package org.springframework.security.web.webauthn.authentication;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.core.ResolvableType;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.converter.GenericHttpMessageConverter;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationEntryPointFailureHandler;
import org.springframework.security.web.authentication.HttpMessageConverterAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
import org.springframework.security.web.webauthn.api.PublicKeyCredential;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions;
import org.springframework.security.web.webauthn.jackson.WebauthnJackson2Module;
import org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-6.4.3.jar:org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationFilter.class */
public class WebAuthnAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    private GenericHttpMessageConverter<Object> converter;
    private PublicKeyCredentialRequestOptionsRepository requestOptionsRepository;

    public WebAuthnAuthenticationFilter() {
        super(AntPathRequestMatcher.antMatcher(HttpMethod.POST, "/login/webauthn"));
        this.converter = new MappingJackson2HttpMessageConverter(Jackson2ObjectMapperBuilder.json().modules(new WebauthnJackson2Module()).build());
        this.requestOptionsRepository = new HttpSessionPublicKeyCredentialRequestOptionsRepository();
        setSecurityContextRepository(new HttpSessionSecurityContextRepository());
        setAuthenticationFailureHandler(new AuthenticationEntryPointFailureHandler(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)));
        setAuthenticationSuccessHandler(new HttpMessageConverterAuthenticationSuccessHandler());
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        try {
            PublicKeyCredential publicKeyCredential = (PublicKeyCredential) this.converter.read(ResolvableType.forClassWithGenerics((Class<?>) PublicKeyCredential.class, (Class<?>[]) new Class[]{AuthenticatorAssertionResponse.class}).getType(), getClass(), new ServletServerHttpRequest(httpServletRequest));
            PublicKeyCredentialRequestOptions load = this.requestOptionsRepository.load(httpServletRequest);
            if (load == null) {
                throw new BadCredentialsException("Unable to authenticate the PublicKeyCredential. No PublicKeyCredentialRequestOptions found.");
            }
            this.requestOptionsRepository.save(httpServletRequest, httpServletResponse, null);
            return getAuthenticationManager().authenticate(new WebAuthnAuthenticationRequestToken(new RelyingPartyAuthenticationRequest(load, publicKeyCredential)));
        } catch (Exception e) {
            throw new BadCredentialsException("Unable to authenticate the PublicKeyCredential", e);
        }
    }

    public void setConverter(GenericHttpMessageConverter<Object> genericHttpMessageConverter) {
        Assert.notNull(genericHttpMessageConverter, "converter cannot be null");
        this.converter = genericHttpMessageConverter;
    }

    public void setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository publicKeyCredentialRequestOptionsRepository) {
        Assert.notNull(publicKeyCredentialRequestOptionsRepository, "requestOptionsRepository cannot be null");
        this.requestOptionsRepository = publicKeyCredentialRequestOptionsRepository;
    }
}
