package com.webauthn4j.ctap.authenticator.extension;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.webauthn4j.converter.util.JsonConverter;
import com.webauthn4j.converter.util.ObjectConverter;
import com.webauthn4j.ctap.authenticator.UserCredentialBuilder;
import com.webauthn4j.ctap.authenticator.execution.CtapCommandExecutionException;
import com.webauthn4j.ctap.core.data.AuthenticatorGetAssertionRequest;
import com.webauthn4j.ctap.core.data.CtapStatusCode;
import com.webauthn4j.ctap.core.util.internal.CipherUtil;
import com.webauthn4j.data.attestation.authenticator.COSEKey;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorInput;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionsAuthenticatorInputs;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionsAuthenticatorOutputs;
import com.webauthn4j.data.extension.authenticator.HMACGetSecretAuthenticatorInput;
import com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorInput;
import com.webauthn4j.util.MACUtil;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.spec.SecretKeySpec;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: HMACSecretExtensionProcessor.kt */
@Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018�� \u001d2\u00020\u00012\u00020\u0002:\u0002\u001d\u001eB\u0007¢\u0006\u0004\b\u0003\u0010\u0004J \u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0016J\u0018\u0010\u0011\u001a\u00020\u00122\u000e\u0010\u0013\u001a\n\u0012\u0004\u0012\u00020\u0015\u0018\u00010\u0014H\u0016J\u0018\u0010\u0016\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u0019H\u0016J\u0018\u0010\u001a\u001a\u00020\u00122\u000e\u0010\u001b\u001a\n\u0012\u0004\u0012\u00020\u001c\u0018\u00010\u0014H\u0016R\u0014\u0010\u0005\u001a\u00020\u00068VX\u0096\u0004¢\u0006\u0006\u001a\u0004\b\u0007\u0010\b¨\u0006\u001f"}, d2 = {"Lcom/webauthn4j/ctap/authenticator/extension/HMACSecretExtensionProcessor;", "Lcom/webauthn4j/ctap/authenticator/extension/RegistrationExtensionProcessor;", "Lcom/webauthn4j/ctap/authenticator/extension/AuthenticationExtensionProcessor;", "<init>", "()V", "extensionId", "", "getExtensionId", "()Ljava/lang/String;", "processRegistrationExtension", "", "context", "Lcom/webauthn4j/ctap/authenticator/extension/RegistrationExtensionContext;", "userCredentialBuilder", "Lcom/webauthn4j/ctap/authenticator/UserCredentialBuilder;", "extensionOutputsBuilder", "Lcom/webauthn4j/data/extension/authenticator/AuthenticationExtensionsAuthenticatorOutputs$BuilderForRegistration;", "supportsRegistrationExtension", "", "extension", "Lcom/webauthn4j/data/extension/authenticator/AuthenticationExtensionsAuthenticatorInputs;", "Lcom/webauthn4j/data/extension/authenticator/RegistrationExtensionAuthenticatorInput;", "processAuthenticationExtension", "Lcom/webauthn4j/ctap/authenticator/extension/AuthenticationExtensionContext;", "outputsBuilder", "Lcom/webauthn4j/data/extension/authenticator/AuthenticationExtensionsAuthenticatorOutputs$BuilderForAuthentication;", "supportsAuthenticationExtension", "extensions", "Lcom/webauthn4j/data/extension/authenticator/AuthenticationExtensionAuthenticatorInput;", "Companion", "HMACSecretUserDetails", "webauthn4j-ctap-authenticator"})
/* loaded from: input_file:com/webauthn4j/ctap/authenticator/extension/HMACSecretExtensionProcessor.class */
public final class HMACSecretExtensionProcessor implements RegistrationExtensionProcessor, AuthenticationExtensionProcessor {

    @NotNull
    private static final String DETAILS_ID_HMAC_SECRET_EXTENSION = "unifidokey.hmac-secret-extension.secret";

