package org.openidentityplatform.openam.authentication.modules.webauthn;

import com.webauthn4j.WebAuthnManager;
import com.webauthn4j.authenticator.Authenticator;
import com.webauthn4j.converter.exception.DataConversionException;
import com.webauthn4j.data.AuthenticationData;
import com.webauthn4j.data.AuthenticationParameters;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.data.PublicKeyCredentialDescriptor;
import com.webauthn4j.data.PublicKeyCredentialRequestOptions;
import com.webauthn4j.data.PublicKeyCredentialType;
import com.webauthn4j.data.UserVerificationRequirement;
import com.webauthn4j.data.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.data.client.Origin;
import com.webauthn4j.data.client.challenge.Challenge;
import com.webauthn4j.data.client.challenge.DefaultChallenge;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs;
import com.webauthn4j.server.ServerProperty;
import com.webauthn4j.validator.exception.ValidationException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.ArrayUtils;

/* loaded from: input_file:org/openidentityplatform/openam/authentication/modules/webauthn/WebAuthnAuthenticationProcessor.class */
public class WebAuthnAuthenticationProcessor {
    private final WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager();
    private final Challenge challenge;
    long timeout;

    public WebAuthnAuthenticationProcessor(String str, long j) {
        this.challenge = new DefaultChallenge(str.getBytes());
        this.timeout = j;
    }

    public PublicKeyCredentialRequestOptions requestCredentials(HttpServletRequest httpServletRequest, Set<Authenticator> set) {
        String serverName = httpServletRequest.getServerName();
        ArrayList arrayList = new ArrayList();
        for (Authenticator authenticator : set) {
            arrayList.add(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, authenticator.getAttestedCredentialData().getCredentialId(), authenticator.getTransports()));
        }
        return new PublicKeyCredentialRequestOptions(this.challenge, Long.valueOf(this.timeout), serverName, arrayList, UserVerificationRequirement.PREFERRED, (AuthenticationExtensionsClientInputs) null);
    }

    public AuthenticatorData<?> processCredentials(HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4, byte[] bArr, Set<Authenticator> set) {
        byte[] decodeFromUrlSafeString = Base64Utils.decodeFromUrlSafeString(str);
        byte[] decodeFromUrlSafeString2 = Base64Utils.decodeFromUrlSafeString(str3);
        byte[] decodeFromUrlSafeString3 = Base64Utils.decodeFromUrlSafeString(str2);
        byte[] decodeFromUrlSafeString4 = Base64Utils.decodeFromUrlSafeString(str4);
        Authenticator authenticator = null;
        Iterator<Authenticator> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Authenticator next = it.next();
            if (ArrayUtils.isEquals(next.getAttestedCredentialData().getCredentialId(), decodeFromUrlSafeString)) {
                authenticator = next;
                break;
            }
        }
        if (authenticator == null) {
            return null;
        }
        AuthenticationParameters authenticationParameters = new AuthenticationParameters(new ServerProperty(new Origin(httpServletRequest.getHeader("Origin")), httpServletRequest.getServerName(), this.challenge, (byte[]) null), set.stream().filter(authenticator2 -> {
            return Objects.deepEquals(authenticator2.getAttestedCredentialData().getCredentialId(), decodeFromUrlSafeString);
        }).findFirst().orElse(null), (List) null, false, true);
        try {
            AuthenticationData parse = this.webAuthnManager.parse(new AuthenticationRequest(decodeFromUrlSafeString, bArr, decodeFromUrlSafeString3, decodeFromUrlSafeString2, (String) null, decodeFromUrlSafeString4));
            try {
                this.webAuthnManager.validate(parse, authenticationParameters);
                return parse.getAuthenticatorData();
            } catch (ValidationException e) {
                throw e;
            }
        } catch (DataConversionException e2) {
            throw e2;
        }
    }
}
