package com.webauthn4j.appattest.validator;

import com.webauthn4j.appattest.data.DCAttestationData;
import com.webauthn4j.appattest.validator.attestation.statement.appleappattest.AppleAppAttestAttestationStatementValidator;
import com.webauthn4j.converter.util.ObjectConverter;
import com.webauthn4j.data.CoreRegistrationData;
import com.webauthn4j.data.CoreRegistrationParameters;
import com.webauthn4j.data.attestation.authenticator.AAGUID;
import com.webauthn4j.data.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput;
import com.webauthn4j.validator.CoreRegistrationDataValidator;
import com.webauthn4j.validator.CoreRegistrationObject;
import com.webauthn4j.validator.CustomCoreRegistrationValidator;
import com.webauthn4j.validator.attestation.trustworthiness.certpath.CertPathTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.self.DefaultSelfAttestationTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.self.SelfAttestationTrustworthinessValidator;
import com.webauthn4j.validator.exception.BadAaguidException;
import com.webauthn4j.validator.exception.BadAttestationStatementException;
import com.webauthn4j.validator.exception.MaliciousCounterValueException;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:com/webauthn4j/appattest/validator/DCAttestationDataValidator.class */
public class DCAttestationDataValidator extends CoreRegistrationDataValidator {
    private static final AAGUID APPLE_APP_ATTEST_ENVIRONMENT_DEVELOPMENT = new AAGUID("appattestdevelop".getBytes());
    private static final AAGUID APPLE_APP_ATTEST_ENVIRONMENT_PRODUCTION = new AAGUID("appattest��������������".getBytes());
    private boolean production;

    public DCAttestationDataValidator(CertPathTrustworthinessValidator certPathTrustworthinessValidator, List<CustomCoreRegistrationValidator> list, ObjectConverter objectConverter) {
        super(Collections.singletonList(new AppleAppAttestAttestationStatementValidator()), certPathTrustworthinessValidator, createSelfAttestationTrustWorthinessValidator(), list, objectConverter);
        this.production = true;
    }

    public void validate(CoreRegistrationData coreRegistrationData, CoreRegistrationParameters coreRegistrationParameters) {
        super.validate(coreRegistrationData, coreRegistrationParameters);
        validateAuthenticatorData(coreRegistrationData.getAttestationObject().getAuthenticatorData());
        validateKeyId(coreRegistrationData);
    }

    private void validateKeyId(CoreRegistrationData coreRegistrationData) {
        if (!Arrays.equals(((DCAttestationData) coreRegistrationData).getKeyId(), coreRegistrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCredentialId())) {
            throw new BadAttestationStatementException("key identifier doesn't match credentialId.");
        }
    }

    protected CoreRegistrationObject createCoreRegistrationObject(CoreRegistrationData coreRegistrationData, CoreRegistrationParameters coreRegistrationParameters) {
        return new DCRegistrationObject(((DCAttestationData) coreRegistrationData).getKeyId(), coreRegistrationData.getAttestationObject(), coreRegistrationData.getAttestationObjectBytes(), coreRegistrationData.getClientDataHash(), coreRegistrationParameters.getServerProperty(), Instant.now());
    }

    public boolean isProduction() {
        return this.production;
    }

    public void setProduction(boolean z) {
        this.production = z;
    }

    private void validateAuthenticatorData(AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData) {
        if (authenticatorData.getSignCount() != 0) {
            throw new MaliciousCounterValueException("Counter is not zero");
        }
        if (!authenticatorData.getAttestedCredentialData().getAaguid().equals(isProduction() ? APPLE_APP_ATTEST_ENVIRONMENT_PRODUCTION : APPLE_APP_ATTEST_ENVIRONMENT_DEVELOPMENT)) {
            throw new BadAaguidException("Expected AAGUID of either 'appattestdevelop' or 'appattest'");
        }
    }

    private static SelfAttestationTrustworthinessValidator createSelfAttestationTrustWorthinessValidator() {
        DefaultSelfAttestationTrustworthinessValidator defaultSelfAttestationTrustworthinessValidator = new DefaultSelfAttestationTrustworthinessValidator();
        defaultSelfAttestationTrustworthinessValidator.setSelfAttestationAllowed(false);
        return defaultSelfAttestationTrustworthinessValidator;
    }
}
