package com.yubico.webauthn.attestation.resolver;

import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.yubico.internal.util.CertificateParser;
import com.yubico.internal.util.CollectionUtil;
import com.yubico.internal.util.ExceptionUtil;
import com.yubico.internal.util.OptionalUtil;
import com.yubico.webauthn.attestation.Attestation;
import com.yubico.webauthn.attestation.AttestationResolver;
import com.yubico.webauthn.attestation.DeviceMatcher;
import com.yubico.webauthn.attestation.MetadataObject;
import com.yubico.webauthn.attestation.Transport;
import com.yubico.webauthn.attestation.TrustResolver;
import com.yubico.webauthn.attestation.matcher.ExtensionMatcher;
import com.yubico.webauthn.attestation.matcher.FingerprintMatcher;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import lombok.NonNull;

/* loaded from: input_file:com/yubico/webauthn/attestation/resolver/SimpleAttestationResolver.class */
public final class SimpleAttestationResolver implements AttestationResolver {
    private static final String SELECTORS = "selectors";
    private static final String SELECTOR_TYPE = "type";
    private static final String SELECTOR_PARAMETERS = "parameters";
    private static final String TRANSPORTS = "transports";
    private static final String TRANSPORTS_EXT_OID = "1.3.6.1.4.1.45724.2.1.1";
    private static final Map<String, DeviceMatcher> DEFAULT_DEVICE_MATCHERS = ImmutableMap.of(ExtensionMatcher.SELECTOR_TYPE, new ExtensionMatcher(), FingerprintMatcher.SELECTOR_TYPE, new FingerprintMatcher());
    private final Map<X509Certificate, MetadataObject> metadata;
    private final TrustResolver trustResolver;
    private final Map<String, DeviceMatcher> matchers;

    public SimpleAttestationResolver(@NonNull Collection<MetadataObject> collection, @NonNull TrustResolver trustResolver, @NonNull Map<String, DeviceMatcher> map) throws CertificateException {
        this.metadata = new HashMap();
        if (collection == null) {
            throw new NullPointerException("objects is marked non-null but is null");
        }
        if (trustResolver == null) {
            throw new NullPointerException("trustResolver is marked non-null but is null");
        }
        if (map == null) {
            throw new NullPointerException("matchers is marked non-null but is null");
        }
        for (MetadataObject metadataObject : collection) {
            Iterator<String> it = metadataObject.getTrustedCertificates().iterator();
            while (it.hasNext()) {
                this.metadata.put(CertificateParser.parsePem(it.next()), metadataObject);
            }
        }
        this.trustResolver = trustResolver;
        this.matchers = CollectionUtil.immutableMap(map);
    }

    public SimpleAttestationResolver(Collection<MetadataObject> collection, TrustResolver trustResolver) throws CertificateException {
        this(collection, trustResolver, DEFAULT_DEVICE_MATCHERS);
    }

    private Optional<MetadataObject> lookupTrustAnchor(X509Certificate x509Certificate) {
        return Optional.ofNullable(this.metadata.get(x509Certificate));
    }

    @Override // com.yubico.webauthn.attestation.AttestationResolver
    public Optional<Attestation> resolve(X509Certificate x509Certificate, List<X509Certificate> list) {
        return this.trustResolver.resolveTrustAnchor(x509Certificate, list).flatMap(this::lookupTrustAnchor).map(metadataObject -> {
            ImmutableMap immutableMap = null;
            int i = 0;
            String identifier = metadataObject.getIdentifier();
            Map filterValues = Maps.filterValues(metadataObject.getVendorInfo(), (v0) -> {
                return Objects.nonNull(v0);
            });
            Iterator<JsonNode> it = metadataObject.getDevices().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                JsonNode next = it.next();
                if (deviceMatches(next.get(SELECTORS), x509Certificate)) {
                    JsonNode jsonNode = next.get(TRANSPORTS);
                    if (jsonNode != null) {
                        i = 0 | jsonNode.asInt(0);
                    }
                    ImmutableMap.Builder builder = ImmutableMap.builder();
                    Iterator it2 = Lists.newArrayList(next.fields()).iterator();
                    while (it2.hasNext()) {
                        Map.Entry entry = (Map.Entry) it2.next();
                        JsonNode jsonNode2 = (JsonNode) entry.getValue();
                        if (jsonNode2.isTextual()) {
                            builder.put((String) entry.getKey(), jsonNode2.asText());
                        }
                    }
                    immutableMap = builder.build();
                }
            }
            return Attestation.builder().trusted(true).metadataIdentifier(Optional.ofNullable(identifier)).vendorProperties(Optional.of(filterValues)).deviceProperties(Optional.ofNullable(immutableMap)).transports(OptionalUtil.zipWith(getTransports(x509Certificate), Optional.of(Integer.valueOf(i)).filter(num -> {
                return num.intValue() != 0;
            }), (num2, num3) -> {
                return Integer.valueOf(num2.intValue() | num3.intValue());
            }).map((v0) -> {
                return Transport.fromInt(v0);
            })).build();
        });
    }

    private boolean deviceMatches(JsonNode jsonNode, @NonNull X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new NullPointerException("attestationCertificate is marked non-null but is null");
        }
        if (jsonNode == null || jsonNode.isNull()) {
            return true;
        }
        Iterator it = jsonNode.iterator();
        while (it.hasNext()) {
            JsonNode jsonNode2 = (JsonNode) it.next();
            DeviceMatcher deviceMatcher = this.matchers.get(jsonNode2.get(SELECTOR_TYPE).asText());
            if (deviceMatcher != null && deviceMatcher.matches(x509Certificate, jsonNode2.get(SELECTOR_PARAMETERS))) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30, types: [int] */
    /* JADX WARN: Type inference failed for: r10v6, types: [int] */
    private static Optional<Integer> getTransports(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(TRANSPORTS_EXT_OID);
        if (extensionValue == null) {
            return Optional.empty();
        }
        ExceptionUtil.assure(extensionValue.length >= 4, "Transports extension value must be at least 4 bytes (2 bytes octet string header, 2 bytes bit string header), was: %d", new Object[]{Integer.valueOf(extensionValue.length)});
        byte b = 255;
        for (byte b2 = 0; b2 < extensionValue[3]; b2++) {
            b <<= 1;
        }
        int length = extensionValue.length - 1;
        extensionValue[length] = (byte) (extensionValue[length] & b);
        int i = 0;
        for (int length2 = extensionValue.length - 1; length2 >= 5; length2--) {
            byte b3 = extensionValue[length2];
            for (int i2 = 0; i2 < 8; i2++) {
                i = (i << 1) | (b3 & 1);
                b3 = (byte) (b3 >> 1);
            }
        }
        return Optional.of(Integer.valueOf(i));
    }

    @Override // com.yubico.webauthn.attestation.AttestationResolver
    public Attestation untrustedFromCertificate(X509Certificate x509Certificate) {
        return Attestation.builder().trusted(false).transports(getTransports(x509Certificate).map((v0) -> {
            return Transport.fromInt(v0);
        })).build();
    }
}
