package org.cloudfoundry.identity.uaa.mfa;

import com.warrenstrange.googleauth.ICredentialRepository;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.8.0.jar:org/cloudfoundry/identity/uaa/mfa/UserGoogleMfaCredentialsProvisioning.class */
public class UserGoogleMfaCredentialsProvisioning implements ICredentialRepository {
    private static final String SESSION_CREDENTIAL_ATTR_NAME = "SESSION_USER_GOOGLE_MFA_CREDENTIALS";
    private MfaProviderProvisioning mfaProviderProvisioning;
    UserMfaCredentialsProvisioning<UserGoogleMfaCredentials> jdbcProvisioner;

    @Override // com.warrenstrange.googleauth.ICredentialRepository
    public String getSecretKey(String str) {
        UserGoogleMfaCredentials userGoogleMfaCredentials = (UserGoogleMfaCredentials) session().getAttribute(SESSION_CREDENTIAL_ATTR_NAME);
        if (userGoogleMfaCredentials == null) {
            userGoogleMfaCredentials = this.jdbcProvisioner.retrieve(str, this.mfaProviderProvisioning.retrieveByName(IdentityZoneHolder.get().getConfig().getMfaConfig().getProviderName(), IdentityZoneHolder.get().getId()).getId());
        }
        return userGoogleMfaCredentials.getSecretKey();
    }

    @Override // com.warrenstrange.googleauth.ICredentialRepository
    public void saveUserCredentials(String str, String str2, int i, List<Integer> list) {
        HttpSession session = session();
        UserGoogleMfaCredentials userGoogleMfaCredentials = new UserGoogleMfaCredentials(str, str2, i, list);
        userGoogleMfaCredentials.setMfaProviderId(this.mfaProviderProvisioning.retrieveByName(IdentityZoneHolder.get().getConfig().getMfaConfig().getProviderName(), IdentityZoneHolder.get().getId()).getId());
        session.setAttribute(SESSION_CREDENTIAL_ATTR_NAME, userGoogleMfaCredentials);
    }

    public boolean activeUserCredentialExists(String str, String str2) {
        try {
            return this.jdbcProvisioner.retrieve(str, str2) != null;
        } catch (UserMfaConfigDoesNotExistException e) {
            return false;
        }
    }

    public void persistCredentials() {
        HttpSession session = session();
        String id = IdentityZoneHolder.get().getId();
        UserGoogleMfaCredentials userGoogleMfaCredentials = (UserGoogleMfaCredentials) session.getAttribute(SESSION_CREDENTIAL_ATTR_NAME);
        if (userGoogleMfaCredentials == null) {
            return;
        }
        userGoogleMfaCredentials.setMfaProviderId(this.mfaProviderProvisioning.retrieveByName(IdentityZoneHolder.get().getConfig().getMfaConfig().getProviderName(), id).getId());
        this.jdbcProvisioner.save(userGoogleMfaCredentials, id);
        session.removeAttribute(SESSION_CREDENTIAL_ATTR_NAME);
    }

    public boolean isFirstTimeMFAUser(UaaPrincipal uaaPrincipal) {
        if (uaaPrincipal == null) {
            throw new RuntimeException("User information is not present in session.");
        }
        return session().getAttribute(SESSION_CREDENTIAL_ATTR_NAME) != null;
    }

    public UserMfaCredentialsProvisioning<UserGoogleMfaCredentials> getJdbcProvisioner() {
        return this.jdbcProvisioner;
    }

    public void setJdbcProvisioner(UserMfaCredentialsProvisioning<UserGoogleMfaCredentials> userMfaCredentialsProvisioning) {
        this.jdbcProvisioner = userMfaCredentialsProvisioning;
    }

    private HttpSession session() {
        HttpSession session = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession(false);
        if (session == null) {
            throw new RuntimeException("Session not found");
        }
        return session;
    }

    public void setMfaProviderProvisioning(MfaProviderProvisioning mfaProviderProvisioning) {
        this.mfaProviderProvisioning = mfaProviderProvisioning;
    }
}