    @NotNull
    private static final JsonConverter jsonConverter;

    @NotNull
    private static final SecureRandom secureRandom;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final byte[] IV_ZERO = new byte[16];

    /* compiled from: HMACSecretExtensionProcessor.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0012\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u0013\u0010\b\u001a\u00070\t¢\u0006\u0002\b\nX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��¨\u0006\r"}, d2 = {"Lcom/webauthn4j/ctap/authenticator/extension/HMACSecretExtensionProcessor$Companion;", "", "<init>", "()V", "DETAILS_ID_HMAC_SECRET_EXTENSION", "", "IV_ZERO", "", "jsonConverter", "Lcom/webauthn4j/converter/util/JsonConverter;", "Lorg/jetbrains/annotations/NotNull;", "secureRandom", "Ljava/security/SecureRandom;", "webauthn4j-ctap-authenticator"})
    /* loaded from: input_file:com/webauthn4j/ctap/authenticator/extension/HMACSecretExtensionProcessor$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: HMACSecretExtensionProcessor.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"�� \n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u0012\n\u0002\b\u0007\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n��\u0018��2\u00020\u0001B\u001d\b\u0007\u0012\b\b\u0001\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0001\u0010\u0004\u001a\u00020\u0003¢\u0006\u0004\b\u0005\u0010\u0006J\u0013\u0010\n\u001a\u00020\u000b2\b\u0010\f\u001a\u0004\u0018\u00010\u0001H\u0096\u0002J\b\u0010\r\u001a\u00020\u000eH\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0011\u0010\u0004\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\t\u0010\b¨\u0006\u000f"}, d2 = {"Lcom/webauthn4j/ctap/authenticator/extension/HMACSecretExtensionProcessor$HMACSecretUserDetails;", "", "credRandomWithUV", "", "credRandomWithoutUV", "<init>", "([B[B)V", "getCredRandomWithUV", "()[B", "getCredRandomWithoutUV", "equals", "", "other", "hashCode", "", "webauthn4j-ctap-authenticator"})
    /* loaded from: input_file:com/webauthn4j/ctap/authenticator/extension/HMACSecretExtensionProcessor$HMACSecretUserDetails.class */
    public static final class HMACSecretUserDetails {

        @NotNull
        private final byte[] credRandomWithUV;

        @NotNull
        private final byte[] credRandomWithoutUV;

        @JsonCreator
        public HMACSecretUserDetails(@JsonProperty("credRandomWithUV") @NotNull byte[] bArr, @JsonProperty("credRandomWithoutUV") @NotNull byte[] bArr2) {
            Intrinsics.checkNotNullParameter(bArr, "credRandomWithUV");
            Intrinsics.checkNotNullParameter(bArr2, "credRandomWithoutUV");
            this.credRandomWithUV = bArr;
            this.credRandomWithoutUV = bArr2;
        }

        @NotNull
        public final byte[] getCredRandomWithUV() {
            return this.credRandomWithUV;
        }

        @NotNull
        public final byte[] getCredRandomWithoutUV() {
            return this.credRandomWithoutUV;
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            return (obj instanceof HMACSecretUserDetails) && Arrays.equals(this.credRandomWithUV, ((HMACSecretUserDetails) obj).credRandomWithUV) && Arrays.equals(this.credRandomWithoutUV, ((HMACSecretUserDetails) obj).credRandomWithoutUV);
        }

        public int hashCode() {
            return (31 * Arrays.hashCode(this.credRandomWithUV)) + Arrays.hashCode(this.credRandomWithoutUV);
        }
    }

    @Override // com.webauthn4j.ctap.authenticator.extension.ExtensionProcessor
    @NotNull
    public String getExtensionId() {
        return "hmac-secret";
    }

