package io.imunity.fido.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.yubico.webauthn.FinishRegistrationOptions;
import com.yubico.webauthn.RegistrationResult;
import com.yubico.webauthn.StartRegistrationOptions;
import com.yubico.webauthn.attestation.Attestation;
import com.yubico.webauthn.data.AuthenticatorAttestationResponse;
import com.yubico.webauthn.data.AuthenticatorSelectionCriteria;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions;
import com.yubico.webauthn.data.UserIdentity;
import com.yubico.webauthn.data.UserVerificationRequirement;
import com.yubico.webauthn.exception.RegistrationFailedException;
import io.imunity.fido.FidoRegistration;
import io.imunity.fido.credential.FidoCredential;
import io.imunity.fido.credential.FidoCredentialInfo;
import io.imunity.fido.service.UnityFidoRegistrationStorage;
import java.io.IOException;
import java.util.AbstractMap;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.server.AdvertisedAddressProvider;

@Component
/* loaded from: input_file:io/imunity/fido/service/FidoCredentialRegistrationVerificator.class */
class FidoCredentialRegistrationVerificator implements FidoRegistration {
    private static final Logger log = Log.getLogger("unity.server.fido", FidoCredentialRegistrationVerificator.class);
    private final UnityFidoRegistrationStorage.UnityFidoRegistrationStorageCache fidoStorage;
    private final ConcurrentHashMap<String, PublicKeyCredentialCreationOptions> registrationRequests = new ConcurrentHashMap<>();
    private MessageSource msg;
    private FidoEntityHelper entityHelper;
    private AdvertisedAddressProvider addressProvider;

    @Autowired
    public FidoCredentialRegistrationVerificator(MessageSource messageSource, FidoEntityHelper fidoEntityHelper, UnityFidoRegistrationStorage.UnityFidoRegistrationStorageCache unityFidoRegistrationStorageCache, AdvertisedAddressProvider advertisedAddressProvider) {
        this.msg = messageSource;
        this.entityHelper = fidoEntityHelper;
        this.fidoStorage = unityFidoRegistrationStorageCache;
        this.addressProvider = advertisedAddressProvider;
    }

    @Override // io.imunity.fido.FidoRegistration
    public AbstractMap.SimpleEntry<String, String> getRegistrationOptions(String str, String str2, Long l, String str3) throws FidoException {
        Optional<Identities> resolveUsername = this.entityHelper.resolveUsername(l, str3);
        if (!resolveUsername.isPresent() && (Objects.isNull(str3) || str3.isEmpty())) {
            throw new NoEntityException(this.msg.getMessage("FidoExc.noEntity", new Object[0]));
        }
        String uuid = UUID.randomUUID().toString();
        FidoEntityHelper fidoEntityHelper = this.entityHelper;
        Objects.requireNonNull(fidoEntityHelper);
        FidoUserHandle fidoUserHandle = (FidoUserHandle) resolveUsername.map(fidoEntityHelper::getOrCreateUserHandle).orElse(FidoUserHandle.create());
        String str4 = (String) resolveUsername.map((v0) -> {
            return v0.getUsername();
        }).orElse(str3);
        FidoEntityHelper fidoEntityHelper2 = this.entityHelper;
        Objects.requireNonNull(fidoEntityHelper2);
        String str5 = (String) resolveUsername.map(fidoEntityHelper2::getDisplayName).orElse(str3);
        FidoCredential deserialize = FidoCredential.deserialize(str2);
        PublicKeyCredentialCreationOptions startRegistration = FidoCredentialVerificator.getRelyingParty(this.addressProvider.get().getHost(), this.fidoStorage.getInstance(str), deserialize).startRegistration(StartRegistrationOptions.builder().user(UserIdentity.builder().name(str4).displayName(str5).id(new ByteArray(fidoUserHandle.getBytes())).build()).authenticatorSelection(AuthenticatorSelectionCriteria.builder().userVerification(UserVerificationRequirement.valueOf(deserialize.getUserVerification())).build()).build());
        try {
            String writeValueAsString = FidoCredentialVerificator.FIDO_MAPPER.writeValueAsString(startRegistration);
            this.registrationRequests.put(uuid, startRegistration);
            log.debug("Fido start registration for entityId: {}, username: {}, reqId: {} {}", l, str3, uuid, writeValueAsString);
            return new AbstractMap.SimpleEntry<>(uuid, writeValueAsString);
        } catch (JsonProcessingException e) {
            throw new FidoException("Failed to create registration options", e);
        }
    }

    @Override // io.imunity.fido.FidoRegistration
    public FidoCredentialInfo createFidoCredentials(String str, String str2, String str3, String str4) throws FidoException {
        log.debug("Fido finalize registration for reqId: {}", str3);
        try {
            PublicKeyCredentialCreationOptions remove = this.registrationRequests.remove(str3);
            if (remove == null) {
                throw new FidoException(this.msg.getMessage("FidoExc.regReqExpired", new Object[0]));
            }
            PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> parseRegistrationResponseJson = PublicKeyCredential.parseRegistrationResponseJson(str4);
            return createFidoCredentialInfo(parseRegistrationResponseJson, remove, FidoCredentialVerificator.getRelyingParty(this.addressProvider.get().getHost(), this.fidoStorage.getInstance(str), FidoCredential.deserialize(str2)).finishRegistration(FinishRegistrationOptions.builder().request(remove).response(parseRegistrationResponseJson).build()));
        } catch (RegistrationFailedException | IOException e) {
            log.error("Registration failed. Exception: ", e);
            throw new FidoException(this.msg.getMessage("FidoExc.internalError", new Object[0]), e);
        }
    }

    private FidoCredentialInfo createFidoCredentialInfo(PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> publicKeyCredential, PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions, RegistrationResult registrationResult) {
        return FidoCredentialInfo.builder().registrationTime(System.currentTimeMillis()).credentialId(registrationResult.getKeyId().getId()).publicKeyCose(registrationResult.getPublicKeyCose()).signatureCount(publicKeyCredential.getResponse().getParsedAuthenticatorData().getSignatureCounter()).userPresent(publicKeyCredential.getResponse().getParsedAuthenticatorData().getFlags().UP).userVerified(publicKeyCredential.getResponse().getParsedAuthenticatorData().getFlags().UV).attestationFormat(publicKeyCredential.getResponse().getAttestation().getFormat()).aaguid((String) publicKeyCredential.getResponse().getParsedAuthenticatorData().getAttestedCredentialData().map((v0) -> {
            return v0.getAaguid();
        }).map((v0) -> {
            return v0.getHex();
        }).orElse(null)).attestationMetadata((Attestation) registrationResult.getAttestationMetadata().orElse(null)).userHandle(new FidoUserHandle(publicKeyCredentialCreationOptions.getUser().getId().getBytes()).asString()).build();
    }
}
