package com.webauthn4j.validator;

import com.webauthn4j.WebAuthnAuthenticationContext;
import com.webauthn4j.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.authenticator.Authenticator;
import com.webauthn4j.client.CollectedClientData;
import com.webauthn4j.converter.AuthenticatorDataConverter;
import com.webauthn4j.converter.CollectedClientDataConverter;
import com.webauthn4j.server.ServerProperty;
import com.webauthn4j.util.AssertUtil;
import com.webauthn4j.validator.exception.MaliciousDataException;
import com.webauthn4j.validator.exception.UserNotPresentException;
import com.webauthn4j.validator.exception.UserNotVerifiedException;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/webauthn4j/validator/WebAuthnAuthenticationContextValidator.class */
public class WebAuthnAuthenticationContextValidator {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private final ChallengeValidator challengeValidator = new ChallengeValidator();
    private final OriginValidator originValidator = new OriginValidator();
    private final TokenBindingValidator tokenBindingValidator = new TokenBindingValidator();
    private final RpIdHashValidator rpIdHashValidator = new RpIdHashValidator();
    private final AssertionSignatureValidator assertionSignatureValidator = new AssertionSignatureValidator();
    private final AuthenticatorDataConverter authenticatorDataConverter = new AuthenticatorDataConverter();
    private final CollectedClientDataConverter collectedClientDataConverter = new CollectedClientDataConverter();
    private MaliciousCounterValueHandler maliciousCounterValueHandler = new DefaultMaliciousCounterValueHandler();

    public void validate(WebAuthnAuthenticationContext webAuthnAuthenticationContext, Authenticator authenticator, boolean z) {
        byte[] collectedClientData = webAuthnAuthenticationContext.getCollectedClientData();
        byte[] authenticatorData = webAuthnAuthenticationContext.getAuthenticatorData();
        BeanAssertUtil.validate(webAuthnAuthenticationContext);
        CollectedClientData convert = this.collectedClientDataConverter.convert(collectedClientData);
        AuthenticatorData convert2 = this.authenticatorDataConverter.convert(authenticatorData);
        ServerProperty serverProperty = webAuthnAuthenticationContext.getServerProperty();
        BeanAssertUtil.validate(convert);
        BeanAssertUtil.validate(convert2);
        BeanAssertUtil.validate(serverProperty);
        if (!Objects.equals(convert.getType(), CollectedClientData.TYPE_WEBAUTHN_GET)) {
            throw new MaliciousDataException("Bad client data type");
        }
        this.challengeValidator.validate(convert, serverProperty);
        this.originValidator.validate(convert, serverProperty);
        this.tokenBindingValidator.validate(convert.getTokenBinding(), serverProperty.getTokenBindingId());
        this.rpIdHashValidator.validate(convert2.getRpIdHash(), serverProperty);
        if (z && !convert2.isFlagUV()) {
            throw new UserNotVerifiedException("User not verified");
        }
        if (!z && !convert2.isFlagUP()) {
            throw new UserNotPresentException("User not present");
        }
        this.assertionSignatureValidator.validate(webAuthnAuthenticationContext, authenticator.getAttestedCredentialData().getCredentialPublicKey());
        long signCount = convert2.getSignCount();
        long counter = authenticator.getCounter();
        if (signCount > 0 || counter > 0) {
            if (signCount > counter) {
                authenticator.setCounter(signCount);
            } else {
                this.maliciousCounterValueHandler.maliciousCounterValueDetected(webAuthnAuthenticationContext, authenticator);
            }
        }
    }

    public MaliciousCounterValueHandler getMaliciousCounterValueHandler() {
        return this.maliciousCounterValueHandler;
    }

    public void setMaliciousCounterValueHandler(MaliciousCounterValueHandler maliciousCounterValueHandler) {
        AssertUtil.notNull(maliciousCounterValueHandler, "maliciousCounterValueHandler must not be null");
        this.maliciousCounterValueHandler = maliciousCounterValueHandler;
    }
}