    @Override // com.webauthn4j.ctap.authenticator.extension.RegistrationExtensionProcessor
    public void processRegistrationExtension(@NotNull RegistrationExtensionContext registrationExtensionContext, @NotNull UserCredentialBuilder userCredentialBuilder, @NotNull AuthenticationExtensionsAuthenticatorOutputs.BuilderForRegistration builderForRegistration) {
        Intrinsics.checkNotNullParameter(registrationExtensionContext, "context");
        Intrinsics.checkNotNullParameter(userCredentialBuilder, "userCredentialBuilder");
        Intrinsics.checkNotNullParameter(builderForRegistration, "extensionOutputsBuilder");
        if (!supportsRegistrationExtension(registrationExtensionContext.getMakeCredentialRequest().getExtensions())) {
            throw new IllegalArgumentException("invalid extension");
        }
        AuthenticationExtensionsAuthenticatorInputs extensions = registrationExtensionContext.getMakeCredentialRequest().getExtensions();
        if (extensions != null ? Intrinsics.areEqual(extensions.getHMACCreateSecret(), true) : false) {
            byte[] bArr = new byte[32];
            byte[] bArr2 = new byte[32];
            secureRandom.nextBytes(bArr);
            secureRandom.nextBytes(bArr2);
            String writeValueAsString = jsonConverter.writeValueAsString(new HMACSecretUserDetails(bArr, bArr2));
            Intrinsics.checkNotNullExpressionValue(writeValueAsString, "writeValueAsString(...)");
            userCredentialBuilder.details().entry(DETAILS_ID_HMAC_SECRET_EXTENSION, writeValueAsString);
            builderForRegistration.setHMACCreateSecret(true);
        }
    }

    @Override // com.webauthn4j.ctap.authenticator.extension.RegistrationExtensionProcessor
    public boolean supportsRegistrationExtension(@Nullable AuthenticationExtensionsAuthenticatorInputs<RegistrationExtensionAuthenticatorInput> authenticationExtensionsAuthenticatorInputs) {
        return (authenticationExtensionsAuthenticatorInputs != null ? authenticationExtensionsAuthenticatorInputs.getHMACCreateSecret() : null) != null;
    }

