package io.vertx.tests;

import com.webauthn4j.async.metadata.FidoMDS3MetadataBLOBAsyncProvider;
import com.webauthn4j.async.metadata.MetadataBLOBAsyncProvider;
import com.webauthn4j.async.metadata.anchor.MetadataBLOBBasedTrustAnchorAsyncRepository;
import com.webauthn4j.converter.AttestedCredentialDataConverter;
import com.webauthn4j.converter.AuthenticationExtensionsClientOutputsConverter;
import com.webauthn4j.converter.AuthenticatorDataConverter;
import com.webauthn4j.converter.exception.DataConversionException;
import com.webauthn4j.converter.util.ObjectConverter;
import com.webauthn4j.data.AttestationConveyancePreference;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.data.AuthenticatorAssertionResponse;
import com.webauthn4j.data.AuthenticatorAttachment;
import com.webauthn4j.data.AuthenticatorAttestationResponse;
import com.webauthn4j.data.AuthenticatorSelectionCriteria;
import com.webauthn4j.data.PublicKeyCredential;
import com.webauthn4j.data.PublicKeyCredentialCreationOptions;
import com.webauthn4j.data.PublicKeyCredentialParameters;
import com.webauthn4j.data.PublicKeyCredentialRequestOptions;
import com.webauthn4j.data.PublicKeyCredentialRpEntity;
import com.webauthn4j.data.PublicKeyCredentialType;
import com.webauthn4j.data.PublicKeyCredentialUserEntity;
import com.webauthn4j.data.RegistrationRequest;
import com.webauthn4j.data.UserVerificationRequirement;
import com.webauthn4j.data.attestation.authenticator.AttestedCredentialData;
import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier;
import com.webauthn4j.data.client.Origin;
import com.webauthn4j.data.client.challenge.Challenge;
import com.webauthn4j.data.client.challenge.DefaultChallenge;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs;
import com.webauthn4j.metadata.data.MetadataBLOBPayloadEntry;
import com.webauthn4j.metadata.util.internal.MetadataBLOBUtil;
import com.webauthn4j.metadata.util.internal.MetadataStatementUtil;
import com.webauthn4j.test.EmulatorUtil;
import com.webauthn4j.test.TestAttestationUtil;
import com.webauthn4j.test.authenticator.webauthn.WebAuthnAuthenticatorAdaptor;
import com.webauthn4j.test.client.ClientPlatform;
import com.webauthn4j.util.Base64UrlUtil;
import io.vertx.core.Future;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.webauthn4j.Attestation;
import io.vertx.ext.auth.webauthn4j.Authenticator;
import io.vertx.ext.auth.webauthn4j.RelyingParty;
import io.vertx.ext.auth.webauthn4j.WebAuthn4J;
import io.vertx.ext.auth.webauthn4j.WebAuthn4JCredentials;
import io.vertx.ext.auth.webauthn4j.WebAuthn4JOptions;
import io.vertx.ext.auth.webauthn4j.impl.VertxHttpAsyncClient;
import io.vertx.ext.unit.Async;
import io.vertx.ext.unit.TestContext;
import io.vertx.ext.unit.junit.RunTestOnContext;
import io.vertx.ext.unit.junit.VertxUnitRunner;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;

@RunWith(VertxUnitRunner.class)
/* loaded from: input_file:io/vertx/tests/EmulatorTest.class */
public class EmulatorTest {
    private final ObjectConverter objectConverter = new ObjectConverter();
    private final AuthenticationExtensionsClientOutputsConverter authenticationExtensionsClientOutputsConverter = new AuthenticationExtensionsClientOutputsConverter(this.objectConverter);
    private final DummyStore database = new DummyStore();
    String rpName = "ACME Corporation";
    String username = "fromage";
    String displayName = "Stephane Epardaud";
    Origin origin = new Origin("http://localhost");

    @Rule
    public final RunTestOnContext rule = new RunTestOnContext();

