package org.xdi.oxauth.service.fido.u2f;

import com.google.common.io.ByteArrayDataOutput;
import com.google.common.io.ByteStreams;
import java.io.IOException;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.xdi.oxauth.crypto.signature.SHA256withECDSASignatureVerification;
import org.xdi.oxauth.model.exception.SignatureException;
import org.xdi.oxauth.model.fido.u2f.exception.BadInputException;
import org.xdi.oxauth.model.fido.u2f.message.RawAuthenticateResponse;
import org.xdi.oxauth.model.fido.u2f.protocol.ClientData;
import org.xdi.oxauth.model.util.Base64Util;
import org.xdi.util.io.ByteDataInputStream;

@Stateless
@Named
/* loaded from: input_file:org/xdi/oxauth/service/fido/u2f/RawAuthenticationService.class */
public class RawAuthenticationService {
    public static final String AUTHENTICATE_GET_TYPE = "navigator.id.getAssertion";
    public static final String AUTHENTICATE_CANCEL_TYPE = "navigator.id.cancelAssertion";
    public static final String[] SUPPORTED_AUTHENTICATE_TYPES = {AUTHENTICATE_GET_TYPE, AUTHENTICATE_CANCEL_TYPE};

    @Inject
    private Logger log;

    @Inject
    @Named("sha256withECDSASignatureVerification")
    private SHA256withECDSASignatureVerification signatureVerification;

    public RawAuthenticateResponse parseRawAuthenticateResponse(String str) {
        ByteDataInputStream byteDataInputStream = new ByteDataInputStream(Base64Util.base64urldecode(str));
        try {
            try {
                RawAuthenticateResponse rawAuthenticateResponse = new RawAuthenticateResponse(byteDataInputStream.readSigned(), byteDataInputStream.readInt(), byteDataInputStream.readAll());
                IOUtils.closeQuietly(byteDataInputStream);
                return rawAuthenticateResponse;
            } catch (IOException e) {
                throw new BadInputException("Failed to parse RAW authenticate response", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(byteDataInputStream);
            throw th;
        }
    }

    public void checkSignature(String str, ClientData clientData, RawAuthenticateResponse rawAuthenticateResponse, byte[] bArr) throws BadInputException {
        try {
            this.signatureVerification.checkSignature(this.signatureVerification.decodePublicKey(bArr), packBytesToSign(this.signatureVerification.hash(str), rawAuthenticateResponse.getUserPresence(), rawAuthenticateResponse.getCounter(), this.signatureVerification.hash(clientData.getRawClientData())), rawAuthenticateResponse.getSignature());
        } catch (SignatureException e) {
            throw new BadInputException("Failed to checkSignature", e);
        }
    }

    private byte[] packBytesToSign(byte[] bArr, byte b, long j, byte[] bArr2) {
        ByteArrayDataOutput newDataOutput = ByteStreams.newDataOutput();
        newDataOutput.write(bArr);
        newDataOutput.write(b);
        newDataOutput.writeInt((int) j);
        newDataOutput.write(bArr2);
        return newDataOutput.toByteArray();
    }
}
