package com.webauthn4j.springframework.security;

import com.webauthn4j.springframework.security.server.ServerPropertyProvider;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.Assert;
import org.springframework.util.Base64Utils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/webauthn4j/springframework/security/WebAuthnProcessingFilter.class */
public class WebAuthnProcessingFilter extends UsernamePasswordAuthenticationFilter {
    public static final String SPRING_SECURITY_FORM_CREDENTIAL_ID_KEY = "credentialId";
    public static final String SPRING_SECURITY_FORM_CLIENT_DATA_JSON_KEY = "clientDataJSON";
    public static final String SPRING_SECURITY_FORM_AUTHENTICATOR_DATA_KEY = "authenticatorData";
    public static final String SPRING_SECURITY_FORM_SIGNATURE_KEY = "signature";
    public static final String SPRING_SECURITY_FORM_CLIENT_EXTENSIONS_JSON_KEY = "clientExtensionsJSON";
    private final List<GrantedAuthority> authorities;
    private String credentialIdParameter;
    private String clientDataJSONParameter;
    private String authenticatorDataParameter;
    private String signatureParameter;
    private String clientExtensionsJSONParameter;
    private ServerPropertyProvider serverPropertyProvider;
    private UserVerificationStrategy userVerificationStrategy;
    private AuthenticationTrustResolver trustResolver;
    private boolean postOnly;

    /* loaded from: input_file:com/webauthn4j/springframework/security/WebAuthnProcessingFilter$DefaultUserVerificationStrategy.class */
    private class DefaultUserVerificationStrategy implements UserVerificationStrategy {
        private DefaultUserVerificationStrategy() {
        }

        @Override // com.webauthn4j.springframework.security.UserVerificationStrategy
        public boolean isUserVerificationRequired() {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            return authentication == null || WebAuthnProcessingFilter.this.trustResolver.isAnonymous(authentication) || !authentication.isAuthenticated();
        }
    }

    public WebAuthnProcessingFilter() {
        this.credentialIdParameter = SPRING_SECURITY_FORM_CREDENTIAL_ID_KEY;
        this.clientDataJSONParameter = SPRING_SECURITY_FORM_CLIENT_DATA_JSON_KEY;
        this.authenticatorDataParameter = SPRING_SECURITY_FORM_AUTHENTICATOR_DATA_KEY;
        this.signatureParameter = SPRING_SECURITY_FORM_SIGNATURE_KEY;
        this.clientExtensionsJSONParameter = SPRING_SECURITY_FORM_CLIENT_EXTENSIONS_JSON_KEY;
        this.userVerificationStrategy = new DefaultUserVerificationStrategy();
        this.trustResolver = new AuthenticationTrustResolverImpl();
        this.postOnly = true;
        this.authorities = AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"});
        this.serverPropertyProvider = null;
    }

