package com.webauthn4j.validator;

import com.webauthn4j.authenticator.CoreAuthenticator;
import com.webauthn4j.data.CoreAuthenticationData;
import com.webauthn4j.data.CoreAuthenticationParameters;
import com.webauthn4j.data.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput;
import com.webauthn4j.server.CoreServerProperty;
import com.webauthn4j.util.AssertUtil;
import com.webauthn4j.validator.exception.ConstraintViolationException;
import com.webauthn4j.validator.exception.UserNotPresentException;
import com.webauthn4j.validator.exception.UserNotVerifiedException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/webauthn4j/validator/CoreAuthenticationDataValidator.class */
public class CoreAuthenticationDataValidator {
    private final RpIdHashValidator rpIdHashValidator;
    private final AuthenticatorExtensionValidator authenticatorExtensionValidator;
    private final List<CustomCoreAuthenticationValidator> customAuthenticationValidators;
    private AssertionSignatureValidator assertionSignatureValidator;
    private CoreMaliciousCounterValueHandler coreMaliciousCounterValueHandler;

    public CoreAuthenticationDataValidator(List<CustomCoreAuthenticationValidator> list) {
        this.rpIdHashValidator = new RpIdHashValidator();
        this.authenticatorExtensionValidator = new AuthenticatorExtensionValidator();
        this.assertionSignatureValidator = new AssertionSignatureValidator();
        this.coreMaliciousCounterValueHandler = new DefaultCoreMaliciousCounterValueHandler();
        this.customAuthenticationValidators = list;
    }

    public CoreAuthenticationDataValidator() {
        this(new ArrayList());
    }

    protected CoreAuthenticationDataValidator(List<CustomCoreAuthenticationValidator> list, AssertionSignatureValidator assertionSignatureValidator) {
        this.rpIdHashValidator = new RpIdHashValidator();
        this.authenticatorExtensionValidator = new AuthenticatorExtensionValidator();
        this.assertionSignatureValidator = new AssertionSignatureValidator();
        this.coreMaliciousCounterValueHandler = new DefaultCoreMaliciousCounterValueHandler();
        this.customAuthenticationValidators = list;
        this.assertionSignatureValidator = assertionSignatureValidator;
    }

    public void validate(CoreAuthenticationData coreAuthenticationData, CoreAuthenticationParameters coreAuthenticationParameters) {
        BeanAssertUtil.validate(coreAuthenticationData);
        BeanAssertUtil.validate(coreAuthenticationParameters);
        AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData = coreAuthenticationData.getAuthenticatorData();
        CoreServerProperty serverProperty = coreAuthenticationParameters.getServerProperty();
        BeanAssertUtil.validate(authenticatorData);
        BeanAssertUtil.validate(serverProperty);
        validateAuthenticatorData(authenticatorData);
        CoreAuthenticator authenticator = coreAuthenticationParameters.getAuthenticator();
        CoreAuthenticationObject createCoreAuthenticationObject = createCoreAuthenticationObject(coreAuthenticationData, coreAuthenticationParameters);
        this.rpIdHashValidator.validate(authenticatorData.getRpIdHash(), serverProperty);
        if (coreAuthenticationParameters.isUserPresenceRequired() && !authenticatorData.isFlagUP()) {
            throw new UserNotPresentException("Validator is configured to check user present, but UP flag in authenticatorData is not set.");
        }
        if (coreAuthenticationParameters.isUserVerificationRequired() && !authenticatorData.isFlagUV()) {
            throw new UserNotVerifiedException("Validator is configured to check user verified, but UV flag in authenticatorData is not set.");
        }
        this.authenticatorExtensionValidator.validate(authenticatorData.getExtensions());
        this.assertionSignatureValidator.validate(coreAuthenticationData, authenticator.getAttestedCredentialData().getCOSEKey());
        long signCount = authenticatorData.getSignCount();
        long counter = authenticator.getCounter();
        if (signCount > 0 || counter > 0) {
            if (signCount > counter) {
                authenticator.setCounter(signCount);
            } else {
                this.coreMaliciousCounterValueHandler.maliciousCounterValueDetected(createCoreAuthenticationObject);
            }
        }
        Iterator<CustomCoreAuthenticationValidator> it = this.customAuthenticationValidators.iterator();
        while (it.hasNext()) {
            it.next().validate(createCoreAuthenticationObject);
        }
    }

    protected CoreAuthenticationObject createCoreAuthenticationObject(CoreAuthenticationData coreAuthenticationData, CoreAuthenticationParameters coreAuthenticationParameters) {
        return new CoreAuthenticationObject(coreAuthenticationData.getCredentialId(), coreAuthenticationData.getAuthenticatorData(), coreAuthenticationData.getAuthenticatorDataBytes(), coreAuthenticationData.getClientDataHash(), coreAuthenticationParameters.getServerProperty(), coreAuthenticationParameters.getAuthenticator());
    }

    void validateAuthenticatorData(AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData) {
        if (authenticatorData.getAttestedCredentialData() != null) {
            throw new ConstraintViolationException("attestedCredentialData must be null on authentication");
        }
    }

    public CoreMaliciousCounterValueHandler getMaliciousCounterValueHandler() {
        return this.coreMaliciousCounterValueHandler;
    }

    public void setMaliciousCounterValueHandler(CoreMaliciousCounterValueHandler coreMaliciousCounterValueHandler) {
        AssertUtil.notNull(coreMaliciousCounterValueHandler, "maliciousCounterValueHandler must not be null");
        this.coreMaliciousCounterValueHandler = coreMaliciousCounterValueHandler;
    }

    public List<CustomCoreAuthenticationValidator> getCustomAuthenticationValidators() {
        return this.customAuthenticationValidators;
    }
}
