package io.vertx.ext.web.tests.handler;

import com.webauthn4j.converter.AttestedCredentialDataConverter;
import com.webauthn4j.converter.AuthenticationExtensionsClientOutputsConverter;
import com.webauthn4j.converter.AuthenticatorDataConverter;
import com.webauthn4j.converter.util.ObjectConverter;
import com.webauthn4j.data.AttestationConveyancePreference;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.data.AuthenticatorAssertionResponse;
import com.webauthn4j.data.AuthenticatorAttachment;
import com.webauthn4j.data.AuthenticatorAttestationResponse;
import com.webauthn4j.data.AuthenticatorSelectionCriteria;
import com.webauthn4j.data.PublicKeyCredential;
import com.webauthn4j.data.PublicKeyCredentialCreationOptions;
import com.webauthn4j.data.PublicKeyCredentialParameters;
import com.webauthn4j.data.PublicKeyCredentialRequestOptions;
import com.webauthn4j.data.PublicKeyCredentialRpEntity;
import com.webauthn4j.data.PublicKeyCredentialType;
import com.webauthn4j.data.PublicKeyCredentialUserEntity;
import com.webauthn4j.data.RegistrationRequest;
import com.webauthn4j.data.UserVerificationRequirement;
import com.webauthn4j.data.attestation.authenticator.AttestedCredentialData;
import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier;
import com.webauthn4j.data.client.Origin;
import com.webauthn4j.data.client.challenge.Challenge;
import com.webauthn4j.data.client.challenge.DefaultChallenge;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs;
import com.webauthn4j.test.EmulatorUtil;
import com.webauthn4j.test.authenticator.webauthn.WebAuthnAuthenticatorAdaptor;
import com.webauthn4j.test.client.ClientPlatform;
import com.webauthn4j.util.Base64UrlUtil;
import io.vertx.core.Context;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpClientRequest;
import io.vertx.core.http.HttpClientResponse;
import io.vertx.core.http.HttpHeaders;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.http.RequestOptions;
import io.vertx.core.internal.ContextInternal;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.webauthn4j.Authenticator;
import io.vertx.ext.auth.webauthn4j.CredentialStorage;
import io.vertx.ext.auth.webauthn4j.RelyingParty;
import io.vertx.ext.auth.webauthn4j.WebAuthn4J;
import io.vertx.ext.auth.webauthn4j.WebAuthn4JOptions;
import io.vertx.ext.web.handler.BodyHandler;
import io.vertx.ext.web.handler.SessionHandler;
import io.vertx.ext.web.handler.WebAuthn4JHandler;
import io.vertx.ext.web.sstore.LocalSessionStore;
import io.vertx.ext.web.tests.WebTestBase;
import io.vertx.ext.web.tests.handler.sockjs.SockJSErrorTest;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CountDownLatch;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/vertx/ext/web/tests/handler/WebAuthn4JHandlerTest.class */
public class WebAuthn4JHandlerTest extends WebTestBase {
    private final ObjectConverter objectConverter = new ObjectConverter();
    private final AuthenticationExtensionsClientOutputsConverter authenticationExtensionsClientOutputsConverter = new AuthenticationExtensionsClientOutputsConverter(this.objectConverter);
    String rpName = "ACME Corporation";
    String username = "fromage";
    String displayName = "Stephane Epardaud";
    Origin origin = new Origin("http://localhost");
    private Object credId;
    private Object publicKey;
    private TestStorage testStorage;

    /* loaded from: input_file:io/vertx/ext/web/tests/handler/WebAuthn4JHandlerTest$TestStorage.class */
    public static class TestStorage implements CredentialStorage {
        private final List<Authenticator> database = new ArrayList();
        private ContextInternal ctx;

