package io.vertx.ext.auth.webauthn.impl.metadata;

import io.vertx.core.buffer.Buffer;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.shareddata.Shareable;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.time.LocalDate;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:io/vertx/ext/auth/webauthn/impl/metadata/MetaDataEntry.class */
public class MetaDataEntry implements Shareable {
    private static final Base64.Decoder BASE64DEC = Base64.getDecoder();
    private static final List<String> INVALID_STATUS = Arrays.asList("USER_VERIFICATION_BYPASS", "ATTESTATION_KEY_COMPROMISE", "USER_KEY_REMOTE_COMPROMISE", "USER_KEY_PHYSICAL_COMPROMISE", "REVOKED");
    private final JsonObject entry;
    private final JsonObject statement;
    private final String error;

    public MetaDataEntry(JsonObject jsonObject) {
        if (jsonObject == null) {
            throw new IllegalArgumentException("MetaData statement cannot be null");
        }
        this.entry = null;
        this.statement = jsonObject;
        this.error = null;
    }

    public MetaDataEntry(JsonObject jsonObject, byte[] bArr, String str) throws NoSuchAlgorithmException {
        if (jsonObject == null || bArr == null) {
            throw new IllegalArgumentException("toc and statement cannot be null");
        }
        this.entry = jsonObject;
        this.statement = new JsonObject(Buffer.buffer(BASE64DEC.decode(bArr)));
        Iterator it = this.entry.getJsonArray("statusReports").iterator();
        while (it.hasNext()) {
            JsonObject jsonObject2 = (JsonObject) it.next();
            jsonObject2.put("effectiveDate", LocalDate.parse(jsonObject2.getString("effectiveDate"), DateTimeFormatter.ISO_DATE).atStartOfDay().toInstant(ZoneOffset.UTC));
        }
        if (str != null) {
            this.error = str;
        } else if (MessageDigest.isEqual(MessageDigest.getInstance("SHA-256").digest(bArr), this.entry.getBinary("hash"))) {
            this.error = null;
        } else {
            this.error = "MDS entry hash did not match corresponding hash in MDS TOC";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkValid() throws MetaDataException {
        if (this.error != null) {
            throw new MetaDataException(this.error);
        }
        if (this.entry != null) {
            Instant now = Instant.now();
            JsonArray jsonArray = this.entry.getJsonArray("statusReports");
            for (int size = jsonArray.size() - 1; size >= 0; size--) {
                JsonObject jsonObject = jsonArray.getJsonObject(size);
                if (jsonObject.getInstant("effectiveDate").isBefore(now)) {
                    if (INVALID_STATUS.contains(jsonObject.getString("status"))) {
                        throw new MetaDataException("Invalid MDS status: " + jsonObject.getString("status"));
                    }
                    return;
                }
            }
            throw new MetaDataException("Invalid MDS statusReports");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JsonObject statement() {
        return this.statement;
    }
}
