package org.gluu.oxauth.fido2.service.verifier;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.IOException;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.codec.digest.DigestUtils;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.auth.AuthData;
import org.gluu.oxauth.fido2.model.auth.CredAndCounterData;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationData;
import org.gluu.oxauth.fido2.service.AuthenticatorDataParser;
import org.gluu.oxauth.fido2.service.Base64Service;
import org.gluu.oxauth.fido2.service.DataMapperService;
import org.gluu.oxauth.fido2.service.processor.attestation.AttestationProcessorFactory;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/verifier/AttestationVerifier.class */
public class AttestationVerifier {

    @Inject
    private Logger log;

    @Inject
    private CommonVerifiers commonVerifiers;

    @Inject
    private AuthenticatorDataParser authenticatorDataParser;

    @Inject
    private Base64Service base64Service;

    @Inject
    private DataMapperService dataMapperService;

    @Inject
    private AttestationProcessorFactory attestationProcessorFactory;

    public CredAndCounterData verifyAuthenticatorAttestationResponse(JsonNode jsonNode, Fido2RegistrationData fido2RegistrationData) {
        if (!jsonNode.hasNonNull("attestationObject") || !jsonNode.hasNonNull("clientDataJSON")) {
            throw new Fido2RPRuntimeException("Authenticator data is invalid");
        }
        String asText = jsonNode.get("attestationObject").asText();
        String asText2 = jsonNode.get("clientDataJSON").asText();
        byte[] urlDecode = this.base64Service.urlDecode(asText);
        CredAndCounterData credAndCounterData = new CredAndCounterData();
        try {
            if (urlDecode == null) {
                throw new Fido2RPRuntimeException("Attestation object is empty");
            }
            JsonNode cborReadTree = this.dataMapperService.cborReadTree(urlDecode);
            if (cborReadTree == null) {
                throw new Fido2RPRuntimeException("Attestation JSON is empty");
            }
            String verifyFmt = this.commonVerifiers.verifyFmt(cborReadTree, "fmt");
            this.log.debug("Authenticator data {} {}", verifyFmt, cborReadTree.toString());
            fido2RegistrationData.setAttestationType(verifyFmt);
            JsonNode jsonNode2 = cborReadTree.get("attStmt");
            this.commonVerifiers.verifyAuthStatement(jsonNode2);
            AuthData parseAttestationData = this.authenticatorDataParser.parseAttestationData(this.commonVerifiers.verifyAuthData(cborReadTree.get("authData")));
            int parseCounter = this.authenticatorDataParser.parseCounter(parseAttestationData.getCounters());
            this.commonVerifiers.verifyCounter(parseCounter);
            credAndCounterData.setCounters(parseCounter);
            this.attestationProcessorFactory.getCommandProcessor(verifyFmt).process(jsonNode2, parseAttestationData, fido2RegistrationData, DigestUtils.getSha256Digest().digest(this.base64Service.urlDecode(asText2)), credAndCounterData);
            return credAndCounterData;
        } catch (IOException e) {
            throw new Fido2RPRuntimeException("Failed to parse and verify authenticator attestation response data", e);
        }
    }
}