        TestStorage(Context context) {
            this.ctx = (ContextInternal) context;
        }

        public Future<List<Authenticator>> find(String str, String str2) {
            return this.ctx.succeededFuture((List) this.database.stream().filter(authenticator -> {
                if (str != null) {
                    return str.equals(authenticator.getUsername());
                }
                if (str2 != null) {
                    return str2.equals(authenticator.getCredID());
                }
                return false;
            }).collect(Collectors.toList()));
        }

        public Future<Void> storeCredential(Authenticator authenticator) {
            long count = this.database.stream().filter(authenticator2 -> {
                return authenticator.getCredID().equals(authenticator2.getCredID());
            }).count();
            long count2 = this.database.stream().filter(authenticator3 -> {
                return authenticator.getUsername().equals(authenticator3.getUsername());
            }).count();
            if (count > 0) {
                return this.ctx.failedFuture("Duplicate authenticator for credential ID " + authenticator.getCredID());
            }
            if (count2 > 0) {
                return this.ctx.failedFuture("Duplicate user " + authenticator.getUsername());
            }
            this.database.add(authenticator);
            return this.ctx.succeededFuture();
        }

        public Future<Void> updateCounter(Authenticator authenticator) {
            return this.database.stream().filter(authenticator2 -> {
                return authenticator.getCredID().equals(authenticator2.getCredID());
            }).peek(authenticator3 -> {
                authenticator3.setCounter(authenticator.getCounter());
            }).count() > 0 ? this.ctx.succeededFuture() : this.ctx.failedFuture("Authenticator not found for credential ID " + authenticator.getCredID());
        }

        public void clear() {
            this.database.clear();
        }
    }

    @Before
    public void setup() throws Exception {
        this.testStorage = new TestStorage(this.vertx.getOrCreateContext());
        WebAuthn4JHandler create = WebAuthn4JHandler.create(WebAuthn4J.create(this.vertx, new WebAuthn4JOptions().setRelyingParty(new RelyingParty().setName(this.rpName))).credentialStorage(this.testStorage));
        create.setOrigin(this.origin.toString());
        this.router.post().handler(BodyHandler.create());
        this.router.route().handler(SessionHandler.create(LocalSessionStore.create(this.vertx)));
        create.setupCredentialsCreateCallback(this.router.post("/webauthn/register"));
        create.setupCredentialsGetCallback(this.router.post("/webauthn/login"));
        create.setupCallback(this.router.post("/webauthn/callback"));
        this.router.route("/protected/*").handler(create);
    }

    @Test
    public void testRegisterAndLogin() throws Exception {
        Handler handler = routingContext -> {
            assertNotNull(routingContext.user());
            assertEquals(this.username, routingContext.user().subject());
            routingContext.response().end("Welcome to the protected resource!");
        };
        this.router.route("/welcome").handler(routingContext2 -> {
            routingContext2.response().end("Welcome");
        });
        this.router.route("/protected/somepage").handler(handler);
        testRequest(HttpMethod.GET, "/welcome", null, httpClientResponse -> {
        }, 200, "OK", "Welcome");
        testRequest(HttpMethod.GET, "/protected/somepage", null, httpClientResponse2 -> {
        }, 401, "Unauthorized", null);
        ClientPlatform clientPlatform = new ClientPlatform(this.origin, new WebAuthnAuthenticatorAdaptor(EmulatorUtil.PACKED_AUTHENTICATOR));
        String testRegistration = testRegistration(clientPlatform);
        testRequest(HttpMethod.GET, "/protected/somepage", httpClientRequest -> {
            httpClientRequest.putHeader(HttpHeaders.COOKIE, testRegistration);
        }, 200, "OK", "Welcome to the protected resource!");
        String testAuthentication = testAuthentication(clientPlatform);
        testRequest(HttpMethod.GET, "/protected/somepage", httpClientRequest2 -> {
            httpClientRequest2.putHeader(HttpHeaders.COOKIE, testAuthentication);
        }, 200, "OK", "Welcome to the protected resource!");
    }

