package io.vertx.ext.web.handler.impl;

import com.fasterxml.jackson.core.JsonLocation;
import io.netty.handler.codec.rtsp.RtspHeaders;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.otp.OtpCredentials;
import io.vertx.ext.auth.otp.OtpKey;
import io.vertx.ext.auth.otp.OtpKeyGenerator;
import io.vertx.ext.auth.otp.totp.TotpAuth;
import io.vertx.ext.web.Route;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.Session;
import io.vertx.ext.web.handler.HttpException;
import io.vertx.ext.web.handler.OtpAuthHandler;

/* loaded from: input_file:io/vertx/ext/web/handler/impl/TotpAuthHandlerImpl.class */
public class TotpAuthHandlerImpl extends AuthenticationHandlerImpl<TotpAuth> implements OtpAuthHandler {
    private final OtpKeyGenerator otpKeyGen;
    private String verifyUrl;
    private String issuer;
    private String label;
    private Route register;
    private Route verify;

    public TotpAuthHandlerImpl(TotpAuth totpAuth, OtpKeyGenerator otpKeyGenerator) {
        super(totpAuth, "totp");
        this.register = null;
        this.verify = null;
        this.otpKeyGen = otpKeyGenerator;
    }

    private static boolean matchesRoute(RoutingContext routingContext, Route route) {
        return route != null && routingContext.request().method() == HttpMethod.POST && routingContext.normalizedPath().equals(route.getPath());
    }

    @Override // io.vertx.ext.web.handler.impl.AuthenticationHandlerInternal
    public void authenticate(RoutingContext routingContext, Handler<AsyncResult<User>> handler) {
        if (this.verify == null) {
            handler.handle(Future.failedFuture(new HttpException(JsonLocation.MAX_CONTENT_SNIPPET, new IllegalStateException("No callback mounted!"))));
            return;
        }
        if (matchesRoute(routingContext, this.verify)) {
            handler.handle(Future.failedFuture(new HttpException(JsonLocation.MAX_CONTENT_SNIPPET, new IllegalStateException("The verify callback route is shaded by the OTPAuthHandler, ensure the callback route is added BEFORE the OTPAuthHandler route!"))));
            return;
        }
        if (matchesRoute(routingContext, this.register)) {
            handler.handle(Future.failedFuture(new HttpException(JsonLocation.MAX_CONTENT_SNIPPET, new IllegalStateException("The register callback route is shaded by the OTPAuthHandler, ensure the callback route is added BEFORE the OTPAuthHandler route!"))));
            return;
        }
        User user = routingContext.user();
        if (user == null) {
            handler.handle(Future.failedFuture(new HttpException(401)));
            return;
        }
        Boolean bool = (Boolean) user.get("mfa");
        if (bool != null && bool.booleanValue()) {
            handler.handle(Future.succeededFuture(routingContext.user()));
            return;
        }
        if (this.verifyUrl == null) {
            handler.handle(Future.failedFuture(new HttpException(401, "User TOTP verification missing")));
            return;
        }
        Session session = routingContext.session();
        if (session != null) {
            session.put("redirect_uri", routingContext.request().uri());
        }
        handler.handle(Future.failedFuture(new HttpException(302, this.verifyUrl)));
    }

    @Override // io.vertx.ext.web.handler.OtpAuthHandler
    public OtpAuthHandler verifyUrl(String str) {
        this.verifyUrl = str;
        return this;
    }

    @Override // io.vertx.ext.web.handler.OtpAuthHandler
    public OtpAuthHandler issuer(String str) {
        this.issuer = str;
        return this;
    }

    @Override // io.vertx.ext.web.handler.OtpAuthHandler
    public OtpAuthHandler label(String str) {
        this.label = str;
        return this;
    }

    @Override // io.vertx.ext.web.handler.OtpAuthHandler
    public OtpAuthHandler setupRegisterCallback(Route route) {
        this.register = route.method(HttpMethod.POST).handler(routingContext -> {
            User user = routingContext.user();
            if (user == null || user.get("username") == null) {
                routingContext.fail(new IllegalStateException("User object misses 'username' attribute"));
                return;
            }
            OtpKey generate = this.otpKeyGen.generate();
            Future createAuthenticator = this.authProvider.createAuthenticator((String) user.get("username"), generate);
            routingContext.getClass();
            createAuthenticator.onFailure(routingContext::fail).onSuccess2(authenticator -> {
                routingContext.json(new JsonObject().put("issuer", this.issuer).put("label", this.label).put(RtspHeaders.Values.URL, this.authProvider.generateUri(generate, this.issuer, (String) user.get("username"), this.label)));
            });
        });
        return this;
    }

    @Override // io.vertx.ext.web.handler.OtpAuthHandler
    public OtpAuthHandler setupCallback(Route route) {
        this.verify = route.method(HttpMethod.POST).handler(routingContext -> {
            User user = routingContext.user();
            if (user == null || user.get("username") == null) {
                routingContext.fail(new IllegalStateException("User object misses 'username' attribute"));
            } else if (routingContext.request().getParam("code") == null) {
                routingContext.fail(new HttpException(400, "Missing 'code' form attribute"));
            } else {
                this.authProvider.authenticate(new OtpCredentials((String) user.get("username"), routingContext.request().getParam("code"))).onSuccess2(user2 -> {
                    user.principal().mergeIn(user.principal());
                    user.attributes().mergeIn(user.attributes());
                    user.attributes().put("mfa", "totp");
                    String str = "/";
                    Session session = routingContext.session();
                    if (session != null) {
                        session.regenerateId();
                        String str2 = (String) session.get("redirect_uri");
                        if (str2 != null) {
                            str = str2;
                        }
                    }
                    routingContext.redirect(str);
                }).onFailure(th -> {
                    routingContext.fail(401, th);
                });
            }
        });
        return this;
    }
}
