package io.quarkus.test.security.webauthn;

import com.fasterxml.jackson.dataformat.cbor.CBORFactory;
import com.fasterxml.jackson.dataformat.cbor.CBORGenerator;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.impl.Codec;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.util.Base64;
import java.util.Random;

/* loaded from: input_file:io/quarkus/test/security/webauthn/WebAuthnHardware.class */
public class WebAuthnHardware {
    private KeyPair keyPair;
    private String id;
    private byte[] credID;
    private int counter = 1;
    private URL origin;

    public WebAuthnHardware(URL url) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"));
            this.keyPair = keyPairGenerator.generateKeyPair();
            Random random = new Random();
            this.credID = new byte[32];
            random.nextBytes(this.credID);
            this.id = Base64.getUrlEncoder().withoutPadding().encodeToString(this.credID);
            this.origin = url;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public JsonObject makeRegistrationJson(String str) {
        String encodeToString = Base64.getUrlEncoder().encodeToString(new JsonObject().put("type", "webauthn.create").put("challenge", str).put("origin", this.origin.toString()).put("crossOrigin", false).encode().getBytes(StandardCharsets.UTF_8));
        byte[] makeAuthBytes = makeAuthBytes(true);
        CBORFactory cBORFactory = new CBORFactory();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            CBORGenerator createGenerator = cBORFactory.createGenerator(byteArrayOutputStream);
            createGenerator.writeStartObject();
            createGenerator.writeStringField("fmt", "none");
            createGenerator.writeObjectFieldStart("attStmt");
            createGenerator.writeEndObject();
            createGenerator.writeBinaryField("authData", makeAuthBytes);
            createGenerator.writeEndObject();
            createGenerator.close();
            return new JsonObject().put("id", this.id).put("rawId", this.id).put("response", new JsonObject().put("attestationObject", Base64.getUrlEncoder().encodeToString(byteArrayOutputStream.toByteArray())).put("clientDataJSON", encodeToString)).put("type", "public-key");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public JsonObject makeLoginJson(String str) {
        byte[] bytes = new JsonObject().put("type", "webauthn.get").put("challenge", str).put("origin", this.origin.toString()).put("crossOrigin", false).encode().getBytes(StandardCharsets.UTF_8);
        String encodeToString = Base64.getUrlEncoder().encodeToString(bytes);
        byte[] makeAuthBytes = makeAuthBytes(false);
        String encodeToString2 = Base64.getUrlEncoder().encodeToString(makeAuthBytes);
        try {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(bytes);
            byte[] bArr = new byte[makeAuthBytes.length + digest.length];
            System.arraycopy(makeAuthBytes, 0, bArr, 0, makeAuthBytes.length);
            System.arraycopy(digest, 0, bArr, makeAuthBytes.length, digest.length);
            try {
                Signature signature = Signature.getInstance("SHA256withECDSA");
                signature.initSign(this.keyPair.getPrivate());
                signature.update(bArr);
                return new JsonObject().put("id", this.id).put("rawId", this.id).put("response", new JsonObject().put("authenticatorData", encodeToString2).put("clientDataJSON", encodeToString).put("signature", Base64.getUrlEncoder().encodeToString(signature.sign()))).put("type", "public-key");
            } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private byte[] makeAuthBytes(boolean z) {
        Buffer buffer = Buffer.buffer();
        try {
            buffer.appendBytes(MessageDigest.getInstance("SHA-256").digest("localhost".getBytes(StandardCharsets.UTF_8)));
            buffer.appendByte((byte) 69);
            int i = this.counter;
            this.counter = i + 1;
            buffer.appendUnsignedInt(i);
            if (z) {
                buffer.appendBytes(Codec.base16Decode("00000000-0000-0000-0000-000000000000".replace("-", "")));
                buffer.appendUnsignedShort(this.credID.length);
                buffer.appendBytes(this.credID);
                ECPublicKey eCPublicKey = (ECPublicKey) this.keyPair.getPublic();
                Base64.Encoder encoder = Base64.getEncoder();
                String encodeToString = encoder.encodeToString(eCPublicKey.getW().getAffineX().toByteArray());
                String encodeToString2 = encoder.encodeToString(eCPublicKey.getW().getAffineY().toByteArray());
                CBORFactory cBORFactory = new CBORFactory();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    CBORGenerator createGenerator = cBORFactory.createGenerator(byteArrayOutputStream);
                    createGenerator.writeStartObject();
                    createGenerator.writeNumberField("1", 2);
                    createGenerator.writeNumberField("3", -7);
                    createGenerator.writeNumberField("-1", 1);
                    createGenerator.writeStringField("-2", encodeToString);
                    createGenerator.writeStringField("-3", encodeToString2);
                    createGenerator.writeEndObject();
                    createGenerator.close();
                    buffer.appendBytes(byteArrayOutputStream.toByteArray());
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            return buffer.getBytes();
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }
}
