package io.vertx.ext.web.handler.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.webauthn.WebAuthn;
import io.vertx.ext.auth.webauthn.WebAuthnCredentials;
import io.vertx.ext.auth.webauthn.impl.attestation.AttestationException;
import io.vertx.ext.web.Route;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.Session;
import io.vertx.ext.web.handler.HttpException;
import io.vertx.ext.web.handler.WebAuthnHandler;
import io.vertx.ext.web.impl.Origin;
import org.jboss.resteasy.spi.HttpResponseCodes;
import org.kie.kogito.explainability.api.BaseExplainabilityResult;
import org.wildfly.security.http.HttpConstants;

/* loaded from: input_file:io/vertx/ext/web/handler/impl/WebAuthnHandlerImpl.class */
public class WebAuthnHandlerImpl extends AuthenticationHandlerImpl<WebAuthn> implements WebAuthnHandler {
    private static final boolean CONFORMANCE = Boolean.getBoolean("io.vertx.ext.web.fido2.conformance.tests");
    private Route register;
    private Route login;
    private Route response;
    private String origin;
    private String domain;

    public WebAuthnHandlerImpl(WebAuthn webAuthn) {
        super(webAuthn);
        this.register = null;
        this.login = null;
        this.response = null;
    }

    private static boolean containsRequiredString(JsonObject jsonObject, String str) {
        if (jsonObject == null) {
            return false;
        }
        try {
            if (!jsonObject.containsKey(str)) {
                return false;
            }
            Object value = jsonObject.getValue(str);
            if (value instanceof String) {
                if (!"".equals(value)) {
                    return true;
                }
            }
            return false;
        } catch (ClassCastException e) {
            return false;
        }
    }

    private static boolean containsOptionalString(JsonObject jsonObject, String str) {
        if (jsonObject == null) {
            return true;
        }
        try {
            if (jsonObject.containsKey(str)) {
                return jsonObject.getValue(str) instanceof String;
            }
            return true;
        } catch (ClassCastException e) {
            return false;
        }
    }

    private static boolean containsRequiredObject(JsonObject jsonObject, String str) {
        if (jsonObject == null) {
            return false;
        }
        try {
            if (jsonObject.containsKey(str)) {
                return jsonObject.getJsonObject(str) != null;
            }
            return false;
        } catch (ClassCastException e) {
            return false;
        }
    }

    private static boolean matchesRoute(RoutingContext routingContext, Route route) {
        return route != null && routingContext.request().method() == HttpMethod.POST && routingContext.normalizedPath().equals(route.getPath());
    }

    @Override // io.vertx.ext.web.handler.impl.AuthenticationHandlerInternal
    public void authenticate(RoutingContext routingContext, Handler<AsyncResult<User>> handler) {
        if (this.response == null) {
            handler.handle(Future.failedFuture(new HttpException(500, new IllegalStateException("No callback mounted!"))));
            return;
        }
        if (matchesRoute(routingContext, this.response)) {
            handler.handle(Future.failedFuture(new HttpException(500, new IllegalStateException("The callback route is shaded by the WebAuthNAuthHandler, ensure the callback route is added BEFORE the WebAuthNAuthHandler route!"))));
            return;
        }
        if (matchesRoute(routingContext, this.register)) {
            handler.handle(Future.failedFuture(new HttpException(500, new IllegalStateException("The register callback route is shaded by the WebAuthNAuthHandler, ensure the callback route is added BEFORE the WebAuthNAuthHandler route!"))));
            return;
        }
        if (matchesRoute(routingContext, this.login)) {
            handler.handle(Future.failedFuture(new HttpException(500, new IllegalStateException("The login callback route is shaded by the WebAuthNAuthHandler, ensure the callback route is added BEFORE the WebAuthNAuthHandler route!"))));
        } else if (routingContext.user() == null) {
            handler.handle(Future.failedFuture(new HttpException(401)));
        } else {
            handler.handle(Future.succeededFuture(routingContext.user()));
        }
    }

    @Override // io.vertx.ext.web.handler.WebAuthnHandler
    public WebAuthnHandler setupCredentialsCreateCallback(Route route) {
        this.register = route.method(HttpMethod.POST).handler(routingContext -> {
            try {
                JsonObject bodyAsJson = routingContext.getBodyAsJson();
                Session session = routingContext.session();
                if (bodyAsJson == null || !containsRequiredString(bodyAsJson, "name")) {
                    routingContext.fail(400, new IllegalArgumentException("missing 'name' field from request json"));
                } else {
                    if (session == null) {
                        routingContext.fail(500, new IllegalStateException("No session or session handler is missing."));
                        return;
                    }
                    this.authProvider.createCredentialsOptions(bodyAsJson, asyncResult -> {
                        if (asyncResult.failed()) {
                            routingContext.fail(asyncResult.cause());
                            return;
                        }
                        JsonObject jsonObject = (JsonObject) asyncResult.result();
                        session.put("challenge", jsonObject.getString("challenge")).put("username", bodyAsJson.getString("name"));
                        ok(routingContext, jsonObject);
                    });
                }
            } catch (IllegalArgumentException e) {
                routingContext.fail(400, e);
            } catch (RuntimeException e2) {
                routingContext.fail(e2);
            }
        });
        return this;
    }

