package org.gluu.oxauth.fido2.service.operation;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.security.SecureRandom;
import java.util.List;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.gluu.oxauth.fido2.ctap.AttestationConveyancePreference;
import org.gluu.oxauth.fido2.ctap.AuthenticatorAttachment;
import org.gluu.oxauth.fido2.ctap.CoseEC2Algorithm;
import org.gluu.oxauth.fido2.ctap.CoseRSAAlgorithm;
import org.gluu.oxauth.fido2.ctap.UserVerification;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.auth.CredAndCounterData;
import org.gluu.oxauth.fido2.model.auth.PublicKeyCredentialDescriptor;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationData;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationEntry;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationStatus;
import org.gluu.oxauth.fido2.service.Base64Service;
import org.gluu.oxauth.fido2.service.ChallengeGenerator;
import org.gluu.oxauth.fido2.service.DataMapperService;
import org.gluu.oxauth.fido2.service.persist.RegistrationPersistenceService;
import org.gluu.oxauth.fido2.service.verifier.AttestationVerifier;
import org.gluu.oxauth.fido2.service.verifier.CommonVerifiers;
import org.gluu.oxauth.fido2.service.verifier.DomainVerifier;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/operation/AttestationService.class */
public class AttestationService {

    @Inject
    private Logger log;

    @Inject
    private RegistrationPersistenceService registrationPersistenceService;

    @Inject
    private AttestationVerifier attestationVerifier;

    @Inject
    private DomainVerifier domainVerifier;

    @Inject
    private ChallengeGenerator challengeGenerator;

    @Inject
    private CommonVerifiers commonVerifiers;

    @Inject
    private DataMapperService dataMapperService;

    @Inject
    private Base64Service base64Service;

    public JsonNode options(JsonNode jsonNode) {
        this.log.debug("Attestation options {}", jsonNode);
        this.commonVerifiers.verifyAttestationOptions(jsonNode);
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        AttestationConveyancePreference verifyAttestationConveyanceType = this.commonVerifiers.verifyAttestationConveyanceType(jsonNode);
        createObjectNode.put("attestation", verifyAttestationConveyanceType.toString());
        this.log.debug("Put attestation {}", verifyAttestationConveyanceType);
        ObjectNode prepareAuthenticatorSelection = prepareAuthenticatorSelection(jsonNode);
        createObjectNode.set("authenticatorSelection", prepareAuthenticatorSelection);
        this.log.debug("Put authenticatorSelection {}", prepareAuthenticatorSelection);
        String challenge = this.challengeGenerator.getChallenge();
        createObjectNode.put("challenge", challenge);
        this.log.debug("Put challenge {}", challenge);
        ArrayNode preparePublicKeyCredentialSelection = preparePublicKeyCredentialSelection();
        createObjectNode.set("pubKeyCredParams", preparePublicKeyCredentialSelection);
        this.log.debug("Put pubKeyCredParams {}", preparePublicKeyCredentialSelection);
        String verifyRpDomain = this.commonVerifiers.verifyRpDomain(jsonNode);
        ObjectNode createRpDomain = createRpDomain(verifyRpDomain);
        createObjectNode.set("rp", createRpDomain);
        this.log.debug("Put rp {}", createRpDomain);
        String generateUserId = generateUserId();
        String asText = jsonNode.get("username").asText();
        ObjectNode createUserCredentials = createUserCredentials(generateUserId, asText, jsonNode.get("displayName").asText());
        createObjectNode.set("user", createUserCredentials);
        this.log.debug("Put user {}", createUserCredentials);
        ArrayNode prepareExcludeCredentials = prepareExcludeCredentials(verifyRpDomain, asText);
        createObjectNode.set("excludeCredentials", prepareExcludeCredentials);
        this.log.debug("Put excludeCredentials {}", prepareExcludeCredentials);
        int verifyTimeout = this.commonVerifiers.verifyTimeout(jsonNode);
        this.log.debug("Put timeout {}", Integer.valueOf(verifyTimeout));
        createObjectNode.put("timeout", verifyTimeout);
        if (jsonNode.hasNonNull("extensions")) {
            JsonNode jsonNode2 = jsonNode.get("extensions");
            createObjectNode.set("extensions", jsonNode2);
            this.log.debug("Put extensions {}", jsonNode2);
        }
        createObjectNode.put("status", "ok");
        createObjectNode.put("errorMessage", "");
        Fido2RegistrationData fido2RegistrationData = new Fido2RegistrationData();
        fido2RegistrationData.setUsername(asText);
        fido2RegistrationData.setUserId(generateUserId);
        fido2RegistrationData.setChallenge(challenge);
        fido2RegistrationData.setDomain(verifyRpDomain);
        fido2RegistrationData.setStatus(Fido2RegistrationStatus.pending);
        fido2RegistrationData.setAttenstationRequest(jsonNode.toString());
        this.registrationPersistenceService.save(fido2RegistrationData);
        return createObjectNode;
    }