    public WebAuthnProcessingFilter(List<GrantedAuthority> list, ServerPropertyProvider serverPropertyProvider) {
        this.credentialIdParameter = SPRING_SECURITY_FORM_CREDENTIAL_ID_KEY;
        this.clientDataJSONParameter = SPRING_SECURITY_FORM_CLIENT_DATA_JSON_KEY;
        this.authenticatorDataParameter = SPRING_SECURITY_FORM_AUTHENTICATOR_DATA_KEY;
        this.signatureParameter = SPRING_SECURITY_FORM_SIGNATURE_KEY;
        this.clientExtensionsJSONParameter = SPRING_SECURITY_FORM_CLIENT_EXTENSIONS_JSON_KEY;
        this.userVerificationStrategy = new DefaultUserVerificationStrategy();
        this.trustResolver = new AuthenticationTrustResolverImpl();
        this.postOnly = true;
        Assert.notNull(list, "authorities must not be null");
        Assert.notNull(serverPropertyProvider, "serverPropertyProvider must not be null");
        this.authorities = list;
        this.serverPropertyProvider = serverPropertyProvider;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.postOnly && !HttpMethod.POST.matches(httpServletRequest.getMethod())) {
            throw new AuthenticationServiceException("Authentication method not supported: " + httpServletRequest.getMethod());
        }
        String obtainCredentialId = obtainCredentialId(httpServletRequest);
        if (StringUtils.isEmpty(obtainCredentialId)) {
            String obtainUsername = obtainUsername(httpServletRequest);
            String obtainPassword = obtainPassword(httpServletRequest);
            if (obtainUsername == null) {
                obtainUsername = "";
            }
            if (obtainPassword == null) {
                obtainPassword = "";
            }
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(obtainUsername.trim(), obtainPassword);
            setDetails(httpServletRequest, usernamePasswordAuthenticationToken);
            return getAuthenticationManager().authenticate(usernamePasswordAuthenticationToken);
        }
        String obtainClientDataJSON = obtainClientDataJSON(httpServletRequest);
        String obtainAuthenticatorData = obtainAuthenticatorData(httpServletRequest);
        String obtainSignatureData = obtainSignatureData(httpServletRequest);
        WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken = new WebAuthnAssertionAuthenticationToken(new WebAuthnAuthenticationRequest(Base64Utils.decodeFromUrlSafeString(obtainCredentialId), Base64Utils.decodeFromUrlSafeString(obtainClientDataJSON), Base64Utils.decodeFromUrlSafeString(obtainAuthenticatorData), Base64Utils.decodeFromUrlSafeString(obtainSignatureData), obtainClientExtensionsJSON(httpServletRequest)), new WebAuthnAuthenticationParameters(this.serverPropertyProvider.provide(httpServletRequest), this.userVerificationStrategy.isUserVerificationRequired(), true), this.authorities);
        setDetails(httpServletRequest, webAuthnAssertionAuthenticationToken);
        return getAuthenticationManager().authenticate(webAuthnAssertionAuthenticationToken);
    }

    public void setPostOnly(boolean z) {
        this.postOnly = z;
    }

    public String getCredentialIdParameter() {
        return this.credentialIdParameter;
    }

    public void setCredentialIdParameter(String str) {
        Assert.hasText(str, "credentialId parameter must not be empty or null");
        this.credentialIdParameter = str;
    }

    public String getClientDataJSONParameter() {
        return this.clientDataJSONParameter;
    }

    public void setClientDataJSONParameter(String str) {
        Assert.hasText(str, "clientDataJSON parameter must not be empty or null");
        this.clientDataJSONParameter = str;
    }

    public String getAuthenticatorDataParameter() {
        return this.authenticatorDataParameter;
    }

    public void setAuthenticatorDataParameter(String str) {
        Assert.hasText(str, "authenticatorData parameter must not be empty or null");
        this.authenticatorDataParameter = str;
    }

    public String getSignatureParameter() {
        return this.signatureParameter;
    }

    public void setSignatureParameter(String str) {
        Assert.hasText(str, "signature parameter must not be empty or null");
        this.signatureParameter = str;
    }

    public String getClientExtensionsJSONParameter() {
        return this.clientExtensionsJSONParameter;
    }

    public void setClientExtensionsJSONParameter(String str) {
        Assert.hasText(str, "clientExtensionsJSON parameter must not be empty or null");
        this.clientExtensionsJSONParameter = str;
    }

    public ServerPropertyProvider getServerPropertyProvider() {
        return this.serverPropertyProvider;
    }

    public void setServerPropertyProvider(ServerPropertyProvider serverPropertyProvider) {
        this.serverPropertyProvider = serverPropertyProvider;
    }

    protected void setDetails(HttpServletRequest httpServletRequest, AbstractAuthenticationToken abstractAuthenticationToken) {
        abstractAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
    }

    private String obtainClientDataJSON(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.clientDataJSONParameter);
    }

    private String obtainCredentialId(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.credentialIdParameter);
    }

    private String obtainAuthenticatorData(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.authenticatorDataParameter);
    }

    private String obtainSignatureData(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.signatureParameter);
    }

    private String obtainClientExtensionsJSON(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.clientExtensionsJSONParameter);
    }
}
