package com.webauthn4j.async.verifier;

import com.webauthn4j.authenticator.Authenticator;
import com.webauthn4j.credential.CoreCredentialRecord;
import com.webauthn4j.data.AuthenticationData;
import com.webauthn4j.data.AuthenticationParameters;
import com.webauthn4j.data.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.data.client.ClientDataType;
import com.webauthn4j.data.client.CollectedClientData;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionsAuthenticatorOutputs;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs;
import com.webauthn4j.server.ServerProperty;
import com.webauthn4j.util.AssertUtil;
import com.webauthn4j.verifier.AuthenticationObject;
import com.webauthn4j.verifier.exception.ConstraintViolationException;
import com.webauthn4j.verifier.exception.InconsistentClientDataTypeException;
import com.webauthn4j.verifier.internal.AssertionSignatureVerifier;
import com.webauthn4j.verifier.internal.BEBSFlagsVerifier;
import com.webauthn4j.verifier.internal.BEFlagVerifier;
import com.webauthn4j.verifier.internal.BeanAssertUtil;
import com.webauthn4j.verifier.internal.ChallengeVerifier;
import com.webauthn4j.verifier.internal.CredentialIdVerifier;
import com.webauthn4j.verifier.internal.CrossOriginFlagVerifier;
import com.webauthn4j.verifier.internal.RpIdHashVerifier;
import com.webauthn4j.verifier.internal.TokenBindingVerifier;
import com.webauthn4j.verifier.internal.UPUVFlagsVerifier;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/webauthn4j/async/verifier/AuthenticationDataAsyncVerifier.class */
public class AuthenticationDataAsyncVerifier {
    private final AssertionSignatureVerifier assertionSignatureVerifier;
    private final ClientExtensionAsyncVerifier clientExtensionAsyncVerifier;
    private final AuthenticatorExtensionAsyncVerifier authenticatorExtensionAsyncVerifier;
    private final List<CustomAuthenticationAsyncVerifier> customAuthenticationAsyncVerifiers;
    private OriginAsyncVerifier originAsyncVerifier;
    private DefaultMaliciousCounterValueAsyncHandler maliciousCounterValueAsyncHandler;
    private boolean crossOriginAllowed;

    /* loaded from: input_file:com/webauthn4j/async/verifier/AuthenticationDataAsyncVerifier$AuthenticationDataVerification.class */
    private class AuthenticationDataVerification {
        private final AuthenticationData authenticationData;
        private final AuthenticationParameters authenticationParameters;
        private AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData;
        private AuthenticationObject authenticationObject;
        private CollectedClientData collectedClientData;
        private ServerProperty serverProperty;
        private Authenticator authenticator;

        private AuthenticationDataVerification(AuthenticationData authenticationData, AuthenticationParameters authenticationParameters) {
            this.authenticationData = authenticationData;
            this.authenticationParameters = authenticationParameters;
        }

        public CompletionStage<AuthenticationData> execute() {
            return execStep1toStep14().thenCompose(r3 -> {
                return execStep15toStep20();
            }).thenCompose(r32 -> {
                return execStep21();
            }).thenCompose(r33 -> {
                return execStep22toStep24();
            }).thenCompose(r34 -> {
                return execStep25toStep27();
            }).thenApply(r35 -> {
                return this.authenticationData;
            });
        }

