package org.gluu.oxauth.fido2.service.operation;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.util.List;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.gluu.oxauth.fido2.ctap.UserVerification;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.auth.PublicKeyCredentialDescriptor;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationData;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationEntry;
import org.gluu.oxauth.fido2.model.entry.Fido2AuthenticationStatus;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationData;
import org.gluu.oxauth.fido2.service.ChallengeGenerator;
import org.gluu.oxauth.fido2.service.DataMapperService;
import org.gluu.oxauth.fido2.service.persist.AuthenticationPersistenceService;
import org.gluu.oxauth.fido2.service.persist.RegistrationPersistenceService;
import org.gluu.oxauth.fido2.service.verifier.AssertionVerifier;
import org.gluu.oxauth.fido2.service.verifier.CommonVerifiers;
import org.gluu.oxauth.fido2.service.verifier.DomainVerifier;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/operation/AssertionService.class */
public class AssertionService {

    @Inject
    private Logger log;

    @Inject
    private DomainVerifier domainVerifier;

    @Inject
    private RegistrationPersistenceService registrationPersistenceService;

    @Inject
    private AuthenticationPersistenceService authenticationPersistenceService;

    @Inject
    private AssertionVerifier assertionVerifier;

    @Inject
    private ChallengeGenerator challengeGenerator;

    @Inject
    private DataMapperService dataMapperService;

    @Inject
    private CommonVerifiers commonVerifiers;

    public JsonNode options(JsonNode jsonNode) {
        this.log.debug("Assertion options {}", jsonNode);
        this.commonVerifiers.verifyAssertionOptions(jsonNode);
        String verifyThatFieldString = this.commonVerifiers.verifyThatFieldString(jsonNode, "username");
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        UserVerification prepareUserVerification = this.commonVerifiers.prepareUserVerification(jsonNode);
        createObjectNode.put("userVerification", prepareUserVerification.name());
        String challenge = this.challengeGenerator.getChallenge();
        createObjectNode.put("challenge", challenge);
        this.log.debug("Put challenge {}", challenge);
        String verifyRpDomain = this.commonVerifiers.verifyRpDomain(jsonNode);
        this.log.debug("Put rpId {}", verifyRpDomain);
        createObjectNode.put("rpId", verifyRpDomain);
        ArrayNode prepareAllowedCredentials = prepareAllowedCredentials(verifyRpDomain, verifyThatFieldString);
        if (prepareAllowedCredentials.isEmpty()) {
            throw new Fido2RPRuntimeException("Can't find associated key(s). Username: " + verifyThatFieldString);
        }
        createObjectNode.set("allowCredentials", prepareAllowedCredentials);
        this.log.debug("Put allowedCredentials {}", prepareAllowedCredentials);
        int verifyTimeout = this.commonVerifiers.verifyTimeout(jsonNode);
        this.log.debug("Put timeout {}", Integer.valueOf(verifyTimeout));
        createObjectNode.put("timeout", verifyTimeout);
        if (jsonNode.hasNonNull("extensions")) {
            JsonNode jsonNode2 = jsonNode.get("extensions");
            createObjectNode.set("extensions", jsonNode2);
            this.log.debug("Put extensions {}", jsonNode2);
        }
        createObjectNode.put("status", "ok");
        createObjectNode.put("errorMessage", "");
        Fido2AuthenticationData fido2AuthenticationData = new Fido2AuthenticationData();
        fido2AuthenticationData.setUsername(verifyThatFieldString);
        fido2AuthenticationData.setChallenge(challenge);
        fido2AuthenticationData.setDomain(verifyRpDomain);
        fido2AuthenticationData.setUserVerificationOption(prepareUserVerification);
        fido2AuthenticationData.setStatus(Fido2AuthenticationStatus.pending);
        fido2AuthenticationData.setAssertionRequest(jsonNode.toString());
        this.authenticationPersistenceService.save(fido2AuthenticationData);
        return createObjectNode;
    }

    public JsonNode verify(JsonNode jsonNode) {
        this.log.debug("authenticateResponse {}", jsonNode);
        this.commonVerifiers.verifyBasicPayload(jsonNode);
        String verifyThatFieldString = this.commonVerifiers.verifyThatFieldString(jsonNode, "id");
        this.commonVerifiers.verifyAssertionType(jsonNode, "type");
        this.commonVerifiers.verifyThatFieldString(jsonNode, "rawId");
        JsonNode jsonNode2 = jsonNode.get("response");
        if (jsonNode2.hasNonNull("userHandle")) {
            this.commonVerifiers.verifyThatFieldString(jsonNode.get("response"), "userHandle");
        }
        JsonNode verifyClientJSON = this.commonVerifiers.verifyClientJSON(jsonNode2);
        this.commonVerifiers.verifyClientJSONTypeIsGet(verifyClientJSON);
        String challenge = this.commonVerifiers.getChallenge(verifyClientJSON);
        Fido2AuthenticationEntry orElseThrow = this.authenticationPersistenceService.findByChallenge(challenge).parallelStream().findFirst().orElseThrow(() -> {
            return new Fido2RPRuntimeException(String.format("Can't find associated assertion request by challenge '%s'", challenge));
        });
        Fido2AuthenticationData authenticationData = orElseThrow.getAuthenticationData();
        this.domainVerifier.verifyDomain(authenticationData.getDomain(), verifyClientJSON);
        Fido2RegistrationData registrationData = this.registrationPersistenceService.findByPublicKeyId(verifyThatFieldString).orElseThrow(() -> {
            return new Fido2RPRuntimeException(String.format("Couldn't find the key by PublicKeyId '%s'", verifyThatFieldString));
        }).getRegistrationData();
        this.assertionVerifier.verifyAuthenticatorAssertionResponse(jsonNode2, registrationData, authenticationData);
        authenticationData.setAssertionResponse(jsonNode.toString());
        authenticationData.setStatus(Fido2AuthenticationStatus.authenticated);
        this.authenticationPersistenceService.update(orElseThrow);
        ObjectNode createObjectNode = this.dataMapperService.createObjectNode();
        createObjectNode.set("authenticatedCredentials", (JsonNode) this.dataMapperService.convertValue(new PublicKeyCredentialDescriptor(registrationData.getType(), registrationData.getPublicKeyId()), JsonNode.class));
        createObjectNode.put("status", "ok");
        createObjectNode.put("errorMessage", "");
        return createObjectNode;
    }

    private ArrayNode prepareAllowedCredentials(String str, String str2) {
        List list = (List) this.registrationPersistenceService.findAllRegisteredByUsername(str2).parallelStream().filter(fido2RegistrationEntry -> {
            return StringHelper.equals(str, fido2RegistrationEntry.getRegistrationData().getDomain());
        }).filter(fido2RegistrationEntry2 -> {
            return StringHelper.isNotEmpty(fido2RegistrationEntry2.getRegistrationData().getPublicKeyId());
        }).map(fido2RegistrationEntry3 -> {
            return (JsonNode) this.dataMapperService.convertValue(new PublicKeyCredentialDescriptor(fido2RegistrationEntry3.getRegistrationData().getType(), new String[]{"usb", "ble", "nfc"}, fido2RegistrationEntry3.getRegistrationData().getPublicKeyId()), JsonNode.class);
        }).collect(Collectors.toList());
        ArrayNode createArrayNode = this.dataMapperService.createArrayNode();
        createArrayNode.addAll(list);
        return createArrayNode;
    }
}