    @Override // com.webauthn4j.ctap.authenticator.extension.AuthenticationExtensionProcessor
    public void processAuthenticationExtension(@NotNull AuthenticationExtensionContext authenticationExtensionContext, @NotNull AuthenticationExtensionsAuthenticatorOutputs.BuilderForAuthentication builderForAuthentication) {
        byte[] credRandomWithoutUV;
        byte[] encryptWithAESCBCNoPadding;
        Intrinsics.checkNotNullParameter(authenticationExtensionContext, "context");
        Intrinsics.checkNotNullParameter(builderForAuthentication, "outputsBuilder");
        if (!supportsAuthenticationExtension(authenticationExtensionContext.getGetAssertionRequest().getExtensions())) {
            throw new IllegalArgumentException("invalid extension");
        }
        AuthenticatorGetAssertionRequest.Options options = authenticationExtensionContext.getGetAssertionRequest().getOptions();
        if (options != null ? Intrinsics.areEqual(options.getUp(), false) : false) {
            throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_UNSUPPORTED_OPTION(), null, 2, null);
        }
        AuthenticationExtensionsAuthenticatorInputs extensions = authenticationExtensionContext.getGetAssertionRequest().getExtensions();
        HMACGetSecretAuthenticatorInput hMACGetSecret = extensions != null ? extensions.getHMACGetSecret() : null;
        Intrinsics.checkNotNull(hMACGetSecret);
        HMACGetSecretAuthenticatorInput hMACGetSecretAuthenticatorInput = hMACGetSecret;
        String str = authenticationExtensionContext.getCredential().getDetails().get(DETAILS_ID_HMAC_SECRET_EXTENSION);
        if (str == null) {
            throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_UNSUPPORTED_OPTION(), null, 2, null);
        }
        Object readValue = jsonConverter.readValue(str, HMACSecretUserDetails.class);
        Intrinsics.checkNotNull(readValue);
        HMACSecretUserDetails hMACSecretUserDetails = (HMACSecretUserDetails) readValue;
        COSEKey keyAgreement = hMACGetSecretAuthenticatorInput.getKeyAgreement();
        Intrinsics.checkNotNullExpressionValue(keyAgreement, "getKeyAgreement(...)");
        byte[] saltEnc = hMACGetSecretAuthenticatorInput.getSaltEnc();
        byte[] saltAuth = hMACGetSecretAuthenticatorInput.getSaltAuth();
        byte[] generateSharedSecret = authenticationExtensionContext.getCtapAuthenticatorSession().getClientPINService().generateSharedSecret(keyAgreement);
        if (!Arrays.equals(MACUtil.calculateHmacSHA256(saltEnc, generateSharedSecret, 16), saltAuth)) {
            throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_INVALID_OPTION(), null, 2, null);
        }
        boolean userVerificationPlan = authenticationExtensionContext.getUserVerificationPlan();
        if (userVerificationPlan) {
            credRandomWithoutUV = hMACSecretUserDetails.getCredRandomWithUV();
        } else {
            if (userVerificationPlan) {
                throw new NoWhenBranchMatchedException();
            }
            credRandomWithoutUV = hMACSecretUserDetails.getCredRandomWithoutUV();
        }
        byte[] bArr = credRandomWithoutUV;
        SecretKeySpec secretKeySpec = new SecretKeySpec(generateSharedSecret, "AES");
        byte[] decryptWithAESCBCNoPadding = CipherUtil.INSTANCE.decryptWithAESCBCNoPadding(saltEnc, secretKeySpec, IV_ZERO);
        switch (decryptWithAESCBCNoPadding.length) {
            case 32:
                encryptWithAESCBCNoPadding = CipherUtil.INSTANCE.encryptWithAESCBCNoPadding(MACUtil.calculateHmacSHA256(decryptWithAESCBCNoPadding, bArr), secretKeySpec, IV_ZERO);
                break;
            case 64:
                byte[] copyOfRange = ArraysKt.copyOfRange(decryptWithAESCBCNoPadding, 0, 32);
                byte[] copyOfRange2 = ArraysKt.copyOfRange(decryptWithAESCBCNoPadding, 32, 64);
                byte[] calculateHmacSHA256 = MACUtil.calculateHmacSHA256(copyOfRange, bArr);
                byte[] calculateHmacSHA2562 = MACUtil.calculateHmacSHA256(copyOfRange2, bArr);
                Intrinsics.checkNotNull(calculateHmacSHA256);
                Intrinsics.checkNotNull(calculateHmacSHA2562);
                encryptWithAESCBCNoPadding = CipherUtil.INSTANCE.encryptWithAESCBCNoPadding(ArraysKt.plus(calculateHmacSHA256, calculateHmacSHA2562), secretKeySpec, IV_ZERO);
                break;
            default:
                throw new CtapCommandExecutionException(CtapStatusCode.Companion.getCTAP2_ERR_INVALID_CBOR(), null, 2, null);
        }
        builderForAuthentication.setHMACGetSecret(encryptWithAESCBCNoPadding);
    }

    @Override // com.webauthn4j.ctap.authenticator.extension.AuthenticationExtensionProcessor
    public boolean supportsAuthenticationExtension(@Nullable AuthenticationExtensionsAuthenticatorInputs<AuthenticationExtensionAuthenticatorInput> authenticationExtensionsAuthenticatorInputs) {
        return (authenticationExtensionsAuthenticatorInputs != null ? authenticationExtensionsAuthenticatorInputs.getHMACGetSecret() : null) != null;
    }

    static {
        JsonConverter jsonConverter2 = new ObjectConverter().getJsonConverter();
        Intrinsics.checkNotNullExpressionValue(jsonConverter2, "getJsonConverter(...)");
        jsonConverter = jsonConverter2;
        secureRandom = new SecureRandom();
    }
}
