package org.springframework.security.config.annotation.web.configurers;

import java.util.HashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.ui.DefaultResourcesFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity;
import org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter;
import org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter;
import org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationProvider;
import org.springframework.security.web.webauthn.management.MapPublicKeyCredentialUserEntityRepository;
import org.springframework.security.web.webauthn.management.MapUserCredentialRepository;
import org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository;
import org.springframework.security.web.webauthn.management.UserCredentialRepository;
import org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations;
import org.springframework.security.web.webauthn.management.Webauthn4JRelyingPartyOperations;
import org.springframework.security.web.webauthn.registration.DefaultWebAuthnRegistrationPageGeneratingFilter;
import org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsFilter;
import org.springframework.security.web.webauthn.registration.PublicKeyCredentialCreationOptionsRepository;
import org.springframework.security.web.webauthn.registration.WebAuthnRegistrationFilter;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-config-6.5.0.jar:org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.class */
public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractHttpConfigurer<WebAuthnConfigurer<H>, H> {
    private String rpId;
    private String rpName;
    private Set<String> allowedOrigins = new HashSet();
    private boolean disableDefaultRegistrationPage = false;
    private PublicKeyCredentialCreationOptionsRepository creationOptionsRepository;
    private HttpMessageConverter<Object> converter;

    public WebAuthnConfigurer<H> rpId(String str) {
        Assert.hasText(str, "rpId be null or empty");
        this.rpId = str;
        return this;
    }

    public WebAuthnConfigurer<H> rpName(String str) {
        Assert.hasText(str, "rpName can't be null or empty");
        this.rpName = str;
        return this;
    }

    public WebAuthnConfigurer<H> allowedOrigins(String... strArr) {
        return allowedOrigins(Set.of((Object[]) strArr));
    }

    public WebAuthnConfigurer<H> allowedOrigins(Set<String> set) {
        Assert.notNull(set, "allowedOrigins can't be null");
        this.allowedOrigins = set;
        return this;
    }

    public WebAuthnConfigurer<H> disableDefaultRegistrationPage(boolean z) {
        this.disableDefaultRegistrationPage = z;
        return this;
    }

    public WebAuthnConfigurer<H> messageConverter(HttpMessageConverter<Object> httpMessageConverter) {
        Assert.notNull(httpMessageConverter, "converter can't be null");
        this.converter = httpMessageConverter;
        return this;
    }

