package io.quarkus.security.webauthn;

import io.quarkus.arc.runtime.BeanContainer;
import io.quarkus.runtime.RuntimeValue;
import io.quarkus.runtime.annotations.Recorder;
import io.quarkus.vertx.http.runtime.HttpConfiguration;
import io.quarkus.vertx.http.runtime.security.PersistentLoginManager;
import io.vertx.ext.web.Route;
import io.vertx.ext.web.Router;
import io.vertx.ext.web.handler.BodyHandler;
import java.lang.annotation.Annotation;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Objects;
import java.util.function.Supplier;
import org.jboss.logging.Logger;

@Recorder
/* loaded from: input_file:io/quarkus/security/webauthn/WebAuthnRecorder.class */
public class WebAuthnRecorder {
    private static final Logger log = Logger.getLogger(WebAuthnRecorder.class);
    final RuntimeValue<HttpConfiguration> httpConfiguration;
    final RuntimeValue<WebAuthnRunTimeConfig> config;
    static volatile String encryptionKey;

    public WebAuthnRecorder(RuntimeValue<HttpConfiguration> runtimeValue, RuntimeValue<WebAuthnRunTimeConfig> runtimeValue2) {
        this.httpConfiguration = runtimeValue;
        this.config = runtimeValue2;
    }

    public void setupRoutes(BeanContainer beanContainer, RuntimeValue<Router> runtimeValue, String str) {
        WebAuthnController webAuthnController = new WebAuthnController((WebAuthnSecurity) beanContainer.beanInstance(WebAuthnSecurity.class, new Annotation[0]));
        Router router = (Router) runtimeValue.getValue();
        BodyHandler create = BodyHandler.create();
        Route handler = router.get(str + "webauthn/login-options-challenge").handler(create);
        Objects.requireNonNull(webAuthnController);
        handler.handler(webAuthnController::loginOptionsChallenge);
        Route handler2 = router.get(str + "webauthn/register-options-challenge").handler(create);
        Objects.requireNonNull(webAuthnController);
        handler2.handler(webAuthnController::registerOptionsChallenge);
        if (((WebAuthnRunTimeConfig) this.config.getValue()).enableLoginEndpoint().orElse(false).booleanValue()) {
            Route handler3 = router.post(str + "webauthn/login").handler(create);
            Objects.requireNonNull(webAuthnController);
            handler3.handler(webAuthnController::login);
        }
        if (((WebAuthnRunTimeConfig) this.config.getValue()).enableRegistrationEndpoint().orElse(false).booleanValue()) {
            Route handler4 = router.post(str + "webauthn/register").handler(create);
            Objects.requireNonNull(webAuthnController);
            handler4.handler(webAuthnController::register);
        }
        Route route = router.get(str + "webauthn/webauthn.js");
        Objects.requireNonNull(webAuthnController);
        route.handler(webAuthnController::javascript);
        Route route2 = router.get(str + "webauthn/logout");
        Objects.requireNonNull(webAuthnController);
        route2.handler(webAuthnController::logout);
        Route route3 = router.get("/.well-known/webauthn");
        Objects.requireNonNull(webAuthnController);
        route3.handler(webAuthnController::wellKnown);
    }

    public Supplier<WebAuthnAuthenticationMechanism> setupWebAuthnAuthenticationMechanism() {
        return new Supplier<WebAuthnAuthenticationMechanism>() { // from class: io.quarkus.security.webauthn.WebAuthnRecorder.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public WebAuthnAuthenticationMechanism get() {
                String str;
                if (((HttpConfiguration) WebAuthnRecorder.this.httpConfiguration.getValue()).encryptionKey.isPresent()) {
                    str = (String) ((HttpConfiguration) WebAuthnRecorder.this.httpConfiguration.getValue()).encryptionKey.get();
                } else if (WebAuthnRecorder.encryptionKey != null) {
                    str = WebAuthnRecorder.encryptionKey;
                } else {
                    byte[] bArr = new byte[32];
                    new SecureRandom().nextBytes(bArr);
                    String encodeToString = Base64.getEncoder().encodeToString(bArr);
                    WebAuthnRecorder.encryptionKey = encodeToString;
                    str = encodeToString;
                    WebAuthnRecorder.log.warn("Encryption key was not specified (using `quarkus.http.auth.session.encryption-key` configuration) for persistent WebAuthn auth, using temporary key " + str);
                }
                WebAuthnRunTimeConfig webAuthnRunTimeConfig = (WebAuthnRunTimeConfig) WebAuthnRecorder.this.config.getValue();
                return new WebAuthnAuthenticationMechanism(new PersistentLoginManager(str, webAuthnRunTimeConfig.cookieName(), webAuthnRunTimeConfig.sessionTimeout().toMillis(), webAuthnRunTimeConfig.newCookieInterval().toMillis(), false, webAuthnRunTimeConfig.cookieSameSite().name(), webAuthnRunTimeConfig.cookiePath().orElse(null), ((Long) webAuthnRunTimeConfig.cookieMaxAge().map((v0) -> {
                    return v0.toSeconds();
                }).orElse(-1L)).longValue()), webAuthnRunTimeConfig.loginPage().startsWith("/") ? webAuthnRunTimeConfig.loginPage() : "/" + webAuthnRunTimeConfig.loginPage());
            }
        };
    }
}
