package com.webauthn4j.validator;

import com.webauthn4j.data.AuthenticationData;
import com.webauthn4j.data.attestation.authenticator.COSEKey;
import com.webauthn4j.data.attestation.statement.SignatureAlgorithm;
import com.webauthn4j.util.MessageDigestUtil;
import com.webauthn4j.validator.exception.BadSignatureException;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/webauthn4j-core-0.12.0.RELEASE.jar:com/webauthn4j/validator/AssertionSignatureValidator.class */
class AssertionSignatureValidator {
    final Logger logger = LoggerFactory.getLogger((Class<?>) AssertionSignatureValidator.class);

    public void validate(AuthenticationData authenticationData, COSEKey cOSEKey) {
        if (!verifySignature(cOSEKey, authenticationData.getSignature(), getSignedData(authenticationData))) {
            throw new BadSignatureException("Assertion signature is not valid.");
        }
    }

    private byte[] getSignedData(AuthenticationData authenticationData) {
        MessageDigest createSHA256 = MessageDigestUtil.createSHA256();
        byte[] authenticatorDataBytes = authenticationData.getAuthenticatorDataBytes();
        byte[] digest = createSHA256.digest(authenticationData.getCollectedClientDataBytes());
        return ByteBuffer.allocate(authenticatorDataBytes.length + digest.length).put(authenticatorDataBytes).put(digest).array();
    }

    private boolean verifySignature(COSEKey cOSEKey, byte[] bArr, byte[] bArr2) {
        try {
            PublicKey publicKey = cOSEKey.getPublicKey();
            Signature signature = Signature.getInstance(SignatureAlgorithm.create(cOSEKey.getAlgorithm()).getJcaName());
            signature.initVerify(publicKey);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (IllegalArgumentException e) {
            this.logger.debug("COSE key alg must be signature algorithm.", (Throwable) e);
            return false;
        } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            this.logger.debug("Unexpected exception is thrown during signature verification.", e2);
            return false;
        }
    }
}
