package org.gluu.oxauth.fido2.ws.rs.service;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.List;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.lang.StringUtils;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationData;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationEntry;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationStatus;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationData;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationEntry;
import org.gluu.oxauth.fido2.persist.AuthenticationPersistenceService;
import org.gluu.oxauth.fido2.persist.RegistrationPersistenceService;
import org.gluu.oxauth.fido2.service.Base64Service;
import org.gluu.oxauth.fido2.service.ChallengeGenerator;
import org.gluu.oxauth.fido2.service.DataMapperService;
import org.gluu.oxauth.fido2.service.verifier.AuthenticatorAssertionVerifier;
import org.gluu.oxauth.fido2.service.verifier.ChallengeVerifier;
import org.gluu.oxauth.fido2.service.verifier.CommonVerifiers;
import org.gluu.oxauth.fido2.service.verifier.DomainVerifier;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.service.net.NetworkService;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/ws/rs/service/AssertionService.class */
public class AssertionService {

    @Inject
    private Logger log;

    @Inject
    private ChallengeVerifier challengeVerifier;

    @Inject
    private DomainVerifier domainVerifier;

    @Inject
    private RegistrationPersistenceService registrationsRepository;

    @Inject
    private AuthenticationPersistenceService authenticationsRepository;

    @Inject
    private AuthenticatorAssertionVerifier authenticatorAuthorizationVerifier;

    @Inject
    private ChallengeGenerator challengeGenerator;

    @Inject
    private DataMapperService dataMapperService;

    @Inject
    private Base64Service base64Service;

    @Inject
    private CommonVerifiers commonVerifiers;

    @Inject
    private NetworkService networkService;

    @Inject
    private AppConfiguration appConfiguration;

    public JsonNode options(JsonNode jsonNode) {
        this.log.info("options {}", jsonNode);
        return assertionOptions(jsonNode);
    }

    public JsonNode verify(JsonNode jsonNode) {
        this.log.info("authenticateResponse {}", jsonNode);
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        JsonNode jsonNode2 = jsonNode.get("response");
        this.commonVerifiers.verifyBasicPayload(jsonNode);
        String verifyThatString = this.commonVerifiers.verifyThatString(jsonNode, "id");
        this.commonVerifiers.verifyAssertionType(jsonNode.get("type"));
        this.commonVerifiers.verifyThatString(jsonNode, "rawId");
        JsonNode jsonNode3 = jsonNode.get("response").get("userHandle");
        if (jsonNode3 != null && jsonNode.get("response").hasNonNull("userHandle")) {
            this.commonVerifiers.verifyThatString(jsonNode3, "userHandle");
        }
        try {
            JsonNode readTree = this.dataMapperService.readTree(new String(this.base64Service.urlDecode(jsonNode.get("response").get("clientDataJSON").asText()), Charset.forName("UTF-8")));
            this.commonVerifiers.verifyClientJSON(readTree);
            this.commonVerifiers.verifyClientJSONTypeIsGet(readTree);
            String asText = readTree.get("challenge").asText();
            String asText2 = readTree.get("origin").asText();
            Fido2AuthenticationEntry orElseThrow = this.authenticationsRepository.findByChallenge(asText).parallelStream().findFirst().orElseThrow(() -> {
                return new Fido2RPRuntimeException(String.format("Can't find matching request by challenge '%s'", asText));
            });
            Fido2AuthenticationData authenticationData = orElseThrow.getAuthenticationData();
            this.domainVerifier.verifyDomain(authenticationData.getDomain(), asText2);
            this.authenticatorAuthorizationVerifier.verifyAuthenticatorAssertionResponse(jsonNode2, this.registrationsRepository.findByPublicKeyId(verifyThatString).orElseThrow(() -> {
                return new Fido2RPRuntimeException(String.format("Couldn't find the key by PublicKeyId '%s'", verifyThatString));
            }).getRegistrationData(), authenticationData);
            authenticationData.setW3cAuthenticatorAssertionResponse(jsonNode2.toString());
            authenticationData.setStatus(Fido2AuthenticationStatus.authenticated);
            this.authenticationsRepository.update(orElseThrow);
            createObjectNode.put("status", "ok");
            createObjectNode.put("errorMessage", "");
            return createObjectNode;
        } catch (IOException e) {
            throw new Fido2RPRuntimeException("Can't parse message");
        } catch (Exception e2) {
            throw new Fido2RPRuntimeException("Invalid assertion data");
        }
    }

    private JsonNode assertionOptions(JsonNode jsonNode) {
        this.log.info("assertionOptions {}", jsonNode);
        String asText = jsonNode.get("username").asText();
        String str = "required";
        if (jsonNode.hasNonNull("authenticatorSelection")) {
            JsonNode jsonNode2 = jsonNode.get("authenticatorSelection");
            if (jsonNode2.hasNonNull("userVerification")) {
                str = this.commonVerifiers.verifyUserVerification(jsonNode2.get("userVerification"));
            }
        }
        String host = this.networkService.getHost(jsonNode.hasNonNull("documentDomain") ? jsonNode.get("documentDomain").asText() : this.appConfiguration.getIssuer());
        this.log.info("Options {} ", asText);
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        List<Fido2RegistrationEntry> findAllByUsername = this.registrationsRepository.findAllByUsername(asText);
        if (findAllByUsername.isEmpty()) {
            throw new Fido2RPRuntimeException("No record of registration. Have you registered?");
        }
        List<Fido2RegistrationData> list = (List) findAllByUsername.parallelStream().map(fido2RegistrationEntry -> {
            return fido2RegistrationEntry.getRegistrationData();
        }).collect(Collectors.toList());
        String challenge = this.challengeGenerator.getChallenge();
        createObjectNode.put("challenge", challenge);
        createObjectNode.putObject("user").put("name", asText);
        ArrayNode putArray = createObjectNode.putArray("allowCredentials");
        boolean z = false;
        for (Fido2RegistrationData fido2RegistrationData : list) {
            if (!StringUtils.isEmpty(fido2RegistrationData.getPublicKeyId())) {
                z = true;
                ObjectNode addObject = putArray.addObject();
                addObject.put("type", "public-key");
                addObject.putArray("transports").add("usb").add("ble").add("nfc");
                addObject.put("id", fido2RegistrationData.getPublicKeyId());
            }
        }
        if (!z) {
            throw new Fido2RPRuntimeException("Can't find associated key. Have you registered");
        }
        createObjectNode.put("userVerification", str);
        if (jsonNode.hasNonNull("extensions")) {
            createObjectNode.set("extensions", jsonNode.get("extensions"));
        }
        Fido2AuthenticationData fido2AuthenticationData = new Fido2AuthenticationData();
        fido2AuthenticationData.setUsername(asText);
        fido2AuthenticationData.setChallenge(challenge);
        fido2AuthenticationData.setDomain(host);
        fido2AuthenticationData.setW3cCredentialRequestOptions(createObjectNode.toString());
        fido2AuthenticationData.setUserVerificationOption(str);
        fido2AuthenticationData.setStatus(Fido2AuthenticationStatus.pending);
        this.authenticationsRepository.save(fido2AuthenticationData);
        createObjectNode.put("status", "ok");
        createObjectNode.put("errorMessage", "");
        return createObjectNode;
    }
}