        private CompletionStage<Void> execStep1toStep14() {
            BeanAssertUtil.validate(this.authenticationData);
            AssertUtil.notNull(this.authenticationParameters, "authenticationParameters must not be null");
            AuthenticationExtensionsClientOutputs clientExtensions = this.authenticationData.getClientExtensions();
            byte[] credentialId = this.authenticationData.getCredentialId();
            CredentialIdVerifier.verify(credentialId, this.authenticationParameters.getAllowCredentials());
            byte[] collectedClientDataBytes = this.authenticationData.getCollectedClientDataBytes();
            byte[] authenticatorDataBytes = this.authenticationData.getAuthenticatorDataBytes();
            this.collectedClientData = this.authenticationData.getCollectedClientData();
            this.authenticatorData = this.authenticationData.getAuthenticatorData();
            this.serverProperty = this.authenticationParameters.getServerProperty();
            BeanAssertUtil.validate(this.collectedClientData);
            BeanAssertUtil.validate(this.authenticatorData);
            if (this.authenticatorData.getAttestedCredentialData() != null) {
                throw new ConstraintViolationException("attestedCredentialData must be null on authentication");
            }
            this.authenticator = this.authenticationParameters.getAuthenticator();
            this.authenticationObject = new AuthenticationObject(credentialId, this.authenticatorData, authenticatorDataBytes, this.collectedClientData, collectedClientDataBytes, clientExtensions, this.serverProperty, this.authenticator);
            if (!Objects.equals(this.collectedClientData.getType(), ClientDataType.WEBAUTHN_GET)) {
                throw new InconsistentClientDataTypeException("ClientData.type must be 'get' on authentication, but it isn't.");
            }
            ChallengeVerifier.verify(this.collectedClientData, this.serverProperty);
            return AuthenticationDataAsyncVerifier.this.originAsyncVerifier.verify(this.authenticationObject);
        }

        private CompletionStage<Void> execStep15toStep20() {
            CrossOriginFlagVerifier.verify(this.collectedClientData, AuthenticationDataAsyncVerifier.this.crossOriginAllowed);
            TokenBindingVerifier.verify(this.collectedClientData.getTokenBinding(), this.serverProperty.getTokenBindingId());
            RpIdHashVerifier.verify(this.authenticatorData.getRpIdHash(), this.serverProperty);
            UPUVFlagsVerifier.verify(this.authenticatorData, this.authenticationParameters.isUserPresenceRequired(), this.authenticationParameters.isUserVerificationRequired());
            BEBSFlagsVerifier.verify(this.authenticatorData);
            BEFlagVerifier.verify(this.authenticator, this.authenticatorData);
            return CompletableFuture.completedFuture(null);
        }

        private CompletionStage<Void> execStep21() {
            AuthenticationExtensionsClientOutputs clientExtensions = this.authenticationData.getClientExtensions();
            AuthenticationExtensionsAuthenticatorOutputs extensions = this.authenticatorData.getExtensions();
            return AuthenticationDataAsyncVerifier.this.clientExtensionAsyncVerifier.verify(clientExtensions).thenCompose(r5 -> {
                return AuthenticationDataAsyncVerifier.this.authenticatorExtensionAsyncVerifier.verify(extensions);
            });
        }

        private CompletionStage<Void> execStep22toStep24() {
            AuthenticationDataAsyncVerifier.this.assertionSignatureVerifier.verify(this.authenticationData, this.authenticator.getAttestedCredentialData().getCOSEKey());
            long signCount = this.authenticatorData.getSignCount();
            long counter = this.authenticator.getCounter();
            if ((signCount > 0 || counter > 0) && signCount <= counter) {
                return AuthenticationDataAsyncVerifier.this.maliciousCounterValueAsyncHandler.maliciousCounterValueDetected(this.authenticationObject);
            }
            return CompletableFuture.completedFuture(null);
        }

        private CompletionStage<Void> execStep25toStep27() {
            AuthenticationDataAsyncVerifier.updateRecord(this.authenticationParameters.getAuthenticator(), this.authenticatorData);
            Iterator<CustomAuthenticationAsyncVerifier> it = AuthenticationDataAsyncVerifier.this.customAuthenticationAsyncVerifiers.iterator();
            while (it.hasNext()) {
                it.next().verify(this.authenticationObject);
            }
            Iterator<CustomAuthenticationAsyncVerifier> it2 = AuthenticationDataAsyncVerifier.this.customAuthenticationAsyncVerifiers.iterator();
            CompletableFuture<Void> completedFuture = CompletableFuture.completedFuture(null);
            while (true) {
                CompletableFuture<Void> completableFuture = completedFuture;
                if (!it2.hasNext()) {
                    return CompletableFuture.completedFuture(null);
                }
                CustomAuthenticationAsyncVerifier next = it2.next();
                completedFuture = completableFuture.thenAccept(r5 -> {
                    next.verify(this.authenticationObject);
                });
            }
        }
    }