    public WebAuthnConfigurer<H> creationOptionsRepository(PublicKeyCredentialCreationOptionsRepository publicKeyCredentialCreationOptionsRepository) {
        Assert.notNull(publicKeyCredentialCreationOptionsRepository, "creationOptionsRepository can't be null");
        this.creationOptionsRepository = publicKeyCredentialCreationOptionsRepository;
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(H h) throws Exception {
        UserDetailsService userDetailsService = (UserDetailsService) getSharedOrBean(h, UserDetailsService.class).orElseThrow(() -> {
            return new IllegalStateException("Missing UserDetailsService Bean");
        });
        PublicKeyCredentialUserEntityRepository publicKeyCredentialUserEntityRepository = (PublicKeyCredentialUserEntityRepository) getSharedOrBean(h, PublicKeyCredentialUserEntityRepository.class).orElse(userEntityRepository());
        UserCredentialRepository userCredentialRepository = (UserCredentialRepository) getSharedOrBean(h, UserCredentialRepository.class).orElse(userCredentialRepository());
        WebAuthnRelyingPartyOperations webAuthnRelyingPartyOperations = webAuthnRelyingPartyOperations(publicKeyCredentialUserEntityRepository, userCredentialRepository);
        PublicKeyCredentialCreationOptionsRepository creationOptionsRepository = creationOptionsRepository();
        WebAuthnAuthenticationFilter webAuthnAuthenticationFilter = new WebAuthnAuthenticationFilter();
        webAuthnAuthenticationFilter.setAuthenticationManager(new ProviderManager(new WebAuthnAuthenticationProvider(webAuthnRelyingPartyOperations, userDetailsService)));
        WebAuthnRegistrationFilter webAuthnRegistrationFilter = new WebAuthnRegistrationFilter(userCredentialRepository, webAuthnRelyingPartyOperations);
        PublicKeyCredentialCreationOptionsFilter publicKeyCredentialCreationOptionsFilter = new PublicKeyCredentialCreationOptionsFilter(webAuthnRelyingPartyOperations);
        if (creationOptionsRepository != null) {
            webAuthnRegistrationFilter.setCreationOptionsRepository(creationOptionsRepository);
            publicKeyCredentialCreationOptionsFilter.setCreationOptionsRepository(creationOptionsRepository);
        }
        if (this.converter != null) {
            webAuthnRegistrationFilter.setConverter(this.converter);
            publicKeyCredentialCreationOptionsFilter.setConverter(this.converter);
        }
        h.addFilterBefore(webAuthnAuthenticationFilter, BasicAuthenticationFilter.class);
        h.addFilterAfter(webAuthnRegistrationFilter, AuthorizationFilter.class);
        h.addFilterBefore(publicKeyCredentialCreationOptionsFilter, AuthorizationFilter.class);
        h.addFilterBefore(new PublicKeyCredentialRequestOptionsFilter(webAuthnRelyingPartyOperations), AuthorizationFilter.class);
        DefaultLoginPageGeneratingFilter defaultLoginPageGeneratingFilter = (DefaultLoginPageGeneratingFilter) h.getSharedObject(DefaultLoginPageGeneratingFilter.class);
        boolean z = defaultLoginPageGeneratingFilter != null && defaultLoginPageGeneratingFilter.isEnabled();
        if (z) {
            defaultLoginPageGeneratingFilter.setPasskeysEnabled(true);
            defaultLoginPageGeneratingFilter.setResolveHeaders(httpServletRequest -> {
                CsrfToken csrfToken = (CsrfToken) httpServletRequest.getAttribute(CsrfToken.class.getName());
                return Map.of(csrfToken.getHeaderName(), csrfToken.getToken());
            });
        }
        if (!this.disableDefaultRegistrationPage) {
            h.addFilterAfter(new DefaultWebAuthnRegistrationPageGeneratingFilter(publicKeyCredentialUserEntityRepository, userCredentialRepository), AuthorizationFilter.class);
            if (!z) {
                h.addFilter(DefaultResourcesFilter.css());
            }
        }
        if (z || !this.disableDefaultRegistrationPage) {
            h.addFilter(DefaultResourcesFilter.webauthn());
        }
    }

    private PublicKeyCredentialCreationOptionsRepository creationOptionsRepository() {
        return this.creationOptionsRepository != null ? this.creationOptionsRepository : (PublicKeyCredentialCreationOptionsRepository) ((ApplicationContext) ((HttpSecurityBuilder) getBuilder()).getSharedObject(ApplicationContext.class)).getBeanProvider(PublicKeyCredentialCreationOptionsRepository.class).getIfUnique();
    }

    private <C> Optional<C> getSharedOrBean(H h, Class<C> cls) {
        return Optional.ofNullable(h.getSharedObject(cls)).or(() -> {
            return getBeanOrNull(cls);
        });
    }

    private <T> Optional<T> getBeanOrNull(Class<T> cls) {
        ApplicationContext applicationContext = (ApplicationContext) ((HttpSecurityBuilder) getBuilder()).getSharedObject(ApplicationContext.class);
        if (applicationContext == null) {
            return Optional.empty();
        }
        try {
            return Optional.of(applicationContext.getBean(cls));
        } catch (NoSuchBeanDefinitionException e) {
            return Optional.empty();
        }
    }

    private MapUserCredentialRepository userCredentialRepository() {
        return new MapUserCredentialRepository();
    }

    private PublicKeyCredentialUserEntityRepository userEntityRepository() {
        return new MapPublicKeyCredentialUserEntityRepository();
    }

    private WebAuthnRelyingPartyOperations webAuthnRelyingPartyOperations(PublicKeyCredentialUserEntityRepository publicKeyCredentialUserEntityRepository, UserCredentialRepository userCredentialRepository) {
        return (WebAuthnRelyingPartyOperations) getBeanOrNull(WebAuthnRelyingPartyOperations.class).orElseGet(() -> {
            return new Webauthn4JRelyingPartyOperations(publicKeyCredentialUserEntityRepository, userCredentialRepository, PublicKeyCredentialRpEntity.builder().id(this.rpId).name(this.rpName).build(), this.allowedOrigins);
        });
    }
}
