package com.webauthn4j.validator;

import com.webauthn4j.converter.AttestationObjectConverter;
import com.webauthn4j.converter.AuthenticationExtensionsClientOutputsConverter;
import com.webauthn4j.converter.AuthenticatorTransportConverter;
import com.webauthn4j.converter.CollectedClientDataConverter;
import com.webauthn4j.converter.util.CborConverter;
import com.webauthn4j.converter.util.JsonConverter;
import com.webauthn4j.data.AuthenticatorTransport;
import com.webauthn4j.data.WebAuthnRegistrationContext;
import com.webauthn4j.data.attestation.AttestationObject;
import com.webauthn4j.data.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.data.client.ClientDataType;
import com.webauthn4j.data.client.CollectedClientData;
import com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs;
import com.webauthn4j.server.ServerProperty;
import com.webauthn4j.util.AssertUtil;
import com.webauthn4j.util.exception.WebAuthnException;
import com.webauthn4j.validator.attestation.statement.AttestationStatementValidator;
import com.webauthn4j.validator.attestation.statement.androidkey.NullAndroidKeyAttestationStatementValidator;
import com.webauthn4j.validator.attestation.statement.androidsafetynet.NullAndroidSafetyNetAttestationStatementValidator;
import com.webauthn4j.validator.attestation.statement.none.NoneAttestationStatementValidator;
import com.webauthn4j.validator.attestation.statement.packed.NullPackedAttestationStatementValidator;
import com.webauthn4j.validator.attestation.statement.u2f.NullFIDOU2FAttestationStatementValidator;
import com.webauthn4j.validator.attestation.trustworthiness.certpath.CertPathTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.certpath.NullCertPathTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.ecdaa.ECDAATrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.ecdaa.NullECDAATrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.self.DefaultSelfAttestationTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.self.NullSelfAttestationTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.self.SelfAttestationTrustworthinessValidator;
import com.webauthn4j.validator.exception.ConstraintViolationException;
import com.webauthn4j.validator.exception.MaliciousDataException;
import com.webauthn4j.validator.exception.UserNotPresentException;
import com.webauthn4j.validator.exception.UserNotVerifiedException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;

/* loaded from: input_file:BOOT-INF/lib/webauthn4j-core-0.9.14.RELEASE.jar:com/webauthn4j/validator/WebAuthnRegistrationContextValidator.class */
public class WebAuthnRegistrationContextValidator {
    private final CollectedClientDataConverter collectedClientDataConverter;
    private final AttestationObjectConverter attestationObjectConverter;
    private final AuthenticatorTransportConverter authenticatorTransportConverter;
    private final AuthenticationExtensionsClientOutputsConverter authenticationExtensionsClientOutputsConverter;
    private final ChallengeValidator challengeValidator;
    private final OriginValidator originValidator;
    private final TokenBindingValidator tokenBindingValidator;
    private final RpIdHashValidator rpIdHashValidator;
    private final ExtensionValidator extensionValidator;
    private final List<CustomRegistrationValidator> customRegistrationValidators;
    private final AttestationValidator attestationValidator;

    public WebAuthnRegistrationContextValidator(List<AttestationStatementValidator> list, CertPathTrustworthinessValidator certPathTrustworthinessValidator, ECDAATrustworthinessValidator eCDAATrustworthinessValidator) {
        this(list, certPathTrustworthinessValidator, eCDAATrustworthinessValidator, new DefaultSelfAttestationTrustworthinessValidator(), new JsonConverter(), new CborConverter());
    }

    public WebAuthnRegistrationContextValidator(List<AttestationStatementValidator> list, CertPathTrustworthinessValidator certPathTrustworthinessValidator, ECDAATrustworthinessValidator eCDAATrustworthinessValidator, SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator) {
        this(list, certPathTrustworthinessValidator, eCDAATrustworthinessValidator, selfAttestationTrustworthinessValidator, new JsonConverter(), new CborConverter());
    }

    public WebAuthnRegistrationContextValidator(List<AttestationStatementValidator> list, CertPathTrustworthinessValidator certPathTrustworthinessValidator, ECDAATrustworthinessValidator eCDAATrustworthinessValidator, JsonConverter jsonConverter, CborConverter cborConverter) {
        this(list, certPathTrustworthinessValidator, eCDAATrustworthinessValidator, new DefaultSelfAttestationTrustworthinessValidator(), jsonConverter, cborConverter);
    }