    @Override // io.vertx.ext.web.handler.WebAuthnHandler
    public WebAuthnHandler setupCredentialsGetCallback(Route route) {
        this.login = route.method(HttpMethod.POST).handler(routingContext -> {
            try {
                JsonObject bodyAsJson = routingContext.getBodyAsJson();
                Session session = routingContext.session();
                if (bodyAsJson == null || !containsRequiredString(bodyAsJson, "name")) {
                    routingContext.fail(400, new IllegalArgumentException("Request missing 'name' field"));
                } else if (session == null) {
                    routingContext.fail(500, new IllegalStateException("No session or session handler is missing."));
                } else {
                    String string = bodyAsJson.getString("name");
                    this.authProvider.getCredentialsOptions(string, asyncResult -> {
                        if (asyncResult.failed()) {
                            routingContext.fail(asyncResult.cause());
                            return;
                        }
                        JsonObject jsonObject = (JsonObject) asyncResult.result();
                        session.put("challenge", jsonObject.getString("challenge")).put("username", string);
                        ok(routingContext, jsonObject);
                    });
                }
            } catch (IllegalArgumentException e) {
                routingContext.fail(400, e);
            } catch (RuntimeException e2) {
                routingContext.fail(e2);
            }
        });
        return this;
    }

    @Override // io.vertx.ext.web.handler.WebAuthnHandler
    public WebAuthnHandler setupCallback(Route route) {
        this.response = route.method(HttpMethod.POST).handler(routingContext -> {
            try {
                JsonObject bodyAsJson = routingContext.getBodyAsJson();
                if (bodyAsJson == null || !containsRequiredString(bodyAsJson, "id") || !containsRequiredString(bodyAsJson, "rawId") || !containsRequiredObject(bodyAsJson, HttpConstants.RESPONSE) || !containsOptionalString(bodyAsJson.getJsonObject(HttpConstants.RESPONSE), "userHandle") || !containsRequiredString(bodyAsJson, "type") || !"public-key".equals(bodyAsJson.getString("type"))) {
                    routingContext.fail(400, new IllegalArgumentException("Response missing one or more of id/rawId/response[.userHandle]/type fields, or type is not public-key"));
                    return;
                }
                Session session = routingContext.session();
                if (session == null) {
                    routingContext.fail(500, new IllegalStateException("No session or session handler is missing."));
                } else {
                    this.authProvider.authenticate(new WebAuthnCredentials().setOrigin(this.origin).setDomain(this.domain).setChallenge((String) session.get("challenge")).setUsername((String) session.get("username")).setWebauthn(bodyAsJson), asyncResult -> {
                        session.remove("challenge");
                        if (asyncResult.succeeded()) {
                            routingContext.setUser((User) asyncResult.result());
                            session.regenerateId();
                            ok(routingContext);
                        } else {
                            Throwable cause = asyncResult.cause();
                            if (cause instanceof AttestationException) {
                                routingContext.fail(400, cause);
                            } else {
                                routingContext.fail(cause);
                            }
                        }
                    });
                }
            } catch (IllegalArgumentException e) {
                routingContext.fail(400, e);
            } catch (RuntimeException e2) {
                routingContext.fail(e2);
            }
        });
        return this;
    }

    @Override // io.vertx.ext.web.handler.WebAuthnHandler
    public WebAuthnHandler setOrigin(String str) {
        if (str != null) {
            Origin parse = Origin.parse(str);
            this.origin = parse.encode();
            this.domain = parse.host();
        } else {
            this.origin = null;
            this.domain = null;
        }
        return this;
    }

    private static void ok(RoutingContext routingContext) {
        if (CONFORMANCE) {
            routingContext.json(new JsonObject().put(BaseExplainabilityResult.STATUS_FIELD, "ok").put("errorMessage", ""));
        } else {
            routingContext.response().setStatusCode(HttpResponseCodes.SC_NO_CONTENT).end();
        }
    }

    private static void ok(RoutingContext routingContext, JsonObject jsonObject) {
        if (CONFORMANCE) {
            routingContext.json(jsonObject.put(BaseExplainabilityResult.STATUS_FIELD, "ok").put("errorMessage", ""));
        } else {
            routingContext.json(jsonObject);
        }
    }
}