    private String testRegistration(ClientPlatform clientPlatform) throws Exception {
        String[] strArr = new String[1];
        String[] strArr2 = new String[1];
        JsonObject put = new JsonObject().put("name", this.username);
        testRequestBuffer(HttpMethod.POST, "/webauthn/register", httpClientRequest -> {
            httpClientRequest.send(put.encode());
        }, httpClientResponse -> {
            strArr2[0] = extractVertxSessionCookie(httpClientResponse.getHeader(HttpHeaders.SET_COOKIE));
        }, 200, "OK", buffer -> {
            strArr[0] = buffer.toJsonObject().getString("challenge");
        });
        RegistrationRequest createRegistrationRequest = createRegistrationRequest(clientPlatform, this.origin.getHost(), new DefaultChallenge(strArr[0]), this.username, this.displayName);
        JsonObject put2 = new JsonObject().put("id", this.credId).put("rawId", this.credId).put("type", "public-key").put("response", new JsonObject().put("attestationObject", Base64UrlUtil.encodeToString(createRegistrationRequest.getAttestationObject())).put("clientDataJSON", Base64UrlUtil.encodeToString(createRegistrationRequest.getClientDataJSON())));
        testRequest(HttpMethod.POST, "/webauthn/callback", httpClientRequest2 -> {
            httpClientRequest2.putHeader(HttpHeaders.COOKIE, strArr2[0]);
            httpClientRequest2.send(put2.encode());
        }, httpClientResponse2 -> {
            strArr2[0] = extractVertxSessionCookie(httpClientResponse2.getHeader(HttpHeaders.SET_COOKIE));
        }, 204, "No Content", null);
        this.testStorage.find(this.username, null).onSuccess(list -> {
            Assert.assertNotNull(list);
            Assert.assertEquals(1L, list.size());
            Authenticator authenticator = (Authenticator) list.get(0);
            Assert.assertEquals(this.username, authenticator.getUsername());
            Assert.assertEquals(this.credId, authenticator.getCredID());
            Assert.assertEquals(1L, authenticator.getCounter());
            Assert.assertEquals(this.publicKey, authenticator.getPublicKey());
        }).onFailure(th -> {
            Assert.fail("Well that did not work");
        });
        return strArr2[0];
    }

    private String extractVertxSessionCookie(String str) {
        if (str == null || !str.startsWith("vertx-web.session=")) {
            return null;
        }
        return str.indexOf(";") != -1 ? str.substring(0, str.indexOf(";")) : str;
    }

    private RegistrationRequest createRegistrationRequest(ClientPlatform clientPlatform, String str, Challenge challenge, String str2, String str3) {
        AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED);
        PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
        PublicKeyCredential create = clientPlatform.create(new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(str, "example.com"), new PublicKeyCredentialUserEntity(new byte[32], str2, str3), challenge, Collections.singletonList(publicKeyCredentialParameters), (Long) null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.DIRECT, new AuthenticationExtensionsClientInputs()));
        AuthenticatorAttestationResponse response = create.getResponse();
        AttestedCredentialData convert = new AttestedCredentialDataConverter(this.objectConverter).convert(new AuthenticatorDataConverter(this.objectConverter).extractAttestedCredentialData(response.getAuthenticatorData(this.objectConverter)));
        this.credId = Base64UrlUtil.encodeToString(convert.getCredentialId());
        this.publicKey = Base64UrlUtil.encodeToString(this.objectConverter.getCborConverter().writeValueAsBytes(convert.getCOSEKey()));
        AuthenticationExtensionsClientOutputs clientExtensionResults = create.getClientExtensionResults();
        Set emptySet = Collections.emptySet();
        return new RegistrationRequest(response.getAttestationObject(), response.getClientDataJSON(), this.authenticationExtensionsClientOutputsConverter.convertToString(clientExtensionResults), emptySet);
    }

