package org.gluu.oxauth.fido2.service.mds;

import com.fasterxml.jackson.databind.JsonNode;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.binary.Hex;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.auth.AuthData;
import org.gluu.oxauth.fido2.service.CertificateService;
import org.gluu.oxauth.fido2.service.DataMapperService;
import org.gluu.oxauth.fido2.service.KeyStoreCreator;
import org.gluu.oxauth.fido2.service.verifier.CommonVerifiers;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.service.cdi.event.ApplicationInitialized;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/mds/AttestationCertificateService.class */
public class AttestationCertificateService {

    @Inject
    private Logger log;

    @Inject
    private AppConfiguration appConfiguration;

    @Inject
    private KeyStoreCreator keyStoreCreator;

    @Inject
    private CertificateService certificateService;

    @Inject
    private CommonVerifiers commonVerifiers;

    @Inject
    private MdsService mdsService;

    @Inject
    private LocalMdsService localMdsService;

    @Inject
    private DataMapperService dataMapperService;
    private Map<String, X509Certificate> rootCertificatesMap;

    public void init(@Observes @ApplicationInitialized(ApplicationScoped.class) Object obj) {
        if (this.appConfiguration.getFido2Configuration() == null) {
            return;
        }
        this.rootCertificatesMap = this.certificateService.getCertificatesMap(this.appConfiguration.getFido2Configuration().getAuthenticatorCertsFolder());
    }

    public List<X509Certificate> getAttestationRootCertificates(JsonNode jsonNode, List<X509Certificate> list) {
        if (jsonNode == null || !jsonNode.has("attestationRootCertificates")) {
            return this.certificateService.selectRootCertificates(this.rootCertificatesMap, list);
        }
        Iterator elements = jsonNode.get("attestationRootCertificates").elements();
        ArrayList arrayList = new ArrayList();
        while (elements.hasNext()) {
            arrayList.add(((JsonNode) elements.next()).asText());
        }
        return this.certificateService.getCertificates(arrayList);
    }

    public List<X509Certificate> getAttestationRootCertificates(AuthData authData, List<X509Certificate> list) {
        String encodeHexString = Hex.encodeHexString(authData.getAaguid());
        JsonNode authenticatorsMetadata = this.localMdsService.getAuthenticatorsMetadata(encodeHexString);
        if (authenticatorsMetadata == null) {
            try {
                this.log.info("No metadata for authenticator {}. Attempting to contact MDS", encodeHexString);
                JsonNode fetchMetadata = this.mdsService.fetchMetadata(authData.getAaguid());
                this.commonVerifiers.verifyThatMetadataIsValid(fetchMetadata);
                this.localMdsService.registerAuthenticatorsMetadata(encodeHexString, fetchMetadata);
                return getAttestationRootCertificates(fetchMetadata, list);
            } catch (Fido2RPRuntimeException e) {
                this.log.warn("Failed to get metadaa from Fido2 meta-data server");
                authenticatorsMetadata = this.dataMapperService.createObjectNode();
                this.localMdsService.registerAuthenticatorsMetadata(encodeHexString, authenticatorsMetadata);
            }
        }
        return getAttestationRootCertificates(authenticatorsMetadata, list);
    }

    public X509TrustManager populateTrustManager(AuthData authData, List<X509Certificate> list) {
        KeyStore certificationKeyStore = getCertificationKeyStore(Hex.encodeHexString(authData.getAaguid()), getAttestationRootCertificates(authData, list));
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(certificationKeyStore);
            return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            this.log.error("Unrecoverable problem with the platform", e);
            return null;
        }
    }

    private KeyStore getCertificationKeyStore(String str, List<X509Certificate> list) {
        return this.keyStoreCreator.createKeyStore(str, list);
    }
}
