package com.webauthn4j.validator;

import com.webauthn4j.data.attestation.AttestationObject;
import com.webauthn4j.data.attestation.authenticator.AAGUID;
import com.webauthn4j.data.attestation.statement.AttestationStatement;
import com.webauthn4j.data.attestation.statement.AttestationType;
import com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement;
import com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement;
import com.webauthn4j.validator.attestation.statement.AttestationStatementValidator;
import com.webauthn4j.validator.attestation.trustworthiness.certpath.CertPathTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.ecdaa.ECDAATrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.self.SelfAttestationTrustworthinessValidator;
import com.webauthn4j.validator.exception.BadAaguidException;
import com.webauthn4j.validator.exception.BadAttestationStatementException;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:BOOT-INF/lib/webauthn4j-core-0.9.14.RELEASE.jar:com/webauthn4j/validator/AttestationValidator.class */
class AttestationValidator {
    private static final AAGUID U2F_AAGUID = AAGUID.ZERO;
    private final List<AttestationStatementValidator> attestationStatementValidators;
    private final CertPathTrustworthinessValidator certPathTrustworthinessValidator;
    private final ECDAATrustworthinessValidator ecdaaTrustworthinessValidator;
    private final SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AttestationValidator(List<AttestationStatementValidator> list, CertPathTrustworthinessValidator certPathTrustworthinessValidator, ECDAATrustworthinessValidator eCDAATrustworthinessValidator, SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator) {
        this.attestationStatementValidators = list;
        this.certPathTrustworthinessValidator = certPathTrustworthinessValidator;
        this.ecdaaTrustworthinessValidator = eCDAATrustworthinessValidator;
        this.selfAttestationTrustworthinessValidator = selfAttestationTrustworthinessValidator;
    }

    public void validate(RegistrationObject registrationObject) {
        AttestationObject attestationObject = registrationObject.getAttestationObject();
        AttestationType validateAttestationStatement = validateAttestationStatement(registrationObject);
        validateAAGUID(attestationObject);
        AttestationStatement attestationStatement = attestationObject.getAttestationStatement();
        switch (validateAttestationStatement) {
            case SELF:
                if (!(attestationStatement instanceof CertificateBaseAttestationStatement)) {
                    throw new IllegalStateException();
                }
                this.selfAttestationTrustworthinessValidator.validate((CertificateBaseAttestationStatement) attestationStatement);
                return;
            case ECDAA:
                this.ecdaaTrustworthinessValidator.validate(attestationStatement);
                return;
            case BASIC:
            case ATT_CA:
                if (!(attestationStatement instanceof CertificateBaseAttestationStatement)) {
                    throw new IllegalStateException();
                }
                this.certPathTrustworthinessValidator.validate(attestationObject.getAuthenticatorData().getAttestedCredentialData().getAaguid(), (CertificateBaseAttestationStatement) attestationStatement);
                return;
            case NONE:
                return;
            default:
                throw new IllegalStateException();
        }
    }

    void validateAAGUID(AttestationObject attestationObject) {
        if (attestationObject.getFormat().equals(FIDOU2FAttestationStatement.FORMAT) && !Objects.equals(attestationObject.getAuthenticatorData().getAttestedCredentialData().getAaguid(), U2F_AAGUID)) {
            throw new BadAaguidException("AAGUID is expected to be zero filled in U2F attestation, but it isn't.");
        }
    }

    private AttestationType validateAttestationStatement(RegistrationObject registrationObject) {
        for (AttestationStatementValidator attestationStatementValidator : this.attestationStatementValidators) {
            if (attestationStatementValidator.supports(registrationObject)) {
                return attestationStatementValidator.validate(registrationObject);
            }
        }
        throw new BadAttestationStatementException(String.format("AttestationValidator is not configured to handle the supplied AttestationStatement format '%s'.", registrationObject.getAttestationObject().getFormat()));
    }
}
