package io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.endpoint;

import io.gardenerframework.camellia.authentication.common.client.schema.RequestingClient;
import io.gardenerframework.camellia.authentication.infra.challenge.core.Scenario;
import io.gardenerframework.camellia.authentication.infra.challenge.core.exception.ChallengeInCooldownException;
import io.gardenerframework.camellia.authentication.infra.challenge.core.schema.Challenge;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.MfaAuthenticationServerScenario;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.MfaAuthenticator;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.configuration.MfaAuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.exception.MfaAuthenticatorNotReadyException;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.request.CloseChallengeRequest;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.request.SendChallengeRequest;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.request.VerifyResponseRequest;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.request.constraints.MfaAuthenticatorSupported;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.response.ListAuthenticatorsResponse;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.schema.response.ResponseVerificationResponse;
import io.gardenerframework.camellia.authentication.infra.challenge.mfa.server.utils.MfaAuthenticatorRegistry;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import javax.validation.Valid;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpStatus;
import org.springframework.lang.Nullable;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/mfa"})
@MfaAuthenticationServerEngineComponent
@RestController
/* loaded from: input_file:io/gardenerframework/camellia/authentication/infra/challenge/mfa/server/endpoint/MfaAuthenticationEndpoint.class */
public class MfaAuthenticationEndpoint implements MfaAuthenticationEndpointSkeleton<Challenge> {
    private final MfaAuthenticatorRegistry registry;
    private final Collection<Converter<Map<String, Object>, ? extends RequestingClient>> clientDataDeserializers;

    @GetMapping
    public ListAuthenticatorsResponse listAuthenticators() throws Exception {
        return new ListAuthenticatorsResponse(this.registry.getAuthenticatorNames());
    }

    @PostMapping({"/{authenticator}:send"})
    public Challenge sendChallenge(@PathVariable("authenticator") @Valid @MfaAuthenticatorSupported String str, @Valid @RequestBody SendChallengeRequest sendChallengeRequest) throws Exception {
        RequestingClient deserializeRequestingClient = deserializeRequestingClient(sendChallengeRequest.getRequestingClient());
        Class<? extends Scenario> deserializeScenario = deserializeScenario(sendChallengeRequest.getScenario());
        MfaAuthenticator mfaAuthenticator = (MfaAuthenticator) Objects.requireNonNull(this.registry.getAuthenticator(str));
        try {
            return mfaAuthenticator.sendChallenge(deserializeRequestingClient, deserializeScenario, mfaAuthenticator.createChallengeRequest(sendChallengeRequest.getUser(), deserializeRequestingClient, deserializeScenario, sendChallengeRequest.getAdditionalArguments()));
        } catch (ChallengeInCooldownException e) {
            throw new MfaAuthenticatorNotReadyException(e.getTimeRemaining());
        }
    }

    @PostMapping({"/{authenticator}:verify"})
    public ResponseVerificationResponse verifyResponse(@PathVariable("authenticator") @Valid @MfaAuthenticatorSupported String str, @Valid @RequestBody VerifyResponseRequest verifyResponseRequest) throws Exception {
        return new ResponseVerificationResponse(((MfaAuthenticator) Objects.requireNonNull(this.registry.getAuthenticator(str))).verifyResponse(deserializeRequestingClient(verifyResponseRequest.getRequestingClient()), deserializeScenario(verifyResponseRequest.getScenario()), verifyResponseRequest.getChallengeId(), verifyResponseRequest.getResponse()));
    }

    @PostMapping({"/{authenticator}:close"})
    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void closeChallenge(@PathVariable("authenticator") @Valid @MfaAuthenticatorSupported String str, @Valid @RequestBody CloseChallengeRequest closeChallengeRequest) throws Exception {
        ((MfaAuthenticator) Objects.requireNonNull(this.registry.getAuthenticator(str))).closeChallenge(deserializeRequestingClient(closeChallengeRequest.getRequestingClient()), deserializeScenario(closeChallengeRequest.getScenario()), closeChallengeRequest.getChallengeId());
    }

    @Nullable
    private RequestingClient deserializeRequestingClient(@Nullable Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        Iterator<Converter<Map<String, Object>, ? extends RequestingClient>> it = this.clientDataDeserializers.iterator();
        while (it.hasNext()) {
            RequestingClient requestingClient = (RequestingClient) it.next().convert(map);
            if (requestingClient != null) {
                return requestingClient;
            }
        }
        throw new IllegalArgumentException("cannot deserialize requesting client");
    }

    private Class<? extends Scenario> deserializeScenario(@Nullable String str) {
        try {
            if (!StringUtils.hasText(str)) {
                return MfaAuthenticationServerScenario.class;
            }
            Class cls = Class.forName(str);
            return Scenario.class.isAssignableFrom(cls) ? cls : MfaAuthenticationServerScenario.class;
        } catch (ClassNotFoundException e) {
            return MfaAuthenticationServerScenario.class;
        }
    }

    public MfaAuthenticationEndpoint(MfaAuthenticatorRegistry mfaAuthenticatorRegistry, Collection<Converter<Map<String, Object>, ? extends RequestingClient>> collection) {
        this.registry = mfaAuthenticatorRegistry;
        this.clientDataDeserializers = collection;
    }
}
