package org.gluu.oxauth.fido2.service.processors.impl;

import com.fasterxml.jackson.databind.JsonNode;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.gluu.oxauth.fido2.cryptoutils.CoseService;
import org.gluu.oxauth.fido2.cryptoutils.CryptoUtils;
import org.gluu.oxauth.fido2.ctap.AttestationFormat;
import org.gluu.oxauth.fido2.model.auth.AuthData;
import org.gluu.oxauth.fido2.model.auth.CredAndCounterData;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationData;
import org.gluu.oxauth.fido2.service.Base64Service;
import org.gluu.oxauth.fido2.service.CertificateSelector;
import org.gluu.oxauth.fido2.service.CertificateValidator;
import org.gluu.oxauth.fido2.service.processors.AttestationFormatProcessor;
import org.gluu.oxauth.fido2.service.verifier.CommonVerifiers;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/processors/impl/U2FAttestationProcessor.class */
public class U2FAttestationProcessor implements AttestationFormatProcessor {

    @Inject
    private Logger log;

    @Inject
    private CommonVerifiers commonVerifiers;

    @Inject
    private CertificateSelector certificateSelector;

    @Inject
    private CertificateValidator certificateValidator;

    @Inject
    private CoseService coseService;

    @Inject
    private Base64Service base64Service;

    @Inject
    private CryptoUtils cryptoUtils;

    @Override // org.gluu.oxauth.fido2.service.processors.AttestationFormatProcessor
    public AttestationFormat getAttestationFormat() {
        return AttestationFormat.fido_u2f;
    }

    @Override // org.gluu.oxauth.fido2.service.processors.AttestationFormatProcessor
    public void process(JsonNode jsonNode, AuthData authData, Fido2RegistrationData fido2RegistrationData, byte[] bArr, CredAndCounterData credAndCounterData) {
        String verifyBase64String = this.commonVerifiers.verifyBase64String(jsonNode.get("sig"));
        this.commonVerifiers.verifyAAGUIDZeroed(authData);
        this.commonVerifiers.verifyUserPresent(authData);
        this.commonVerifiers.verifyRpIdHash(authData, fido2RegistrationData.getDomain());
        if (jsonNode.hasNonNull("x5c")) {
            Iterator elements = jsonNode.get("x5c").elements();
            ArrayList<String> arrayList = new ArrayList<>();
            while (elements.hasNext()) {
                arrayList.add(((JsonNode) elements.next()).asText());
            }
            List<X509Certificate> certificates = this.cryptoUtils.getCertificates(arrayList);
            credAndCounterData.setSignatureAlgorithm(-7);
            this.commonVerifiers.verifyU2FAttestationSignature(authData, bArr, verifyBase64String, this.certificateValidator.verifyAttestationCertificates(certificates, this.certificateSelector.selectRootCertificate(certificates.get(0))), -7);
        } else {
            if (jsonNode.hasNonNull("ecdaaKeyId")) {
                jsonNode.get("ecdaaKeyId").asText();
                throw new UnsupportedOperationException("TODO");
            }
            this.commonVerifiers.verifyPackedSurrogateAttestationSignature(authData.getAuthDataDecoded(), bArr, verifyBase64String, this.coseService.getPublicKeyFromUncompressedECPoint(authData.getCOSEPublicKey()), -7);
        }
        credAndCounterData.setAttestationType(getAttestationFormat().getFmt());
        credAndCounterData.setCredId(this.base64Service.urlEncodeToString(authData.getCredId()));
        credAndCounterData.setUncompressedEcPoint(this.base64Service.urlEncodeToString(authData.getCOSEPublicKey()));
    }
}