    public WebAuthnRegistrationContextValidator(List<AttestationStatementValidator> list, CertPathTrustworthinessValidator certPathTrustworthinessValidator, ECDAATrustworthinessValidator eCDAATrustworthinessValidator, SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator, JsonConverter jsonConverter, CborConverter cborConverter) {
        this.challengeValidator = new ChallengeValidator();
        this.originValidator = new OriginValidator();
        this.tokenBindingValidator = new TokenBindingValidator();
        this.rpIdHashValidator = new RpIdHashValidator();
        this.extensionValidator = new ExtensionValidator();
        this.customRegistrationValidators = new ArrayList();
        AssertUtil.notNull(list, "attestationStatementValidators must not be null");
        AssertUtil.notNull(certPathTrustworthinessValidator, "certPathTrustworthinessValidator must not be null");
        AssertUtil.notNull(eCDAATrustworthinessValidator, "ecdaaTrustworthinessValidator must not be null");
        AssertUtil.notNull(selfAttestationTrustworthinessValidator, "selfAttestationTrustworthinessValidator must not be null");
        AssertUtil.notNull(jsonConverter, "jsonConverter must not be null");
        AssertUtil.notNull(cborConverter, "cborConverter must not be null");
        this.collectedClientDataConverter = new CollectedClientDataConverter(jsonConverter);
        this.attestationObjectConverter = new AttestationObjectConverter(cborConverter);
        this.authenticatorTransportConverter = new AuthenticatorTransportConverter();
        this.authenticationExtensionsClientOutputsConverter = new AuthenticationExtensionsClientOutputsConverter(jsonConverter);
        this.attestationValidator = new AttestationValidator(list, certPathTrustworthinessValidator, eCDAATrustworthinessValidator, selfAttestationTrustworthinessValidator);
    }

    public static WebAuthnRegistrationContextValidator createNonStrictRegistrationContextValidator() {
        return createNonStrictRegistrationContextValidator(new JsonConverter(), new CborConverter());
    }

    public static WebAuthnRegistrationContextValidator createNonStrictRegistrationContextValidator(JsonConverter jsonConverter, CborConverter cborConverter) {
        return new WebAuthnRegistrationContextValidator(Arrays.asList(new NoneAttestationStatementValidator(), new NullFIDOU2FAttestationStatementValidator(), new NullPackedAttestationStatementValidator(), new NullAndroidKeyAttestationStatementValidator(), new NullAndroidSafetyNetAttestationStatementValidator()), new NullCertPathTrustworthinessValidator(), new NullECDAATrustworthinessValidator(), new NullSelfAttestationTrustworthinessValidator(), jsonConverter, cborConverter);
    }

    public WebAuthnRegistrationContextValidationResponse validate(WebAuthnRegistrationContext webAuthnRegistrationContext) throws WebAuthnException {
        BeanAssertUtil.validate(webAuthnRegistrationContext);
        byte[] clientDataJSON = webAuthnRegistrationContext.getClientDataJSON();
        byte[] attestationObject = webAuthnRegistrationContext.getAttestationObject();
        CollectedClientData convert = this.collectedClientDataConverter.convert(clientDataJSON);
        AttestationObject convert2 = this.attestationObjectConverter.convert(attestationObject);
        Set<AuthenticatorTransport> convertSet = this.authenticatorTransportConverter.convertSet(webAuthnRegistrationContext.getTransports());
        AuthenticationExtensionsClientOutputs convert3 = this.authenticationExtensionsClientOutputsConverter.convert(webAuthnRegistrationContext.getClientExtensionsJSON());
        BeanAssertUtil.validate(convert);
        BeanAssertUtil.validate(convert2);
        BeanAssertUtil.validateAuthenticationExtensionsClientOutputs(convert3);
        validateAuthenticatorDataField(convert2.getAuthenticatorData());
        RegistrationObject registrationObject = new RegistrationObject(convert, clientDataJSON, convert2, attestationObject, this.attestationObjectConverter.extractAuthenticatorData(attestationObject), convertSet, convert3, webAuthnRegistrationContext.getServerProperty());
        AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData = convert2.getAuthenticatorData();
        ServerProperty serverProperty = webAuthnRegistrationContext.getServerProperty();
        if (!Objects.equals(convert.getType(), ClientDataType.CREATE)) {
            throw new MaliciousDataException("ClientData.type must be 'create' on registration, but it isn't.");
        }
        this.challengeValidator.validate(convert, serverProperty);
        this.originValidator.validate(convert, serverProperty);
        this.tokenBindingValidator.validate(convert.getTokenBinding(), serverProperty.getTokenBindingId());
        this.rpIdHashValidator.validate(authenticatorData.getRpIdHash(), serverProperty);
        validateUVUPFlags(authenticatorData, webAuthnRegistrationContext.isUserVerificationRequired(), webAuthnRegistrationContext.isUserPresenceRequired());
        this.extensionValidator.validate(convert3, authenticatorData.getExtensions(), webAuthnRegistrationContext.getExpectedExtensionIds());
        this.attestationValidator.validate(registrationObject);
        Iterator<CustomRegistrationValidator> it = this.customRegistrationValidators.iterator();
        while (it.hasNext()) {
            it.next().validate(registrationObject);
        }
        return new WebAuthnRegistrationContextValidationResponse(convert, convert2, convert3);
    }

    void validateAuthenticatorDataField(AuthenticatorData authenticatorData) {
        if (authenticatorData.getAttestedCredentialData() == null) {
            throw new ConstraintViolationException("attestedCredentialData must not be null on registration");
        }
    }

    void validateUVUPFlags(AuthenticatorData authenticatorData, boolean z, boolean z2) {
        if (z && !authenticatorData.isFlagUV()) {
            throw new UserNotVerifiedException("Validator is configured to check user verified, but UV flag in authenticatorData is not set.");
        }
        if (z2 && !authenticatorData.isFlagUP()) {
            throw new UserNotPresentException("Validator is configured to check user present, but UP flag in authenticatorData is not set.");
        }
    }

    public List<CustomRegistrationValidator> getCustomRegistrationValidators() {
        return this.customRegistrationValidators;
    }
}
