package io.quarkus.security.webauthn;

import io.quarkus.security.runtime.QuarkusPrincipal;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.vertx.http.runtime.security.PersistentLoginManager;
import io.smallrye.mutiny.Uni;
import io.vertx.core.Vertx;
import io.vertx.core.http.Cookie;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.webauthn.Authenticator;
import io.vertx.ext.auth.webauthn.RelyingParty;
import io.vertx.ext.auth.webauthn.WebAuthn;
import io.vertx.ext.auth.webauthn.WebAuthnCredentials;
import io.vertx.ext.auth.webauthn.WebAuthnOptions;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.impl.Origin;
import java.util.Objects;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/security/webauthn/WebAuthnSecurity.class */
public class WebAuthnSecurity {
    private WebAuthn webAuthn;
    private String origin;
    private String domain;

    @Inject
    WebAuthnAuthenticationMechanism authMech;

    public WebAuthnSecurity(WebAuthnRunTimeConfig webAuthnRunTimeConfig, Vertx vertx, WebAuthnAuthenticatorStorage webAuthnAuthenticatorStorage) {
        WebAuthnOptions webAuthnOptions = new WebAuthnOptions();
        RelyingParty relyingParty = new RelyingParty();
        if (webAuthnRunTimeConfig.relyingParty.id.isPresent()) {
            relyingParty.setId(webAuthnRunTimeConfig.relyingParty.id.get());
        }
        relyingParty.setName(webAuthnRunTimeConfig.relyingParty.name);
        webAuthnOptions.setRelyingParty(relyingParty);
        if (webAuthnRunTimeConfig.attestation.isPresent()) {
            webAuthnOptions.setAttestation(webAuthnRunTimeConfig.attestation.get());
        }
        if (webAuthnRunTimeConfig.authenticatorAttachment.isPresent()) {
            webAuthnOptions.setAuthenticatorAttachment(webAuthnRunTimeConfig.authenticatorAttachment.get());
        }
        if (webAuthnRunTimeConfig.challengeLength.isPresent()) {
            webAuthnOptions.setChallengeLength(webAuthnRunTimeConfig.challengeLength.getAsInt());
        }
        if (webAuthnRunTimeConfig.pubKeyCredParams.isPresent()) {
            webAuthnOptions.setPubKeyCredParams(webAuthnRunTimeConfig.pubKeyCredParams.get());
        }
        if (webAuthnRunTimeConfig.requireResidentKey.isPresent()) {
            webAuthnOptions.setRequireResidentKey(webAuthnRunTimeConfig.requireResidentKey.get().booleanValue());
        }
        if (webAuthnRunTimeConfig.timeout.isPresent()) {
            webAuthnOptions.setTimeout(Long.valueOf(webAuthnRunTimeConfig.timeout.get().toMillis()));
        }
        if (webAuthnRunTimeConfig.transports.isPresent()) {
            webAuthnOptions.setTransports(webAuthnRunTimeConfig.transports.get());
        }
        if (webAuthnRunTimeConfig.userVerification.isPresent()) {
            webAuthnOptions.setUserVerification(webAuthnRunTimeConfig.userVerification.get());
        }
        WebAuthn create = WebAuthn.create(vertx, webAuthnOptions);
        Objects.requireNonNull(webAuthnAuthenticatorStorage);
        WebAuthn authenticatorFetcher = create.authenticatorFetcher(webAuthnAuthenticatorStorage::fetcher);
        Objects.requireNonNull(webAuthnAuthenticatorStorage);
        this.webAuthn = authenticatorFetcher.authenticatorUpdater(webAuthnAuthenticatorStorage::updater);
        this.origin = webAuthnRunTimeConfig.origin.orElse(null);
        if (this.origin != null) {
            this.domain = Origin.parse(this.origin).host();
        }
    }

    public Uni<Authenticator> register(WebAuthnRegisterResponse webAuthnRegisterResponse, RoutingContext routingContext) {
        PersistentLoginManager.RestoreResult restore = this.authMech.getLoginManager().restore(routingContext, WebAuthnController.CHALLENGE_COOKIE);
        PersistentLoginManager.RestoreResult restore2 = this.authMech.getLoginManager().restore(routingContext, WebAuthnController.USERNAME_COOKIE);
        return (restore == null || restore.getPrincipal() == null || restore.getPrincipal().isEmpty() || restore2 == null || restore2.getPrincipal() == null || restore2.getPrincipal().isEmpty()) ? Uni.createFrom().failure(new RuntimeException("Missing challenge or username")) : Uni.createFrom().emitter(uniEmitter -> {
            this.webAuthn.authenticate(new WebAuthnCredentials().setOrigin(this.origin).setDomain(this.domain).setChallenge(restore.getPrincipal()).setUsername(restore2.getPrincipal()).setWebauthn(webAuthnRegisterResponse.toJsonObject()), asyncResult -> {
                removeCookie(routingContext, WebAuthnController.CHALLENGE_COOKIE);
                removeCookie(routingContext, WebAuthnController.USERNAME_COOKIE);
                if (asyncResult.succeeded()) {
                    uniEmitter.complete(new Authenticator(((User) asyncResult.result()).principal()));
                } else {
                    uniEmitter.fail(asyncResult.cause());
                }
            });
        });
    }

    public Uni<Authenticator> login(WebAuthnLoginResponse webAuthnLoginResponse, RoutingContext routingContext) {
        PersistentLoginManager.RestoreResult restore = this.authMech.getLoginManager().restore(routingContext, WebAuthnController.CHALLENGE_COOKIE);
        PersistentLoginManager.RestoreResult restore2 = this.authMech.getLoginManager().restore(routingContext, WebAuthnController.USERNAME_COOKIE);
        return (restore == null || restore.getPrincipal() == null || restore.getPrincipal().isEmpty() || restore2 == null || restore2.getPrincipal() == null || restore2.getPrincipal().isEmpty()) ? Uni.createFrom().failure(new RuntimeException("Missing challenge or username")) : Uni.createFrom().emitter(uniEmitter -> {
            this.webAuthn.authenticate(new WebAuthnCredentials().setOrigin(this.origin).setDomain(this.domain).setChallenge(restore.getPrincipal()).setUsername(restore2.getPrincipal()).setWebauthn(webAuthnLoginResponse.toJsonObject()), asyncResult -> {
                removeCookie(routingContext, WebAuthnController.CHALLENGE_COOKIE);
                removeCookie(routingContext, WebAuthnController.USERNAME_COOKIE);
                if (asyncResult.succeeded()) {
                    uniEmitter.complete(new Authenticator(((User) asyncResult.result()).principal()));
                } else {
                    uniEmitter.fail(asyncResult.cause());
                }
            });
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeCookie(RoutingContext routingContext, String str) {
        Cookie cookie = routingContext.request().getCookie(str);
        if (cookie != null) {
            cookie.setPath("/");
        }
        routingContext.response().removeCookie(str);
    }

    public WebAuthn getWebAuthn() {
        return this.webAuthn;
    }

    public void rememberUser(String str, RoutingContext routingContext) {
        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();
        builder.setPrincipal(new QuarkusPrincipal(str));
        this.authMech.getLoginManager().save(builder.build(), routingContext, (PersistentLoginManager.RestoreResult) null, routingContext.request().isSSL());
    }

    public void logout(RoutingContext routingContext) {
        this.authMech.getLoginManager().clear(routingContext);
    }
}
