package io.vertx.ext.auth.webauthn.impl.metadata;

import io.vertx.core.Vertx;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.shareddata.LocalMap;
import io.vertx.ext.auth.impl.CertificateHelper;
import io.vertx.ext.auth.impl.jose.JWS;
import io.vertx.ext.auth.webauthn.PublicKeyCredential;
import io.vertx.ext.auth.webauthn.WebAuthnOptions;
import io.vertx.ext.auth.webauthn.impl.ASN1;
import io.vertx.ext.auth.webauthn.impl.attestation.AttestationException;
import io.vertx.ext.auth.webauthn.impl.attestation.TPMAttestation;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;

/* loaded from: input_file:io/vertx/ext/auth/webauthn/impl/metadata/MetaData.class */
public final class MetaData {
    public static final int ALG_SIGN_SECP256R1_ECDSA_SHA256_RAW = 1;
    public static final int ALG_SIGN_SECP256R1_ECDSA_SHA256_DER = 2;
    public static final int ALG_SIGN_RSASSA_PSS_SHA256_RAW = 3;
    public static final int ALG_SIGN_RSASSA_PSS_SHA256_DER = 4;
    public static final int ALG_SIGN_SECP256K1_ECDSA_SHA256_RAW = 5;
    public static final int ALG_SIGN_SECP256K1_ECDSA_SHA256_DER = 6;
    public static final int ALG_SIGN_RSASSA_PSS_SHA384_RAW = 10;
    public static final int ALG_SIGN_RSASSA_PSS_SHA512_RAW = 11;
    public static final int ALG_SIGN_RSASSA_PKCSV15_SHA256_RAW = 12;
    public static final int ALG_SIGN_RSASSA_PKCSV15_SHA384_RAW = 13;
    public static final int ALG_SIGN_RSASSA_PKCSV15_SHA512_RAW = 14;
    public static final int ALG_SIGN_RSASSA_PKCSV15_SHA1_RAW = 15;
    public static final int ALG_SIGN_SECP384R1_ECDSA_SHA384_RAW = 16;
    public static final int ALG_SIGN_SECP521R1_ECDSA_SHA512_RAW = 17;
    public static final int ALG_SIGN_ED25519_EDDSA_SHA256_RAW = 18;
    public static final int ATTESTATION_BASIC_FULL = 15879;
    public static final int ATTESTATION_BASIC_SURROGATE = 15880;
    public static final int ATTESTATION_ECDAA = 15881;
    public static final int ATTESTATION_ATTCA = 15882;
    private final LocalMap<String, MetaDataEntry> store;
    private final WebAuthnOptions options;

    public MetaData(Vertx vertx, WebAuthnOptions webAuthnOptions) {
        this.store = vertx.sharedData().getLocalMap(MetaData.class.getName());
        this.options = webAuthnOptions;
    }

    public MetaData clear() {
        this.store.clear();
        return this;
    }

    public int size() {
        return this.store.size();
    }

    public PublicKeyCredential toJOSEAlg(int i) {
        switch (i) {
            case 1:
            case 2:
                return PublicKeyCredential.ES256;
            case 3:
            case 4:
                return PublicKeyCredential.PS256;
            case 5:
            case 6:
                return PublicKeyCredential.ES256K;
            case TPMAttestation.TPM_ALG_MGF1 /* 7 */:
            case TPMAttestation.TPM_ALG_KEYEDHASH /* 8 */:
            case ASN1.REAL /* 9 */:
            default:
                return null;
            case 10:
                return PublicKeyCredential.PS384;
            case 11:
                return PublicKeyCredential.PS512;
            case 12:
                return PublicKeyCredential.RS256;
            case 13:
                return PublicKeyCredential.RS384;
            case ALG_SIGN_RSASSA_PKCSV15_SHA512_RAW /* 14 */:
                return PublicKeyCredential.RS512;
            case ALG_SIGN_RSASSA_PKCSV15_SHA1_RAW /* 15 */:
                return PublicKeyCredential.RS1;
            case 16:
                return PublicKeyCredential.ES384;
            case ALG_SIGN_SECP521R1_ECDSA_SHA512_RAW /* 17 */:
                return PublicKeyCredential.ES512;
            case 18:
                return PublicKeyCredential.EdDSA;
        }
    }

    public JsonObject verifyMetadata(String str, PublicKeyCredential publicKeyCredential, List<X509Certificate> list) throws MetaDataException, AttestationException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateException {
        return verifyMetadata(str, publicKeyCredential, list, null, true);
    }

    public JsonObject verifyMetadata(String str, PublicKeyCredential publicKeyCredential, List<X509Certificate> list, boolean z) throws MetaDataException, AttestationException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateException {
        return verifyMetadata(str, publicKeyCredential, list, null, z);
    }

    public JsonObject verifyMetadata(String str, PublicKeyCredential publicKeyCredential, List<X509Certificate> list, X509Certificate x509Certificate) throws MetaDataException, AttestationException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateException {
        return verifyMetadata(str, publicKeyCredential, list, x509Certificate, true);
    }

    public JsonObject verifyMetadata(String str, PublicKeyCredential publicKeyCredential, List<X509Certificate> list, X509Certificate x509Certificate, boolean z) throws MetaDataException, AttestationException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateException {
        MetaDataEntry metaDataEntry = (MetaDataEntry) this.store.get(str);
        if (metaDataEntry == null) {
            if (list == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList(list);
            if (x509Certificate != null) {
                arrayList.add(x509Certificate);
            }
            CertificateHelper.checkValidity(arrayList, z, this.options.getRootCrls());
            return null;
        }
        metaDataEntry.checkValid();
        if (publicKeyCredential != toJOSEAlg(metaDataEntry.statement().getInteger("authenticationAlgorithm").intValue())) {
            throw new AttestationException("Attestation alg did not match metadata auth alg");
        }
        if (list != null) {
            ArrayList arrayList2 = new ArrayList(list);
            JsonArray jsonArray = metaDataEntry.statement().getJsonArray("attestationRootCertificates");
            if (jsonArray == null || jsonArray.size() == 0) {
                if (x509Certificate != null) {
                    arrayList2.add(x509Certificate);
                }
                CertificateHelper.checkValidity(arrayList2, z, this.options.getRootCrls());
            } else {
                boolean z2 = false;
                for (int i = 0; i < jsonArray.size(); i++) {
                    try {
                        arrayList2.add(JWS.parseX5c(jsonArray.getString(i)));
                        CertificateHelper.checkValidity(arrayList2, this.options.getRootCrls());
                        z2 = true;
                        break;
                    } catch (CertificateException e) {
                        arrayList2.remove(arrayList2.size() - 1);
                    }
                }
                if (!z2) {
                    throw new AttestationException("Certificate Chain not valid for metadata");
                }
            }
        }
        return metaDataEntry.statement();
    }

    public MetaData loadMetadata(MetaDataEntry metaDataEntry) {
        JsonObject statement = metaDataEntry.statement();
        String string = statement.getString("aaguid");
        if ("fido2".equals(statement.getString("protocolFamily"))) {
            if (string == null) {
                throw new IllegalArgumentException("Statement doesn't contain {aaguid}");
            }
            this.store.put(string, metaDataEntry);
        }
        return this;
    }
}