    @Before
    public void resetDatabase() {
        this.database.clear();
    }

    @Test
    public void testMetadata(TestContext testContext) {
        Async async = testContext.async();
        VertxHttpAsyncClient vertxHttpAsyncClient = new VertxHttpAsyncClient(this.rule.vertx());
        HashSet hashSet = new HashSet();
        Iterator it = new WebAuthn4JOptions().getRootCertificates().entrySet().iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor((X509Certificate) ((Map.Entry) it.next()).getValue(), null));
        }
        MetadataBLOBAsyncProvider fidoMDS3MetadataBLOBAsyncProvider = new FidoMDS3MetadataBLOBAsyncProvider(this.objectConverter, "https://mds.fidoalliance.org/", vertxHttpAsyncClient, hashSet);
        MetadataBLOBBasedTrustAnchorAsyncRepository metadataBLOBBasedTrustAnchorAsyncRepository = new MetadataBLOBBasedTrustAnchorAsyncRepository(new MetadataBLOBAsyncProvider[]{fidoMDS3MetadataBLOBAsyncProvider});
        fidoMDS3MetadataBLOBAsyncProvider.provide().thenCompose(metadataBLOB -> {
            Assert.assertNotEquals(0L, metadataBLOB.getPayload().getEntries().size());
            for (MetadataBLOBPayloadEntry metadataBLOBPayloadEntry : metadataBLOB.getPayload().getEntries()) {
                if (metadataBLOBPayloadEntry.getAaguid() != null && !metadataBLOBPayloadEntry.getMetadataStatement().getAttestationRootCertificates().isEmpty() && MetadataBLOBUtil.checkMetadataBLOBPayloadEntry(metadataBLOBPayloadEntry, metadataBLOBBasedTrustAnchorAsyncRepository.isNotFidoCertifiedAllowed(), metadataBLOBBasedTrustAnchorAsyncRepository.isSelfAssertionSubmittedAllowed()) && MetadataStatementUtil.checkSurrogateMetadataStatementAttestationRootCertificate(metadataBLOBPayloadEntry.getMetadataStatement())) {
                    return metadataBLOBBasedTrustAnchorAsyncRepository.find(metadataBLOBPayloadEntry.getAaguid());
                }
            }
            Assert.fail("Could not find a single AAGUID in the metadata");
            return null;
        }).thenAccept(set -> {
            Assert.assertNotEquals(0L, set.size());
        }).handle((r5, th) -> {
            if (th != null) {
                testContext.fail(th);
                return null;
            }
            async.complete();
            return null;
        });
    }

    @Test
    public void testDefaults(TestContext testContext) throws DataConversionException, InterruptedException, ExecutionException {
        Async async = testContext.async();
        WebAuthn4J credentialStorage = WebAuthn4J.create(this.rule.vertx(), new WebAuthn4JOptions().setRelyingParty(new RelyingParty().setName(this.rpName))).credentialStorage(this.database);
        ClientPlatform clientPlatform = new ClientPlatform(this.origin, new WebAuthnAuthenticatorAdaptor(EmulatorUtil.PACKED_AUTHENTICATOR));
        Future flatMap = testRegistration(credentialStorage, clientPlatform, testContext).flatMap(obj -> {
            return testAuthentication(credentialStorage, clientPlatform, testContext);
        });
        Objects.requireNonNull(testContext);
        flatMap.onFailure(testContext::fail).onSuccess(obj2 -> {
            async.complete();
        });
    }

    @Test
    public void testEnterprise(TestContext testContext) throws DataConversionException, InterruptedException, ExecutionException {
        Async async = testContext.async();
        WebAuthn4J credentialStorage = WebAuthn4J.create(this.rule.vertx(), new WebAuthn4JOptions().setRelyingParty(new RelyingParty().setName(this.rpName)).setAttestation(Attestation.ENTERPRISE).addRootCertificate(TestAttestationUtil.load3tierTestRootCACertificate())).credentialStorage(this.database);
        ClientPlatform clientPlatform = new ClientPlatform(this.origin, new WebAuthnAuthenticatorAdaptor(EmulatorUtil.PACKED_AUTHENTICATOR));
        Future flatMap = testRegistration(credentialStorage, clientPlatform, testContext).flatMap(obj -> {
            return testAuthentication(credentialStorage, clientPlatform, testContext);
        });
        Objects.requireNonNull(testContext);
        flatMap.onFailure(testContext::fail).onSuccess(obj2 -> {
            async.complete();
        });
    }

    @Test
    public void testEnterpriseWithoutCA(TestContext testContext) throws DataConversionException, InterruptedException, ExecutionException {
        Async async = testContext.async();
        WebAuthn4J credentialStorage = WebAuthn4J.create(this.rule.vertx(), new WebAuthn4JOptions().setRelyingParty(new RelyingParty().setName(this.rpName)).setAttestation(Attestation.ENTERPRISE)).credentialStorage(this.database);
        ClientPlatform clientPlatform = new ClientPlatform(this.origin, new WebAuthnAuthenticatorAdaptor(EmulatorUtil.PACKED_AUTHENTICATOR));
        testRegistration(credentialStorage, clientPlatform, testContext).flatMap(obj -> {
            return testAuthentication(credentialStorage, clientPlatform, testContext);
        }).onFailure(th -> {
            while (th.getCause() != null) {
                th = th.getCause();
            }
            Assert.assertEquals("Path does not chain with any of the trust anchors", th.getMessage());
            async.complete();
        }).onSuccess(obj2 -> {
            testContext.fail("Verification should not have passed without CA configured");
        });
    }

