# frozen_string_literal: true
require "cbor"
require "cose"

module DiscourseWebauthn
  class RegistrationService < BaseValidationService
    ##
    # See https://w3c.github.io/webauthn/#sctn-registering-a-new-credential for
    # the registration steps followed here. Memoized methods are called in their
    # place in the step flow to make the process clearer.
    def register_security_key
      # 4. Verify that the value of C.type is webauthn.create.
      validate_webauthn_type(::DiscourseWebauthn::ACCEPTABLE_REGISTRATION_TYPE)

      # 5. Verify that the value of C.challenge equals the base64url encoding of options.challenge.
      validate_challenge

      # 6. Verify that the value of C.origin matches the Relying Party's origin.
      validate_origin

      # 7. Verify that the value of C.tokenBinding.status matches the state of Token Binding for the TLS
      #    connection over which the assertion was obtained. If Token Binding was used on that TLS connection,
      #    also verify that C.tokenBinding.id matches the base64url encoding of the Token Binding ID for the connection.
      #    Not using this right now.

      # 8. Let hash be the result of computing a hash over response.clientDataJSON using SHA-256.
      client_data_hash

      # 9. Perform CBOR decoding on the attestationObject field of the AuthenticatorAttestationResponse
      #    structure to obtain the attestation statement format fmt, the authenticator data authData,
      #    and the attestation statement attStmt.
      attestation

      # 10. Verify that the rpIdHash in authData is the SHA-256 hash of the RP ID expected by the Relying Party.
      # check the SHA256 hash of the rpId is the same as the authData bytes 0..31
      validate_rp_id_hash

      # 11. Verify that the User Present bit of the flags in authData is set.
      # https://blog.bigbinary.com/2011/07/20/ruby-pack-unpack.html
      #
      validate_user_presence

      #
      # 12. If user verification is required for this registration, verify that
      #     the User Verified bit of the flags in authData is set.
      validate_user_verification if @factor_type == UserSecurityKey.factor_types[:first_factor]

      # 13. Verify that the "alg" parameter in the credential public key in authData matches the alg
      #     attribute of one of the items in options.pubKeyCredParams.
      #     https://w3c.github.io/webauthn/#table-attestedCredentialData
      #     See https://www.iana.org/assignments/cose/cose.xhtml#algorithms for supported algorithm
      #     codes.
      credential_public_key, credential_public_key_bytes, credential_id =
        extract_public_key_and_credential_from_attestation(auth_data)
      if ::DiscourseWebauthn::SUPPORTED_ALGORITHMS.exclude?(credential_public_key.alg)
        raise(
          UnsupportedPublicKeyAlgorithmError,
          I18n.t("webauthn.validation.unsupported_public_key_algorithm_error"),
        )
      end

      # 14. Verify that the values of the client extension outputs in clientExtensionResults and the authenticator
      #     extension outputs in the extensions in authData are as expected, considering the client extension input
      #     values that were given in options.extensions. In particular, any extension identifier values in the
      #     clientExtensionResults and the extensions in authData MUST also be present as extension identifier values
      #     in options.extensions, i.e., no extensions are present that were not requested. In the general case, the
      #     meaning of "are as expected" is specific to the Relying Party and which extensions are in use.
      #     Not using this right now.

      # 15. Determine the attestation statement format by performing a USASCII case-sensitive match on fmt against the
      #     set of supported WebAuthn Attestation Statement Format Identifier values. An up-to-date list of registered
      #     WebAuthn Attestation Statement Format Identifier values is maintained in the IANA registry of the same
      #     name [WebAuthn-Registries].
      # 16. Verify that attStmt is a correct attestation statement, conveying a valid attestation signature,
      #     by using the attestation statement format fmt’s verification procedure given attStmt, authData and hash.
      if ::DiscourseWebauthn::VALID_ATTESTATION_FORMATS.exclude?(attestation["fmt"]) ||
           attestation["fmt"] != "none"
        raise(
          UnsupportedAttestationFormatError,
          I18n.t("webauthn.validation.unsupported_attestation_format_error"),
        )
      end

      #==================================================
      # ONLY APPLIES IF fmt !== none, this is all to do with
      # verifying attestation. May want to come back to this at
      # some point for additional security.
      #==================================================
      #
      # 17. If validation is successful, obtain a list of acceptable trust anchors (attestation root certificates or
      #     ECDAA-Issuer public keys) for that attestation type and attestation statement format fmt, from a trusted
      #     source or from policy. For example, the FIDO Metadata Service [FIDOMetadataService] provides one way
      #     to obtain such information, using the aaguid in the attestedCredentialData in authData.
      #
      # 18. Assess the attestation trustworthiness using the outputs of the verification procedure in step 16, as follows:
      #     If no attestation was provided, verify that None attestation is acceptable under Relying Party policy.
      #==================================================

      # 19. Check that the credentialId is not yet registered to any other user. If registration
      #     is requested for a credential that is already registered to a different user,
      #     the Relying Party SHOULD fail this registration ceremony, or it MAY decide to accept
      #     the registration, e.g. while deleting the older registration.
      encoded_credential_id = Base64.strict_encode64(credential_id)
      encoded_public_key = Base64.strict_encode64(credential_public_key_bytes)
      if UserSecurityKey.exists?(credential_id: encoded_credential_id)
        raise(CredentialIdInUseError, I18n.t("webauthn.validation.credential_id_in_use_error"))
      end

      # 20. If the attestation statement attStmt verified successfully and is found to be trustworthy,
      #     then register the new credential with the account that was denoted in options.user, by
      #     associating it with the credentialId and credentialPublicKey in the attestedCredentialData
      #     in authData, as appropriate for the Relying Party's system.
      UserSecurityKey.create!(
        user: @current_user,
        credential_id: encoded_credential_id,
        public_key: encoded_public_key,
        name: @params[:name],
        factor_type: @factor_type,
      )
    rescue CBOR::UnpackError, CBOR::TypeError, CBOR::MalformedFormatError, CBOR::StackError
      raise MalformedAttestationError, I18n.t("webauthn.validation.malformed_attestation_error")
    end

    private

    def attestation
      @attestation ||= CBOR.decode(Base64.decode64(@params[:attestation]))
    end

    def auth_data
      @auth_data ||= attestation["authData"]
    end

    def extract_public_key_and_credential_from_attestation(auth_data)
      # see https://w3c.github.io/webauthn/#authenticator-data for lengths
      # of authdata for extraction
      rp_id_length = 32
      flags_length = 1
      sign_count_length = 4

      attested_credential_data_start_position = rp_id_length + flags_length + sign_count_length # 37
      attested_credential_data_length = auth_data.size - attested_credential_data_start_position
      attested_credential_data =
        auth_data[
          attested_credential_data_start_position..(
            attested_credential_data_start_position + attested_credential_data_length - 1
          )
        ]

      # see https://w3c.github.io/webauthn/#attested-credential-data for lengths
      # of data for extraction
      aa_guid = attested_credential_data[0..15]
      credential_id_length = attested_credential_data[16..17].unpack("n*")[0]
      credential_id = attested_credential_data[18..(18 + credential_id_length - 1)]

      public_key_start_position = 18 + credential_id_length
      public_key_bytes =
        attested_credential_data[
          public_key_start_position..(public_key_start_position + attested_credential_data.size - 1)
        ]
      public_key = COSE::Key.deserialize(public_key_bytes)

      [public_key, public_key_bytes, credential_id]
    end
  end
end