package com.yubico.webauthn.attestation.matcher;

import com.fasterxml.jackson.databind.JsonNode;
import com.yubico.webauthn.attestation.DeviceMatcher;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.exception.HexException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.cert.X509Certificate;
import lombok.Generated;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DEROctetString;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yubico/webauthn/attestation/matcher/ExtensionMatcher.class */
public final class ExtensionMatcher implements DeviceMatcher {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ExtensionMatcher.class);
    private static final Charset CHARSET = Charset.forName("UTF-8");
    public static final String SELECTOR_TYPE = "x509Extension";
    private static final String EXTENSION_KEY = "key";
    private static final String EXTENSION_VALUE = "value";
    private static final String EXTENSION_VALUE_TYPE = "type";
    private static final String EXTENSION_VALUE_VALUE = "value";
    private static final String EXTENSION_VALUE_TYPE_HEX = "hex";

    @Override // com.yubico.webauthn.attestation.DeviceMatcher
    public boolean matches(X509Certificate x509Certificate, JsonNode jsonNode) {
        String asText = jsonNode.get(EXTENSION_KEY).asText();
        JsonNode jsonNode2 = jsonNode.get("value");
        byte[] extensionValue = x509Certificate.getExtensionValue(asText);
        if (extensionValue == null) {
            return false;
        }
        if (jsonNode2 == null) {
            return true;
        }
        try {
            ASN1Primitive fromByteArray = ASN1Primitive.fromByteArray(extensionValue);
            if (jsonNode2.isObject()) {
                if (matchTypedValue(asText, jsonNode2, fromByteArray)) {
                    return true;
                }
            } else if (jsonNode2.isTextual() && matchStringValue(asText, jsonNode2, fromByteArray)) {
                return true;
            }
            return false;
        } catch (IOException e) {
            log.error("Failed to parse extension value as ASN1: {}", new ByteArray(extensionValue).getHex(), e);
            return false;
        }
    }

    private boolean matchStringValue(String str, JsonNode jsonNode, ASN1Primitive aSN1Primitive) {
        if (aSN1Primitive instanceof DEROctetString) {
            return jsonNode.asText().equals(new String(((DEROctetString) aSN1Primitive).getOctets(), CHARSET));
        }
        log.debug("Expected text string value for extension {}, was: {}", str, aSN1Primitive);
        return false;
    }

    private boolean matchTypedValue(String str, JsonNode jsonNode, ASN1Primitive aSN1Primitive) {
        String textValue = jsonNode.get(EXTENSION_VALUE_TYPE).textValue();
        boolean z = -1;
        switch (textValue.hashCode()) {
            case 103195:
                if (textValue.equals(EXTENSION_VALUE_TYPE_HEX)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return matchHex(str, jsonNode, aSN1Primitive);
            default:
                throw new IllegalArgumentException(String.format("Unknown extension value type \"%s\" for extension \"%s\"", textValue, str));
        }
    }

    private boolean matchHex(String str, JsonNode jsonNode, ASN1Primitive aSN1Primitive) {
        String textValue = jsonNode.get("value").textValue();
        try {
            ByteArray fromHex = ByteArray.fromHex(textValue);
            if (!(aSN1Primitive instanceof DEROctetString)) {
                log.debug("Expected nested bit string value for extension {}, was: {}", str, aSN1Primitive);
                return false;
            }
            try {
                DEROctetString fromByteArray = ASN1Primitive.fromByteArray(((DEROctetString) aSN1Primitive).getOctets());
                if (fromByteArray instanceof DEROctetString) {
                    return fromHex.equals(new ByteArray(fromByteArray.getOctets()));
                }
                log.debug("Expected nested bit string value for extension {}, was: {}", str, aSN1Primitive);
                return false;
            } catch (IOException e) {
                log.debug("Failed to parse {} extension value as ASN1: {}", str, aSN1Primitive);
                return false;
            }
        } catch (HexException e2) {
            throw new IllegalArgumentException(String.format("Bad hex value in extension %s: %s", str, textValue));
        }
    }
}
