package org.springframework.security.web.webauthn.registration;

import com.fasterxml.jackson.databind.json.JsonMapper;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.security.web.webauthn.api.Bytes;
import org.springframework.security.web.webauthn.api.CredentialRecord;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions;
import org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module;
import org.springframework.security.web.webauthn.management.ImmutableRelyingPartyRegistrationRequest;
import org.springframework.security.web.webauthn.management.RelyingPartyPublicKey;
import org.springframework.security.web.webauthn.management.UserCredentialRepository;
import org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:ingrid-iplug-csw-dsc-7.5.0/lib/spring-security-web-6.4.2.jar:org/springframework/security/web/webauthn/registration/WebAuthnRegistrationFilter.class */
public class WebAuthnRegistrationFilter extends OncePerRequestFilter {
    static final String DEFAULT_REGISTER_CREDENTIAL_URL = "/webauthn/register";
    private static final Log logger = LogFactory.getLog((Class<?>) WebAuthnRegistrationFilter.class);
    private final WebAuthnRelyingPartyOperations rpOptions;
    private final UserCredentialRepository userCredentials;
    private HttpMessageConverter<Object> converter = new MappingJackson2HttpMessageConverter(JsonMapper.builder().addModule(new WebauthnJackson2Module()).build());
    private PublicKeyCredentialCreationOptionsRepository creationOptionsRepository = new HttpSessionPublicKeyCredentialCreationOptionsRepository();
    private RequestMatcher registerCredentialMatcher = AntPathRequestMatcher.antMatcher(HttpMethod.POST, DEFAULT_REGISTER_CREDENTIAL_URL);
    private RequestMatcher removeCredentialMatcher = AntPathRequestMatcher.antMatcher(HttpMethod.DELETE, "/webauthn/register/{id}");

    /* loaded from: input_file:ingrid-iplug-csw-dsc-7.5.0/lib/spring-security-web-6.4.2.jar:org/springframework/security/web/webauthn/registration/WebAuthnRegistrationFilter$SuccessfulUserRegistrationResponse.class */
    public static class SuccessfulUserRegistrationResponse {
        private final CredentialRecord credentialRecord;

        SuccessfulUserRegistrationResponse(CredentialRecord credentialRecord) {
            this.credentialRecord = credentialRecord;
        }

        public boolean isSuccess() {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ingrid-iplug-csw-dsc-7.5.0/lib/spring-security-web-6.4.2.jar:org/springframework/security/web/webauthn/registration/WebAuthnRegistrationFilter$WebAuthnRegistrationRequest.class */
    public static class WebAuthnRegistrationRequest {
        private RelyingPartyPublicKey publicKey;

        WebAuthnRegistrationRequest() {
        }

        RelyingPartyPublicKey getPublicKey() {
            return this.publicKey;
        }

        void setPublicKey(RelyingPartyPublicKey relyingPartyPublicKey) {
            this.publicKey = relyingPartyPublicKey;
        }
    }

    public WebAuthnRegistrationFilter(UserCredentialRepository userCredentialRepository, WebAuthnRelyingPartyOperations webAuthnRelyingPartyOperations) {
        Assert.notNull(userCredentialRepository, "userCredentials must not be null");
        Assert.notNull(webAuthnRelyingPartyOperations, "rpOptions must not be null");
        this.userCredentials = userCredentialRepository;
        this.rpOptions = webAuthnRelyingPartyOperations;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (this.registerCredentialMatcher.matches(httpServletRequest)) {
            registerCredential(httpServletRequest, httpServletResponse);
            return;
        }
        RequestMatcher.MatchResult matcher = this.removeCredentialMatcher.matcher(httpServletRequest);
        if (matcher.isMatch()) {
            removeCredential(httpServletRequest, httpServletResponse, matcher.getVariables().get("id"));
        } else {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    public void setConverter(HttpMessageConverter<Object> httpMessageConverter) {
        Assert.notNull(httpMessageConverter, "converter cannot be null");
        this.converter = httpMessageConverter;
    }

    public void setCreationOptionsRepository(PublicKeyCredentialCreationOptionsRepository publicKeyCredentialCreationOptionsRepository) {
        Assert.notNull(publicKeyCredentialCreationOptionsRepository, "creationOptionsRepository cannot be null");
        this.creationOptionsRepository = publicKeyCredentialCreationOptionsRepository;
    }

    private void registerCredential(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        WebAuthnRegistrationRequest readRegistrationRequest = readRegistrationRequest(httpServletRequest);
        if (readRegistrationRequest == null) {
            httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
            return;
        }
        PublicKeyCredentialCreationOptions load = this.creationOptionsRepository.load(httpServletRequest);
        if (load == null) {
            httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
            return;
        }
        this.creationOptionsRepository.save(httpServletRequest, httpServletResponse, null);
        this.converter.write(new SuccessfulUserRegistrationResponse(this.rpOptions.registerCredential(new ImmutableRelyingPartyRegistrationRequest(load, readRegistrationRequest.getPublicKey()))), MediaType.APPLICATION_JSON, new ServletServerHttpResponse(httpServletResponse));
    }

    private WebAuthnRegistrationRequest readRegistrationRequest(HttpServletRequest httpServletRequest) {
        try {
            return (WebAuthnRegistrationRequest) this.converter.read2(WebAuthnRegistrationRequest.class, new ServletServerHttpRequest(httpServletRequest));
        } catch (Exception e) {
            logger.debug("Unable to parse WebAuthnRegistrationRequest", e);
            return null;
        }
    }

    private void removeCredential(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        this.userCredentials.delete(Bytes.fromBase64(str));
        httpServletResponse.setStatus(HttpStatus.NO_CONTENT.value());
    }
}
