationRequest(fromJson.getRequestId(), principal.getId()));
        DeviceRegistration deviceRegistration = (DeviceRegistration) null;
        try {
            try {
                DeviceRegistration finishSignature = this.u2f.finishSignature(fromJson2, fromJson, this.u2FDeviceRepository.getRegisteredDevices(principal.getId()));
                AuthenticationHandlerExecutionResult createHandlerResult = createHandlerResult(u2FTokenCredential, principal);
                this.u2FDeviceRepository.authenticateDevice(principal.getId(), finishSignature);
                return createHandlerResult;
            } catch (Throwable th) {
                this.u2FDeviceRepository.authenticateDevice(principal.getId(), deviceRegistration);
                throw th;
            }
        } catch (DeviceCompromisedException e) {
            e.getDeviceRegistration();
            throw new PreventedException("Device possibly compromised and therefore blocked: " + e.getMessage(), e);
        }
    }

    public boolean supports(Class<? extends Credential> cls) {
        return U2FTokenCredential.class.isAssignableFrom(cls);
    }

    public boolean supports(Credential credential) {
        return U2FTokenCredential.class.isAssignableFrom(credential.getClass());
    }
}
