package org.gluu.oxauth.fido2.certification;

import com.fasterxml.jackson.databind.JsonNode;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.binary.Hex;
import org.gluu.oxauth.fido2.cryptoutils.CryptoUtils;
import org.gluu.oxauth.fido2.model.auth.AuthData;
import org.gluu.oxauth.fido2.service.mds.MdsService;
import org.gluu.oxauth.fido2.service.verifier.CommonVerifiers;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/certification/CertificationKeyStoreUtils.class */
public class CertificationKeyStoreUtils {

    @Inject
    private Logger log;

    @Inject
    private KeyStoreCreator keyStoreCreator;

    @Inject
    private CryptoUtils cryptoUtils;

    @Inject
    private CommonVerifiers commonVerifiers;

    @Inject
    private MdsService mdsService;

    @Inject
    private DirectoryBasedMetadataLoader directoryBasedMetadataLoader;

    private List<X509Certificate> getCertificates(JsonNode jsonNode) {
        if (jsonNode == null || !jsonNode.has("attestationRootCertificates")) {
            return Collections.emptyList();
        }
        Iterator elements = jsonNode.get("attestationRootCertificates").elements();
        ArrayList arrayList = new ArrayList();
        while (elements.hasNext()) {
            arrayList.add(((JsonNode) elements.next()).asText());
        }
        return this.cryptoUtils.getCertificates((List<String>) arrayList);
    }

    public List<X509Certificate> getCertificates(AuthData authData) {
        String encodeHexString = Hex.encodeHexString(authData.getAaguid());
        JsonNode authenticatorsMetadata = this.directoryBasedMetadataLoader.getAuthenticatorsMetadata(encodeHexString);
        if (authenticatorsMetadata == null) {
            this.log.info("No metadata for authenticator {}. Attempting to contact MDS", encodeHexString);
            JsonNode fetchMetadata = this.mdsService.fetchMetadata(authData.getAaguid());
            this.commonVerifiers.verifyThatMetadataIsValid(fetchMetadata);
            this.directoryBasedMetadataLoader.registerAuthenticatorsMetadata(encodeHexString, fetchMetadata);
            authenticatorsMetadata = fetchMetadata;
        }
        return getCertificates(authenticatorsMetadata);
    }

    public KeyStore getCertificationKeyStore(String str, List<X509Certificate> list) {
        return this.keyStoreCreator.createKeyStore(str, list);
    }

    public X509TrustManager populateTrustManager(AuthData authData) {
        KeyStore certificationKeyStore = getCertificationKeyStore(Hex.encodeHexString(authData.getAaguid()), getCertificates(authData));
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(certificationKeyStore);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            this.log.error("Unrecoverable problem with the platform", e);
            System.exit(1);
            return null;
        }
    }
}
