package org.springframework.security.web.webauthn.registration;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.function.Supplier;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions;
import org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module;
import org.springframework.security.web.webauthn.management.ImmutablePublicKeyCredentialCreationOptionsRequest;
import org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.4.6.jar:org/springframework/security/web/webauthn/registration/PublicKeyCredentialCreationOptionsFilter.class */
public class PublicKeyCredentialCreationOptionsFilter extends OncePerRequestFilter {
    private final WebAuthnRelyingPartyOperations rpOperations;
    private PublicKeyCredentialCreationOptionsRepository repository = new HttpSessionPublicKeyCredentialCreationOptionsRepository();
    private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
    private RequestMatcher matcher = AntPathRequestMatcher.antMatcher(HttpMethod.POST, "/webauthn/register/options");
    private AuthorizationManager<HttpServletRequest> authorization = AuthenticatedAuthorizationManager.authenticated();
    private final HttpMessageConverter<Object> converter = new MappingJackson2HttpMessageConverter(Jackson2ObjectMapperBuilder.json().modules(new WebauthnJackson2Module()).build());

    public PublicKeyCredentialCreationOptionsFilter(WebAuthnRelyingPartyOperations webAuthnRelyingPartyOperations) {
        Assert.notNull(webAuthnRelyingPartyOperations, "rpOperations cannot be null");
        this.rpOperations = webAuthnRelyingPartyOperations;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.matcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Supplier<SecurityContext> deferredContext = this.securityContextHolderStrategy.getDeferredContext();
        Supplier<Authentication> supplier = () -> {
            return ((SecurityContext) deferredContext.get()).getAuthentication();
        };
        if (!this.authorization.check(supplier, httpServletRequest).isGranted()) {
            httpServletResponse.setStatus(400);
            return;
        }
        PublicKeyCredentialCreationOptions createPublicKeyCredentialCreationOptions = this.rpOperations.createPublicKeyCredentialCreationOptions(new ImmutablePublicKeyCredentialCreationOptionsRequest(supplier.get()));
        this.repository.save(httpServletRequest, httpServletResponse, createPublicKeyCredentialCreationOptions);
        httpServletResponse.setStatus(200);
        httpServletResponse.setHeader("Content-Type", "application/json");
        this.converter.write(createPublicKeyCredentialCreationOptions, MediaType.APPLICATION_JSON, new ServletServerHttpResponse(httpServletResponse));
    }
}