    private Future<?> testRegistration(WebAuthn4J webAuthn4J, ClientPlatform clientPlatform, TestContext testContext) {
        DefaultChallenge defaultChallenge = new DefaultChallenge();
        RegistrationRequest createRegistrationRequest = createRegistrationRequest(clientPlatform, this.origin.getHost(), defaultChallenge, this.username, this.displayName, testContext);
        return webAuthn4J.authenticate(new WebAuthn4JCredentials().setUsername(this.username).setOrigin(this.origin.toString()).setDomain(this.origin.getHost()).setChallenge(Base64UrlUtil.encodeToString(defaultChallenge.getValue())).setWebauthn(new JsonObject().put("id", testContext.get("credId")).put("rawId", testContext.get("credId")).put("type", "public-key").put("response", new JsonObject().put("attestationObject", Base64UrlUtil.encodeToString(createRegistrationRequest.getAttestationObject())).put("clientDataJSON", Base64UrlUtil.encodeToString(createRegistrationRequest.getClientDataJSON()))))).flatMap(user -> {
            Assert.assertNotNull(user);
            Assert.assertEquals(this.username, user.principal().getString("userName"));
            return this.database.find(this.username, null);
        }).onSuccess(list -> {
            Assert.assertNotNull(list);
            Assert.assertEquals(1L, list.size());
            Authenticator authenticator = (Authenticator) list.get(0);
            Assert.assertEquals(this.username, authenticator.getUserName());
            Assert.assertEquals(testContext.get("credId"), authenticator.getCredID());
            testContext.put("counter", Long.valueOf(authenticator.getCounter()));
            Assert.assertEquals(testContext.get("publicKey"), authenticator.getPublicKey());
        });
    }

    private RegistrationRequest createRegistrationRequest(ClientPlatform clientPlatform, String str, Challenge challenge, String str2, String str3, TestContext testContext) {
        AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED);
        PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
        PublicKeyCredential create = clientPlatform.create(new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(str, "example.com"), new PublicKeyCredentialUserEntity(new byte[32], str2, str3), challenge, Collections.singletonList(publicKeyCredentialParameters), (Long) null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.DIRECT, new AuthenticationExtensionsClientInputs()));
        AuthenticatorAttestationResponse response = create.getResponse();
        AttestedCredentialData convert = new AttestedCredentialDataConverter(this.objectConverter).convert(new AuthenticatorDataConverter(this.objectConverter).extractAttestedCredentialData(response.getAuthenticatorData(this.objectConverter)));
        testContext.put("credId", Base64UrlUtil.encodeToString(convert.getCredentialId()));
        testContext.put("publicKey", Base64UrlUtil.encodeToString(this.objectConverter.getCborConverter().writeValueAsBytes(convert.getCOSEKey())));
        AuthenticationExtensionsClientOutputs clientExtensionResults = create.getClientExtensionResults();
        Set emptySet = Collections.emptySet();
        return new RegistrationRequest(response.getAttestationObject(), response.getClientDataJSON(), this.authenticationExtensionsClientOutputsConverter.convertToString(clientExtensionResults), emptySet);
    }

    private Future<?> testAuthentication(WebAuthn4J webAuthn4J, ClientPlatform clientPlatform, TestContext testContext) {
        DefaultChallenge defaultChallenge = new DefaultChallenge();
        AuthenticationRequest createAuthenticationRequest = createAuthenticationRequest(clientPlatform, this.origin.getHost(), defaultChallenge, this.username, this.displayName);
        return webAuthn4J.authenticate(new WebAuthn4JCredentials().setUsername(this.username).setOrigin(this.origin.toString()).setDomain(this.origin.getHost()).setChallenge(Base64UrlUtil.encodeToString(defaultChallenge.getValue())).setWebauthn(new JsonObject().put("id", testContext.get("credId")).put("rawId", testContext.get("credId")).put("type", "public-key").put("response", new JsonObject().put("signature", Base64UrlUtil.encodeToString(createAuthenticationRequest.getSignature())).put("authenticatorData", Base64UrlUtil.encodeToString(createAuthenticationRequest.getAuthenticatorData())).put("clientDataJSON", Base64UrlUtil.encodeToString(createAuthenticationRequest.getClientDataJSON()))))).flatMap(user -> {
            Assert.assertNotNull(user);
            Assert.assertEquals(this.username, user.principal().getString("userName"));
            return this.database.find(this.username, null);
        }).onSuccess(list -> {
            Assert.assertNotNull(list);
            Assert.assertEquals(1L, list.size());
            Authenticator authenticator = (Authenticator) list.get(0);
            Assert.assertEquals(this.username, authenticator.getUserName());
            Assert.assertEquals(testContext.get("credId"), authenticator.getCredID());
            Assert.assertEquals(((Long) testContext.get("counter")).longValue() + 1, authenticator.getCounter());
            Assert.assertEquals(testContext.get("publicKey"), authenticator.getPublicKey());
        });
    }

    private AuthenticationRequest createAuthenticationRequest(ClientPlatform clientPlatform, String str, Challenge challenge, String str2, String str3) {
        PublicKeyCredential publicKeyCredential = clientPlatform.get(new PublicKeyCredentialRequestOptions(challenge, 0L, str, (List) null, UserVerificationRequirement.REQUIRED, (AuthenticationExtensionsClientInputs) null));
        AuthenticatorAssertionResponse response = publicKeyCredential.getResponse();
        return new AuthenticationRequest(publicKeyCredential.getRawId(), response.getAuthenticatorData(), response.getClientDataJSON(), this.authenticationExtensionsClientOutputsConverter.convertToString(publicKeyCredential.getClientExtensionResults()), response.getSignature());
    }
}
