package com.webauthn4j.springframework.security;

import com.webauthn4j.WebAuthnManager;
import com.webauthn4j.authenticator.AuthenticatorImpl;
import com.webauthn4j.data.AuthenticationParameters;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator;
import com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService;
import com.webauthn4j.springframework.security.exception.CredentialIdNotFoundException;
import com.webauthn4j.springframework.security.util.internal.ExceptionUtil;
import com.webauthn4j.util.exception.WebAuthnException;
import java.util.Collection;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;

/* loaded from: input_file:com/webauthn4j/springframework/security/WebAuthnAuthenticationProvider.class */
public class WebAuthnAuthenticationProvider implements AuthenticationProvider {
    private final WebAuthnAuthenticatorService authenticatorService;
    private final WebAuthnManager webAuthnManager;
    protected final Log logger = LogFactory.getLog(getClass());
    protected final MessageSourceAccessor messages = SpringSecurityWebAuthnMessageSource.getAccessor();
    private boolean hideCredentialIdNotFoundExceptions = true;

    public WebAuthnAuthenticationProvider(WebAuthnAuthenticatorService webAuthnAuthenticatorService, WebAuthnManager webAuthnManager) {
        Assert.notNull(webAuthnAuthenticatorService, "authenticatorService must not be null");
        Assert.notNull(webAuthnManager, "webAuthnManager must not be null");
        this.authenticatorService = webAuthnAuthenticatorService;
        this.webAuthnManager = webAuthnManager;
    }

    public Authentication authenticate(Authentication authentication) {
        if (!supports(authentication.getClass())) {
            throw new IllegalArgumentException("Only WebAuthnAssertionAuthenticationToken is supported, " + authentication.getClass() + " was attempted");
        }
        WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken = (WebAuthnAssertionAuthenticationToken) authentication;
        WebAuthnAuthenticationRequest m0getCredentials = webAuthnAssertionAuthenticationToken.m0getCredentials();
        if (m0getCredentials == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("WebAuthnAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        byte[] credentialId = m0getCredentials.getCredentialId();
        WebAuthnAuthenticator retrieveAuthenticator = retrieveAuthenticator(credentialId);
        doAuthenticate(webAuthnAssertionAuthenticationToken, retrieveAuthenticator);
        this.authenticatorService.updateCounter(credentialId, retrieveAuthenticator.getCounter());
        return createSuccessAuthentication(webAuthnAssertionAuthenticationToken, retrieveAuthenticator);
    }

    protected Authentication createSuccessAuthentication(WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken, WebAuthnAuthenticator webAuthnAuthenticator) {
        Object userPrincipal = webAuthnAuthenticator.getUserPrincipal();
        Collection collection = null;
        if (userPrincipal instanceof UserDetails) {
            collection = ((UserDetails) userPrincipal).getAuthorities();
        }
        WebAuthnAuthenticationToken webAuthnAuthenticationToken = new WebAuthnAuthenticationToken(userPrincipal, webAuthnAssertionAuthenticationToken.m0getCredentials(), collection);
        webAuthnAuthenticationToken.setDetails(webAuthnAssertionAuthenticationToken.getDetails());
        return webAuthnAuthenticationToken;
    }

    public boolean supports(Class<?> cls) {
        return WebAuthnAssertionAuthenticationToken.class.isAssignableFrom(cls);
    }

    void doAuthenticate(WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken, WebAuthnAuthenticator webAuthnAuthenticator) {
        WebAuthnAuthenticationRequest m0getCredentials = webAuthnAssertionAuthenticationToken.m0getCredentials();
        WebAuthnAuthenticationParameters parameters = webAuthnAssertionAuthenticationToken.getParameters();
        try {
            this.webAuthnManager.validate(new AuthenticationRequest(m0getCredentials.getCredentialId(), m0getCredentials.getAuthenticatorData(), m0getCredentials.getClientDataJSON(), m0getCredentials.getClientExtensionsJSON(), m0getCredentials.getSignature()), new AuthenticationParameters(parameters.getServerProperty(), new AuthenticatorImpl(webAuthnAuthenticator.getAttestedCredentialData(), webAuthnAuthenticator.getAttestationStatement(), webAuthnAuthenticator.getCounter(), webAuthnAuthenticator.getTransports(), webAuthnAuthenticator.getClientExtensions(), webAuthnAuthenticator.getAuthenticatorExtensions()), parameters.isUserVerificationRequired(), parameters.isUserPresenceRequired()));
        } catch (WebAuthnException e) {
            throw ExceptionUtil.wrapWithAuthenticationException(e);
        }
    }

    public boolean isHideCredentialIdNotFoundExceptions() {
        return this.hideCredentialIdNotFoundExceptions;
    }

    public void setHideCredentialIdNotFoundExceptions(boolean z) {
        this.hideCredentialIdNotFoundExceptions = z;
    }

    WebAuthnAuthenticator retrieveAuthenticator(byte[] bArr) {
        try {
            WebAuthnAuthenticator loadAuthenticatorByCredentialId = this.authenticatorService.loadAuthenticatorByCredentialId(bArr);
            if (loadAuthenticatorByCredentialId == null) {
                throw new InternalAuthenticationServiceException("WebAuthnAuthenticatorService returned null, which is an interface contract violation");
            }
            return loadAuthenticatorByCredentialId;
        } catch (CredentialIdNotFoundException e) {
            if (this.hideCredentialIdNotFoundExceptions) {
                throw new BadCredentialsException(this.messages.getMessage("WebAuthnAuthenticationProvider.badCredentials", "Bad credentials"));
            }
            throw e;
        } catch (Exception e2) {
            throw new InternalAuthenticationServiceException(e2.getMessage(), e2);
        }
    }
}
