package org.gluu.oxauth.fido2.service.verifier;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.PublicKey;
import java.security.cert.Certificate;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Hex;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.auth.AuthData;
import org.gluu.oxauth.fido2.service.Base64Service;
import org.gluu.oxauth.fido2.service.DataMapperService;
import org.gluu.oxauth.fido2.service.SignatureValidator;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/verifier/AuthenticatorDataVerifier.class */
public class AuthenticatorDataVerifier {

    @Inject
    private Logger log;

    @Inject
    private Base64Service base64Service;

    @Inject
    private DataMapperService dataMapperService;

    @Inject
    private SignatureValidator signatureValidator;

    public void verifyPackedAttestationSignature(AuthData authData, byte[] bArr, String str, Certificate certificate, int i) {
        byte[] rpIdHash = authData.getRpIdHash();
        int length = 0 + rpIdHash.length;
        byte[] flags = authData.getFlags();
        int length2 = length + flags.length;
        byte[] counters = authData.getCounters();
        byte[] array = ByteBuffer.allocate(length2 + counters.length + bArr.length).put(rpIdHash).put(flags).put(counters).put(bArr).array();
        byte[] decode = this.base64Service.decode(str.getBytes());
        this.log.debug("Signature {}", Hex.encodeHexString(decode));
        this.log.debug("Signature Base {}", Hex.encodeHexString(array));
        this.log.debug("Signature BaseLen {}", Integer.valueOf(array.length));
        this.signatureValidator.verifySignature(decode, array, certificate, i);
    }

    public void verifyPackedAttestationSignature(byte[] bArr, byte[] bArr2, String str, PublicKey publicKey, int i) {
        byte[] array = ByteBuffer.allocate(0 + bArr.length + bArr2.length).put(bArr).put(bArr2).array();
        byte[] decode = this.base64Service.decode(str.getBytes());
        this.log.debug("Signature {}", Hex.encodeHexString(decode));
        this.log.debug("Signature Base {}", Hex.encodeHexString(array));
        this.log.debug("Signature BaseLen {}", Integer.valueOf(array.length));
        this.signatureValidator.verifySignature(decode, array, publicKey, i);
    }

    public void verifyPackedAttestationSignature(byte[] bArr, byte[] bArr2, String str, Certificate certificate, int i) {
        verifyPackedAttestationSignature(bArr, bArr2, str, certificate.getPublicKey(), i);
    }

    public void verifyPackedSurrogateAttestationSignature(byte[] bArr, byte[] bArr2, String str, PublicKey publicKey, int i) {
        byte[] array = ByteBuffer.allocate(0 + bArr.length + bArr2.length).put(bArr).put(bArr2).array();
        byte[] decode = this.base64Service.decode(str.getBytes());
        this.log.debug("Signature {}", Hex.encodeHexString(decode));
        this.log.debug("Signature Base {}", Hex.encodeHexString(array));
        this.log.debug("Signature BaseLen {}", Integer.valueOf(array.length));
        this.signatureValidator.verifySignature(decode, array, publicKey, i);
    }

    public void verifyAssertionSignature(AuthData authData, byte[] bArr, String str, PublicKey publicKey, int i) {
        byte[] rpIdHash = authData.getRpIdHash();
        int length = 0 + rpIdHash.length;
        byte[] flags = authData.getFlags();
        int length2 = length + flags.length;
        byte[] counters = authData.getCounters();
        int length3 = length2 + counters.length;
        byte[] extensions = authData.getExtensions();
        if (extensions == null) {
            extensions = new byte[0];
        }
        int length4 = length3 + extensions.length + bArr.length;
        this.log.debug("Client data hash HEX {}", Hex.encodeHexString(bArr));
        byte[] array = ByteBuffer.allocate(length4).put(rpIdHash).put(flags).put(counters).put(extensions).put(bArr).array();
        byte[] urlDecode = this.base64Service.urlDecode(str.getBytes());
        this.log.debug("Signature {}", Hex.encodeHexString(urlDecode));
        this.log.debug("Signature Base {}", Hex.encodeHexString(array));
        this.log.debug("Signature BaseLen {}", Integer.valueOf(array.length));
        this.signatureValidator.verifySignature(urlDecode, array, publicKey, i);
    }

    private byte[] convertCOSEtoPublicKey(byte[] bArr) {
        try {
            JsonNode cborReadTree = this.dataMapperService.cborReadTree(bArr);
            byte[] decode = this.base64Service.decode(cborReadTree.get("-2").asText());
            byte[] decode2 = this.base64Service.decode(cborReadTree.get("-3").asText());
            byte[] array = ByteBuffer.allocate(1 + decode.length + decode2.length).put((byte) 4).put(decode).put(decode2).array();
            this.log.debug("KeyBytes HEX {}", Hex.encodeHexString(array));
            return array;
        } catch (IOException e) {
            throw new Fido2RPRuntimeException("Can't parse public key");
        }
    }

    public void verifyU2FAttestationSignature(AuthData authData, byte[] bArr, String str, Certificate certificate, int i) {
        byte[] bArr2 = {0};
        int length = 0 + bArr2.length;
        byte[] rpIdHash = authData.getRpIdHash();
        int length2 = length + rpIdHash.length + bArr.length;
        byte[] credId = authData.getCredId();
        int length3 = length2 + credId.length;
        byte[] convertCOSEtoPublicKey = convertCOSEtoPublicKey(authData.getCosePublicKey());
        byte[] array = ByteBuffer.allocate(length3 + convertCOSEtoPublicKey.length).put(bArr2).put(rpIdHash).put(bArr).put(credId).put(convertCOSEtoPublicKey).array();
        byte[] decode = this.base64Service.decode(str.getBytes());
        this.log.debug("Signature {}", Hex.encodeHexString(decode));
        this.log.debug("Signature Base {}", Hex.encodeHexString(array));
        this.signatureValidator.verifySignature(decode, array, certificate, i);
    }

    public void verifyAttestationSignature(AuthData authData, byte[] bArr, String str, Certificate certificate, int i) {
        byte[] attestationBuffer = authData.getAttestationBuffer();
        byte[] array = ByteBuffer.allocate(0 + attestationBuffer.length + bArr.length).put(attestationBuffer).put(bArr).array();
        byte[] decode = this.base64Service.decode(str.getBytes());
        this.log.debug("Signature {}", Hex.encodeHexString(decode));
        this.log.debug("Signature Base {}", Hex.encodeHexString(array));
        this.signatureValidator.verifySignature(decode, array, certificate, i);
    }
}