    public JsonNode verify(JsonNode jsonNode) {
        this.log.debug("Attestation verify {}", jsonNode);
        this.commonVerifiers.verifyBasicPayload(jsonNode);
        this.commonVerifiers.verifyBase64UrlString(jsonNode, "type");
        JsonNode jsonNode2 = jsonNode.get("response");
        JsonNode verifyClientJSON = this.commonVerifiers.verifyClientJSON(jsonNode2);
        this.commonVerifiers.verifyClientJSONTypeIsCreate(verifyClientJSON);
        String challenge = this.commonVerifiers.getChallenge(verifyClientJSON);
        Fido2RegistrationEntry orElseThrow = this.registrationPersistenceService.findByChallenge(challenge).parallelStream().findAny().orElseThrow(() -> {
            return new Fido2RPRuntimeException(String.format("Can't find associated attestatioan request by challenge '%s'", challenge));
        });
        Fido2RegistrationData registrationData = orElseThrow.getRegistrationData();
        this.domainVerifier.verifyDomain(registrationData.getDomain(), verifyClientJSON);
        CredAndCounterData verifyAuthenticatorAttestationResponse = this.attestationVerifier.verifyAuthenticatorAttestationResponse(jsonNode2, registrationData);
        registrationData.setUncompressedECPoint(verifyAuthenticatorAttestationResponse.getUncompressedEcPoint());
        registrationData.setSignatureAlgorithm(verifyAuthenticatorAttestationResponse.getSignatureAlgorithm());
        registrationData.setCounter(verifyAuthenticatorAttestationResponse.getCounters());
        registrationData.setPublicKeyId(this.commonVerifiers.verifyCredentialId(verifyAuthenticatorAttestationResponse, jsonNode));
        registrationData.setType("public-key");
        registrationData.setStatus(Fido2RegistrationStatus.registered);
        registrationData.setAttenstationResponse(jsonNode.toString());
        this.registrationPersistenceService.update(orElseThrow);
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        createObjectNode.set("createdCredentials", (JsonNode) this.dataMapperService.convertValue(new PublicKeyCredentialDescriptor(registrationData.getType(), registrationData.getPublicKeyId()), JsonNode.class));
        createObjectNode.put("status", "ok");
        createObjectNode.put("errorMessage", "");
        return createObjectNode;
    }

    private ObjectNode prepareAuthenticatorSelection(JsonNode jsonNode) {
        AuthenticatorAttachment authenticatorAttachment = AuthenticatorAttachment.CROSS_PLATFORM;
        UserVerification userVerification = UserVerification.preferred;
        Boolean bool = false;
        if (jsonNode.hasNonNull("authenticatorSelection")) {
            JsonNode jsonNode2 = jsonNode.get("authenticatorSelection");
            authenticatorAttachment = this.commonVerifiers.verifyAuthenticatorAttachment(jsonNode2.get("authenticatorAttachment"));
            userVerification = this.commonVerifiers.verifyUserVerification(jsonNode2.get("userVerification"));
            bool = this.commonVerifiers.verifyRequireResidentKey(jsonNode2.get("requireResidentKey"));
        }
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        if (authenticatorAttachment != null) {
            createObjectNode.put("authenticatorAttachment", authenticatorAttachment.getAttachment());
        }
        if (bool != null) {
            createObjectNode.put("requireResidentKey", bool);
        }
        if (userVerification != null) {
            createObjectNode.put("userVerification", userVerification.toString());
        }
        return createObjectNode;
    }

    private ArrayNode preparePublicKeyCredentialSelection() {
        ArrayNode createArrayNode = this.dataMapperService.createArrayNode();
        ObjectNode addObject = createArrayNode.addObject();
        addObject.arrayNode().addObject();
        addObject.put("type", "public-key");
        addObject.put("alg", CoseRSAAlgorithm.RS256.getNumericValue());
        ObjectNode addObject2 = createArrayNode.addObject();
        addObject2.arrayNode().addObject();
        addObject2.put("type", "public-key");
        addObject2.put("alg", CoseEC2Algorithm.ES256.getNumericValue());
        return createArrayNode;
    }

    private ObjectNode createRpDomain(String str) {
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        createObjectNode.put("name", "oxAuth RP");
        createObjectNode.put("id", str);
        return createObjectNode;
    }

    private String generateUserId() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return this.base64Service.urlEncodeToString(bArr);
    }

    private ObjectNode createUserCredentials(String str, String str2, String str3) {
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        createObjectNode.put("id", str);
        createObjectNode.put("name", str2);
        createObjectNode.put("displayName", str3);
        return createObjectNode;
    }

    private ArrayNode prepareExcludeCredentials(String str, String str2) {
        List list = (List) this.registrationPersistenceService.findAllRegisteredByUsername(str2).parallelStream().filter(fido2RegistrationEntry -> {
            return StringHelper.equals(str, fido2RegistrationEntry.getRegistrationData().getDomain());
        }).filter(fido2RegistrationEntry2 -> {
            return StringHelper.isNotEmpty(fido2RegistrationEntry2.getRegistrationData().getPublicKeyId());
        }).map(fido2RegistrationEntry3 -> {
            return (JsonNode) this.dataMapperService.convertValue(new PublicKeyCredentialDescriptor(fido2RegistrationEntry3.getRegistrationData().getType(), fido2RegistrationEntry3.getRegistrationData().getPublicKeyId()), JsonNode.class);
        }).collect(Collectors.toList());
        ArrayNode createArrayNode = this.dataMapperService.createArrayNode();
        createArrayNode.addAll(list);
        return createArrayNode;
    }
}