    public AuthenticationDataAsyncVerifier(@NotNull List<CustomAuthenticationAsyncVerifier> list) {
        this.assertionSignatureVerifier = new AssertionSignatureVerifier();
        this.clientExtensionAsyncVerifier = new ClientExtensionAsyncVerifier();
        this.authenticatorExtensionAsyncVerifier = new AuthenticatorExtensionAsyncVerifier();
        this.originAsyncVerifier = new OriginAsyncVerifierImpl();
        this.maliciousCounterValueAsyncHandler = new DefaultMaliciousCounterValueAsyncHandler();
        this.crossOriginAllowed = false;
        AssertUtil.notNull(list, "customAuthenticationAsyncVerifiers must not be null");
        this.customAuthenticationAsyncVerifiers = list;
    }

    public AuthenticationDataAsyncVerifier() {
        this.assertionSignatureVerifier = new AssertionSignatureVerifier();
        this.clientExtensionAsyncVerifier = new ClientExtensionAsyncVerifier();
        this.authenticatorExtensionAsyncVerifier = new AuthenticatorExtensionAsyncVerifier();
        this.originAsyncVerifier = new OriginAsyncVerifierImpl();
        this.maliciousCounterValueAsyncHandler = new DefaultMaliciousCounterValueAsyncHandler();
        this.crossOriginAllowed = false;
        this.customAuthenticationAsyncVerifiers = new ArrayList();
    }

    public CompletionStage<AuthenticationData> verify(AuthenticationData authenticationData, AuthenticationParameters authenticationParameters) {
        return new AuthenticationDataVerification(authenticationData, authenticationParameters).execute();
    }

    static void updateRecord(Authenticator authenticator, AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData) {
        authenticator.setCounter(authenticatorData.getSignCount());
        if (authenticator instanceof CoreCredentialRecord) {
            CoreCredentialRecord coreCredentialRecord = (CoreCredentialRecord) authenticator;
            coreCredentialRecord.setBackedUp(authenticatorData.isFlagBS());
            Boolean isUvInitialized = coreCredentialRecord.isUvInitialized();
            if (Objects.isNull(isUvInitialized) || Boolean.FALSE.equals(isUvInitialized)) {
                coreCredentialRecord.setUvInitialized(authenticatorData.isFlagUV());
            }
        }
    }

    public DefaultMaliciousCounterValueAsyncHandler getMaliciousCounterValueAsyncHandler() {
        return this.maliciousCounterValueAsyncHandler;
    }

    public void setMaliciousCounterValueAsyncHandler(DefaultMaliciousCounterValueAsyncHandler defaultMaliciousCounterValueAsyncHandler) {
        this.maliciousCounterValueAsyncHandler = defaultMaliciousCounterValueAsyncHandler;
    }

    public OriginAsyncVerifier getOriginAsyncVerifier() {
        return this.originAsyncVerifier;
    }

    public void setOriginAsyncVerifier(OriginAsyncVerifier originAsyncVerifier) {
        this.originAsyncVerifier = originAsyncVerifier;
    }

    public List<CustomAuthenticationAsyncVerifier> getCustomAuthenticationAsyncVerifiers() {
        return this.customAuthenticationAsyncVerifiers;
    }

    public boolean isCrossOriginAllowed() {
        return this.crossOriginAllowed;
    }

    public void setCrossOriginAllowed(boolean z) {
        this.crossOriginAllowed = z;
    }
}
