package io.vertx.ext.auth.webauthn.impl.metadata;

import io.vertx.core.Future;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.impl.VertxInternal;
import io.vertx.core.impl.future.PromiseInternal;
import io.vertx.core.impl.logging.Logger;
import io.vertx.core.impl.logging.LoggerFactory;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.impl.CertificateHelper;
import io.vertx.ext.auth.impl.http.SimpleHttpClient;
import io.vertx.ext.auth.impl.jose.JWS;
import io.vertx.ext.auth.impl.jose.JWT;
import io.vertx.ext.auth.webauthn.MetaDataService;
import io.vertx.ext.auth.webauthn.WebAuthnOptions;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: input_file:io/vertx/ext/auth/webauthn/impl/metadata/MetaDataServiceImpl.class */
public class MetaDataServiceImpl implements MetaDataService {
    private static final Base64.Decoder BASE64DEC = Base64.getDecoder();
    private static final Logger LOG = LoggerFactory.getLogger(MetaDataServiceImpl.class);
    private final VertxInternal vertx;
    private final WebAuthnOptions options;
    private final SimpleHttpClient httpClient;
    private final JWT jwt = new JWT().allowEmbeddedKey(true);
    private final MetaData metadata;

    public MetaDataServiceImpl(Vertx vertx, WebAuthnOptions webAuthnOptions) {
        this.vertx = (VertxInternal) vertx;
        this.options = webAuthnOptions;
        this.httpClient = new SimpleHttpClient(vertx, "vertx-auth", new HttpClientOptions());
        this.metadata = new MetaData(vertx, webAuthnOptions);
    }

    @Override // io.vertx.ext.auth.webauthn.MetaDataService
    public Future<Boolean> fetchTOC(String str) {
        PromiseInternal promise = this.vertx.promise();
        Future fetch = this.httpClient.fetch(HttpMethod.GET, str, (JsonObject) null, (Buffer) null);
        promise.getClass();
        fetch.onFailure(promise::fail).onSuccess(simpleHttpResponse -> {
            JsonObject jsonObject;
            String str2 = null;
            try {
                JsonObject decode = this.jwt.decode(simpleHttpResponse.body().toString(), true);
                JsonArray jsonArray = decode.getJsonObject("header").getJsonArray("x5c");
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < jsonArray.size(); i++) {
                    arrayList.add(JWS.parseX5c(BASE64DEC.decode(jsonArray.getString(i).getBytes(StandardCharsets.UTF_8))));
                }
                arrayList.add(this.options.getRootCertificate("mds"));
                CertificateHelper.checkValidity(arrayList, this.options.getRootCrls());
                jsonObject = decode.getJsonObject("payload");
            } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                try {
                    str2 = e.getMessage();
                    jsonObject = JWT.parse(simpleHttpResponse.body().toString()).getJsonObject("payload");
                } catch (RuntimeException e2) {
                    promise.fail(e2);
                    return;
                }
            }
            try {
                if (jsonObject == null) {
                    promise.fail("Could not parse TOC");
                } else {
                    JsonArray jsonArray2 = jsonObject.getJsonArray("entries");
                    String str3 = str2;
                    AtomicInteger atomicInteger = new AtomicInteger(jsonArray2.size());
                    AtomicBoolean atomicBoolean = new AtomicBoolean(true);
                    jsonArray2.forEach(obj -> {
                        addEntry(str3, (JsonObject) obj).onFailure(th -> {
                            LOG.error("Failed to add entry", th);
                            atomicBoolean.set(false);
                            if (atomicInteger.decrementAndGet() == 0) {
                                promise.complete(Boolean.valueOf(atomicBoolean.get()));
                            }
                        }).onComplete(asyncResult -> {
                            if (atomicInteger.decrementAndGet() == 0) {
                                promise.complete(Boolean.valueOf(atomicBoolean.get()));
                            }
                        });
                    });
                }
            } catch (RuntimeException e3) {
                promise.fail(e3);
            }
        });
        return promise.future();
    }

    private Future<Void> addEntry(String str, JsonObject jsonObject) {
        PromiseInternal promise = this.vertx.promise();
        Future fetch = this.httpClient.fetch(HttpMethod.GET, jsonObject.getString("url"), (JsonObject) null, (Buffer) null);
        promise.getClass();
        fetch.onFailure(promise::fail).onSuccess(simpleHttpResponse -> {
            try {
                this.metadata.loadMetadata(new MetaDataEntry(jsonObject, simpleHttpResponse.body().getBytes(), str));
                promise.complete();
            } catch (RuntimeException | NoSuchAlgorithmException e) {
                promise.fail(e);
            }
        });
        return promise.future();
    }

    @Override // io.vertx.ext.auth.webauthn.MetaDataService
    public MetaDataService addStatement(JsonObject jsonObject) {
        this.metadata.loadMetadata(new MetaDataEntry(jsonObject));
        return this;
    }

    @Override // io.vertx.ext.auth.webauthn.MetaDataService
    public MetaDataService flush() {
        this.metadata.clear();
        return this;
    }

    public MetaData metadata() {
        return this.metadata;
    }
}