    private String testAuthentication(ClientPlatform clientPlatform) throws Exception {
        String[] strArr = new String[1];
        String[] strArr2 = new String[1];
        JsonObject put = new JsonObject().put("name", this.username);
        testRequestBuffer(HttpMethod.POST, "/webauthn/login", httpClientRequest -> {
            httpClientRequest.send(put.encode());
        }, httpClientResponse -> {
            strArr2[0] = extractVertxSessionCookie(httpClientResponse.getHeader(HttpHeaders.SET_COOKIE));
        }, 200, "OK", buffer -> {
            strArr[0] = buffer.toJsonObject().getString("challenge");
        });
        AuthenticationRequest createAuthenticationRequest = createAuthenticationRequest(clientPlatform, this.origin.getHost(), new DefaultChallenge(strArr[0]), this.username, this.displayName);
        JsonObject put2 = new JsonObject().put("id", this.credId).put("rawId", this.credId).put("type", "public-key").put("response", new JsonObject().put("signature", Base64UrlUtil.encodeToString(createAuthenticationRequest.getSignature())).put("authenticatorData", Base64UrlUtil.encodeToString(createAuthenticationRequest.getAuthenticatorData())).put("clientDataJSON", Base64UrlUtil.encodeToString(createAuthenticationRequest.getClientDataJSON())));
        testRequest(HttpMethod.POST, "/webauthn/callback", httpClientRequest2 -> {
            httpClientRequest2.putHeader(HttpHeaders.COOKIE, strArr2[0]);
            httpClientRequest2.send(put2.encode());
        }, httpClientResponse2 -> {
            strArr2[0] = extractVertxSessionCookie(httpClientResponse2.getHeader(HttpHeaders.SET_COOKIE));
        }, 204, "No Content", null);
        this.testStorage.find(this.username, null).onSuccess(list -> {
            Assert.assertNotNull(list);
            Assert.assertEquals(1L, list.size());
            Authenticator authenticator = (Authenticator) list.get(0);
            Assert.assertEquals(this.username, authenticator.getUsername());
            Assert.assertEquals(this.credId, authenticator.getCredID());
            Assert.assertEquals(2L, authenticator.getCounter());
            Assert.assertEquals(this.publicKey, authenticator.getPublicKey());
        }).onFailure(th -> {
            Assert.fail("Well that did not work");
        });
        return strArr2[0];
    }

    private AuthenticationRequest createAuthenticationRequest(ClientPlatform clientPlatform, String str, Challenge challenge, String str2, String str3) {
        PublicKeyCredential publicKeyCredential = clientPlatform.get(new PublicKeyCredentialRequestOptions(challenge, 0L, str, (List) null, UserVerificationRequirement.REQUIRED, (AuthenticationExtensionsClientInputs) null));
        AuthenticatorAssertionResponse response = publicKeyCredential.getResponse();
        return new AuthenticationRequest(publicKeyCredential.getRawId(), response.getAuthenticatorData(), response.getClientDataJSON(), this.authenticationExtensionsClientOutputsConverter.convertToString(publicKeyCredential.getClientExtensionResults()), response.getSignature());
    }

    protected void testRequestBuffer(HttpMethod httpMethod, String str, Consumer<HttpClientRequest> consumer, Consumer<HttpClientResponse> consumer2, int i, String str2, Consumer<Buffer> consumer3) throws Exception {
        RequestOptions host = new RequestOptions().setMethod(httpMethod).setPort(Integer.valueOf(SockJSErrorTest.PORT)).setURI(str).setHost(SockJSErrorTest.LOCALHOST);
        CountDownLatch countDownLatch = new CountDownLatch(1);
        this.client.request(host).onComplete(onSuccess(httpClientRequest -> {
            httpClientRequest.response().onComplete(onSuccess(httpClientResponse -> {
                assertEquals(i, httpClientResponse.statusCode());
                assertEquals(str2, httpClientResponse.statusMessage());
                if (consumer2 != null) {
                    consumer2.accept(httpClientResponse);
                }
                if (consumer3 == null) {
                    countDownLatch.countDown();
                } else {
                    httpClientResponse.bodyHandler(buffer -> {
                        consumer3.accept(buffer);
                        countDownLatch.countDown();
                    });
                }
            }));
            if (consumer != null) {
                consumer.accept(httpClientRequest);
            }
            httpClientRequest.end();
        }));
        awaitLatch(countDownLatch);
    }
}
