package org.gluu.oxauth.fido2.service.processor.attestation;

import com.fasterxml.jackson.databind.JsonNode;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.bouncycastle.asn1.ASN1Sequence;
import org.gluu.oxauth.fido2.androind.AndroidKeyUtils;
import org.gluu.oxauth.fido2.ctap.AttestationFormat;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.fido2.model.auth.AuthData;
import org.gluu.oxauth.fido2.model.auth.CredAndCounterData;
import org.gluu.oxauth.fido2.model.entry.Fido2RegistrationData;
import org.gluu.oxauth.fido2.service.CertificateService;
import org.gluu.oxauth.fido2.service.CertificateValidator;
import org.gluu.oxauth.fido2.service.mds.AttestationCertificateService;
import org.gluu.oxauth.fido2.service.processors.AttestationFormatProcessor;
import org.gluu.oxauth.fido2.service.verifier.AuthenticatorDataVerifier;
import org.gluu.oxauth.fido2.service.verifier.CommonVerifiers;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/processor/attestation/AndroidKeyAttestationProcessor.class */
public class AndroidKeyAttestationProcessor implements AttestationFormatProcessor {

    @Inject
    private Logger log;

    @Inject
    private CommonVerifiers commonVerifiers;

    @Inject
    private AuthenticatorDataVerifier authenticatorDataVerifier;

    @Inject
    private CertificateService certificateService;

    @Inject
    private CertificateValidator certificateValidator;

    @Inject
    private AndroidKeyUtils androidKeyUtils;

    @Inject
    private AttestationCertificateService attestationCertificateService;

    @Override // org.gluu.oxauth.fido2.service.processors.AttestationFormatProcessor
    public AttestationFormat getAttestationFormat() {
        return AttestationFormat.android_key;
    }

    @Override // org.gluu.oxauth.fido2.service.processors.AttestationFormatProcessor
    public void process(JsonNode jsonNode, AuthData authData, Fido2RegistrationData fido2RegistrationData, byte[] bArr, CredAndCounterData credAndCounterData) {
        this.log.debug("Android-key payload");
        Iterator elements = jsonNode.get("x5c").elements();
        ArrayList arrayList = new ArrayList();
        while (elements.hasNext()) {
            arrayList.add(((JsonNode) elements.next()).asText());
        }
        List<X509Certificate> certificates = this.certificateService.getCertificates(arrayList);
        X509Certificate verifyAttestationCertificates = this.certificateValidator.verifyAttestationCertificates(certificates, this.attestationCertificateService.getAttestationRootCertificates(authData, certificates));
        try {
            ASN1Sequence extractAttestationSequence = this.androidKeyUtils.extractAttestationSequence(verifyAttestationCertificates);
            AndroidKeyUtils.getIntegerFromAsn1(extractAttestationSequence.getObjectAt(0));
            AndroidKeyUtils.getIntegerFromAsn1(extractAttestationSequence.getObjectAt(1));
            AndroidKeyUtils.getIntegerFromAsn1(extractAttestationSequence.getObjectAt(3));
            if (!Arrays.equals(bArr, extractAttestationSequence.getObjectAt(4).getOctets())) {
                throw new Fido2RPRuntimeException("Invalid android key attestation");
            }
            extractAttestationSequence.getObjectAt(6).toArray();
            extractAttestationSequence.getObjectAt(7).toArray();
            this.authenticatorDataVerifier.verifyAttestationSignature(authData, bArr, this.commonVerifiers.verifyBase64String(jsonNode.get("sig")), verifyAttestationCertificates, authData.getKeyType());
        } catch (Exception e) {
            this.log.warn("Problem with android key", e);
            throw new Fido2RPRuntimeException("Problem with android key");
        }
    }
}
