package io.quarkus.security.webauthn;

import io.quarkus.arc.Arc;
import io.quarkus.arc.InjectableContext;
import io.quarkus.arc.ManagedContext;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.vertx.http.runtime.security.HttpSecurityUtils;
import io.quarkus.vertx.http.runtime.security.PersistentLoginManager;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.webauthn.WebAuthnCredentials;
import io.vertx.ext.auth.webauthn.impl.attestation.AttestationException;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.impl.Origin;
import java.util.function.Consumer;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/security/webauthn/WebAuthnController.class */
public class WebAuthnController {
    private static final Logger log = Logger.getLogger(WebAuthnController.class);
    public static final String USERNAME_COOKIE = "_quarkus_webauthn_username";
    public static final String CHALLENGE_COOKIE = "_quarkus_webauthn_challenge";
    private WebAuthnSecurity security;
    private String origin;
    private String domain;
    private IdentityProviderManager identityProviderManager;
    private WebAuthnAuthenticationMechanism authMech;

    public WebAuthnController(WebAuthnSecurity webAuthnSecurity, WebAuthnRunTimeConfig webAuthnRunTimeConfig, IdentityProviderManager identityProviderManager, WebAuthnAuthenticationMechanism webAuthnAuthenticationMechanism) {
        this.origin = webAuthnRunTimeConfig.origin.orElse(null);
        if (this.origin != null) {
            this.domain = Origin.parse(this.origin).host();
        }
        this.security = webAuthnSecurity;
        this.identityProviderManager = identityProviderManager;
        this.authMech = webAuthnAuthenticationMechanism;
    }

    private static boolean containsRequiredString(JsonObject jsonObject, String str) {
        if (jsonObject == null) {
            return false;
        }
        try {
            if (!jsonObject.containsKey(str)) {
                return false;
            }
            Object value = jsonObject.getValue(str);
            if (value instanceof String) {
                if (!"".equals(value)) {
                    return true;
                }
            }
            return false;
        } catch (ClassCastException e) {
            return false;
        }
    }

    private static boolean containsOptionalString(JsonObject jsonObject, String str) {
        if (jsonObject == null) {
            return true;
        }
        try {
            if (jsonObject.containsKey(str)) {
                return jsonObject.getValue(str) instanceof String;
            }
            return true;
        } catch (ClassCastException e) {
            return false;
        }
    }

    private static boolean containsRequiredObject(JsonObject jsonObject, String str) {
        if (jsonObject == null) {
            return false;
        }
        try {
            if (jsonObject.containsKey(str)) {
                return jsonObject.getJsonObject(str) != null;
            }
            return false;
        } catch (ClassCastException e) {
            return false;
        }
    }

    public void register(RoutingContext routingContext) {
        try {
            JsonObject bodyAsJson = routingContext.getBodyAsJson();
            if (bodyAsJson == null || !containsRequiredString(bodyAsJson, "name")) {
                routingContext.fail(400, new IllegalArgumentException("missing 'name' field from request json"));
            } else {
                ManagedContext requestContext = Arc.container().requestContext();
                requestContext.activate();
                InjectableContext.ContextState state = requestContext.getState();
                this.security.getWebAuthn().createCredentialsOptions(bodyAsJson, asyncResult -> {
                    requestContext.destroy(state);
                    if (asyncResult.failed()) {
                        routingContext.fail(asyncResult.cause());
                        return;
                    }
                    JsonObject jsonObject = (JsonObject) asyncResult.result();
                    this.authMech.getLoginManager().save(jsonObject.getString("challenge"), routingContext, CHALLENGE_COOKIE, (PersistentLoginManager.RestoreResult) null, routingContext.request().isSSL());
                    this.authMech.getLoginManager().save(bodyAsJson.getString("name"), routingContext, USERNAME_COOKIE, (PersistentLoginManager.RestoreResult) null, routingContext.request().isSSL());
                    ok(routingContext, jsonObject);
                });
            }
        } catch (IllegalArgumentException e) {
            routingContext.fail(400, e);
        } catch (RuntimeException e2) {
            routingContext.fail(e2);
        }
    }

    public void login(RoutingContext routingContext) {
        try {
            JsonObject bodyAsJson = routingContext.getBodyAsJson();
            if (bodyAsJson == null || !containsRequiredString(bodyAsJson, "name")) {
                routingContext.fail(400, new IllegalArgumentException("Request missing 'name' field"));
                return;
            }
            String string = bodyAsJson.getString("name");
            ManagedContext requestContext = Arc.container().requestContext();
            requestContext.activate();
            InjectableContext.ContextState state = requestContext.getState();
            this.security.getWebAuthn().getCredentialsOptions(string, asyncResult -> {
                requestContext.destroy(state);
                if (asyncResult.failed()) {
                    routingContext.fail(asyncResult.cause());
                    return;
                }
                JsonObject jsonObject = (JsonObject) asyncResult.result();
                this.authMech.getLoginManager().save(jsonObject.getString("challenge"), routingContext, CHALLENGE_COOKIE, (PersistentLoginManager.RestoreResult) null, routingContext.request().isSSL());
                this.authMech.getLoginManager().save(string, routingContext, USERNAME_COOKIE, (PersistentLoginManager.RestoreResult) null, routingContext.request().isSSL());
                ok(routingContext, jsonObject);
            });
        } catch (IllegalArgumentException e) {
            routingContext.fail(400, e);
        } catch (RuntimeException e2) {
            routingContext.fail(e2);
        }
    }

    public void callback(final RoutingContext routingContext) {
        try {
            JsonObject bodyAsJson = routingContext.getBodyAsJson();
            if (bodyAsJson == null || !containsRequiredString(bodyAsJson, "id") || !containsRequiredString(bodyAsJson, "rawId") || !containsRequiredObject(bodyAsJson, "response") || !containsOptionalString(bodyAsJson.getJsonObject("response"), "userHandle") || !containsRequiredString(bodyAsJson, "type") || !"public-key".equals(bodyAsJson.getString("type"))) {
                routingContext.fail(400, new IllegalArgumentException("Response missing one or more of id/rawId/response[.userHandle]/type fields, or type is not public-key"));
                return;
            }
            PersistentLoginManager.RestoreResult restore = this.authMech.getLoginManager().restore(routingContext, CHALLENGE_COOKIE);
            PersistentLoginManager.RestoreResult restore2 = this.authMech.getLoginManager().restore(routingContext, USERNAME_COOKIE);
            if (restore == null || restore.getPrincipal() == null || restore.getPrincipal().isEmpty() || restore2 == null || restore2.getPrincipal() == null || restore2.getPrincipal().isEmpty()) {
                routingContext.fail(400, new IllegalArgumentException("Missing challenge or username"));
                return;
            }
            final ManagedContext requestContext = Arc.container().requestContext();
            requestContext.activate();
            final InjectableContext.ContextState state = requestContext.getState();
            this.identityProviderManager.authenticate(HttpSecurityUtils.setRoutingContextAttribute(new WebAuthnAuthenticationRequest(new WebAuthnCredentials().setOrigin(this.origin).setDomain(this.domain).setChallenge(restore.getPrincipal()).setUsername(restore2.getPrincipal()).setWebauthn(bodyAsJson)), routingContext)).subscribe().with(new Consumer<SecurityIdentity>() { // from class: io.quarkus.security.webauthn.WebAuthnController.1
                @Override // java.util.function.Consumer
                public void accept(SecurityIdentity securityIdentity) {
                    requestContext.destroy(state);
                    WebAuthnSecurity.removeCookie(routingContext, WebAuthnController.CHALLENGE_COOKIE);
                    WebAuthnSecurity.removeCookie(routingContext, WebAuthnController.USERNAME_COOKIE);
                    try {
                        WebAuthnController.this.authMech.getLoginManager().save(securityIdentity, routingContext, (PersistentLoginManager.RestoreResult) null, routingContext.request().isSSL());
                        WebAuthnController.ok(routingContext);
                    } catch (Throwable th) {
                        WebAuthnController.log.error("Unable to complete post authentication", th);
                        routingContext.fail(th);
                    }
                }
            }, new Consumer<Throwable>() { // from class: io.quarkus.security.webauthn.WebAuthnController.2
                @Override // java.util.function.Consumer
                public void accept(Throwable th) {
                    requestContext.terminate();
                    if (th instanceof AttestationException) {
                        routingContext.fail(400, th);
                    } else {
                        routingContext.fail(th);
                    }
                }
            });
        } catch (IllegalArgumentException e) {
            routingContext.fail(400, e);
        } catch (RuntimeException e2) {
            routingContext.fail(e2);
        }
    }

    public void logout(RoutingContext routingContext) {
        this.authMech.getLoginManager().clear(routingContext);
        routingContext.redirect("/");
    }

    private static void ok(RoutingContext routingContext) {
        routingContext.response().setStatusCode(204).end();
    }

    private static void ok(RoutingContext routingContext, JsonObject jsonObject) {
        routingContext.json(jsonObject);
    }

    public void javascript(RoutingContext routingContext) {
        routingContext.response().sendFile("webauthn.js");
    }
}
