package com.webauthn4j.test.authenticator.webauthn;

import com.webauthn4j.data.attestation.authenticator.COSEKey;
import com.webauthn4j.data.attestation.authenticator.EC2COSEKey;
import com.webauthn4j.data.attestation.statement.AttestationCertificatePath;
import com.webauthn4j.data.attestation.statement.AttestationStatement;
import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier;
import com.webauthn4j.data.attestation.statement.ECCUnique;
import com.webauthn4j.data.attestation.statement.TPMAObject;
import com.webauthn4j.data.attestation.statement.TPMAttestationStatement;
import com.webauthn4j.data.attestation.statement.TPMEccCurve;
import com.webauthn4j.data.attestation.statement.TPMGenerated;
import com.webauthn4j.data.attestation.statement.TPMIAlgHash;
import com.webauthn4j.data.attestation.statement.TPMIAlgPublic;
import com.webauthn4j.data.attestation.statement.TPMISTAttest;
import com.webauthn4j.data.attestation.statement.TPMSAttest;
import com.webauthn4j.data.attestation.statement.TPMSCertifyInfo;
import com.webauthn4j.data.attestation.statement.TPMSClockInfo;
import com.webauthn4j.data.attestation.statement.TPMSECCParms;
import com.webauthn4j.data.attestation.statement.TPMTHA;
import com.webauthn4j.data.attestation.statement.TPMTPublic;
import com.webauthn4j.test.AttestationCertificateBuilder;
import com.webauthn4j.test.TestDataUtil;
import com.webauthn4j.test.authenticator.webauthn.exception.WebAuthnModelException;
import com.webauthn4j.test.client.RegistrationEmulationOption;
import com.webauthn4j.util.Base64UrlUtil;
import com.webauthn4j.util.MessageDigestUtil;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.KeyPurposeId;

/* loaded from: input_file:com/webauthn4j/test/authenticator/webauthn/TPMAuthenticator.class */
public class TPMAuthenticator extends WebAuthnModelAuthenticator {
    @Override // com.webauthn4j.test.authenticator.webauthn.WebAuthnModelAuthenticator
    public AttestationStatement createAttestationStatement(AttestationStatementRequest attestationStatementRequest, RegistrationEmulationOption registrationEmulationOption) {
        COSEAlgorithmIdentifier cOSEAlgorithmIdentifier = COSEAlgorithmIdentifier.ES256;
        TPMTPublic createTPMTPublic = createTPMTPublic(attestationStatementRequest.getCredentialKeyPair().getPublicKey());
        TPMSAttest createTPMSAttest = createTPMSAttest(attestationStatementRequest, cOSEAlgorithmIdentifier, createTPMTPublic);
        return new TPMAttestationStatement(cOSEAlgorithmIdentifier, new AttestationCertificatePath(getAttestationCertificate(attestationStatementRequest, registrationEmulationOption.getAttestationOption() == null ? new TPMAttestationOption() : registrationEmulationOption.getAttestationOption()), getCACertificatePath()), registrationEmulationOption.isSignatureOverrideEnabled() ? registrationEmulationOption.getSignature() : TestDataUtil.calculateSignature((COSEKey) EC2COSEKey.create((ECPrivateKey) getAttestationKeyPair().getPrivate(), cOSEAlgorithmIdentifier), createTPMSAttest.getBytes()), createTPMSAttest, createTPMTPublic);
    }

    @Override // com.webauthn4j.test.authenticator.webauthn.WebAuthnModelAuthenticator
    public X509Certificate createAttestationCertificate(AttestationStatementRequest attestationStatementRequest, AttestationOption attestationOption) {
        AttestationCertificateBuilder attestationCertificateBuilder = new AttestationCertificateBuilder(getAttestationIssuerCertificate(), new X500Principal(attestationOption.getSubjectDN()), getAttestationKeyPair().getPublic());
        attestationCertificateBuilder.addSubjectAlternativeNamesExtension("2.23.133.2.3=#0c0b69643a3030303230303030,2.23.133.2.2=#0c03535054,2.23.133.2.1=#0c0b69643a3439344535343433");
        if (attestationOption.isCAFlagInBasicConstraints()) {
            attestationCertificateBuilder.addBasicConstraintsExtension();
        }
        if ((attestationOption instanceof TPMAttestationOption) && ((TPMAttestationOption) attestationOption).isTcgKpAIKCertificateFlagInExtendedKeyUsage()) {
            attestationCertificateBuilder.addExtendedKeyUsageExtension(KeyPurposeId.getInstance(new ASN1ObjectIdentifier("2.23.133.8.3")));
        }
        return attestationCertificateBuilder.build(getAttestationIssuerPrivateKey());
    }

    public X509Certificate createAttestationCertificate(AttestationStatementRequest attestationStatementRequest) {
        return createAttestationCertificate(attestationStatementRequest, new TPMAttestationOption());
    }

    private TPMSAttest createTPMSAttest(AttestationStatementRequest attestationStatementRequest, COSEAlgorithmIdentifier cOSEAlgorithmIdentifier, TPMTPublic tPMTPublic) {
        try {
            return new TPMSAttest(TPMGenerated.TPM_GENERATED_VALUE, TPMISTAttest.TPM_ST_ATTEST_CERTIFY, Base64UrlUtil.decode("AAu8WfTf2aakLcO4Zq_y3w0Zgmu_AUtnqwrW67F2MGuABw"), cOSEAlgorithmIdentifier.toSignatureAlgorithm().getMessageDigestAlgorithm().createMessageDigestObject().digest(attestationStatementRequest.getSignedData()), new TPMSClockInfo(BigInteger.valueOf(7270451399L), 1749088739L, 3639844613L, true), new BigInteger("12241000001210926099"), new TPMSCertifyInfo(new TPMTHA(TPMIAlgHash.TPM_ALG_SHA256, MessageDigestUtil.createSHA256().digest(tPMTPublic.getBytes())), new TPMTHA(TPMIAlgHash.TPM_ALG_SHA256, Base64UrlUtil.decode("AVI0eQ_AAZjNvrhUEMK2q4wxuwIFOnHIDF0Qljhf47Q"))));
        } catch (IllegalArgumentException e) {
            throw new WebAuthnModelException("alg is not signature algorithm", e);
        }
    }

    private TPMTPublic createTPMTPublic(PublicKey publicKey) {
        TPMIAlgPublic tPMIAlgPublic = null;
        TPMIAlgHash tPMIAlgHash = TPMIAlgHash.TPM_ALG_SHA256;
        TPMAObject tPMAObject = new TPMAObject(394354);
        byte[] decode = Base64UrlUtil.decode("nf_L82w4OuaZ-5ho3G3LidcVOIS-KAOSLBJBWL-tIq4");
        ECCUnique eCCUnique = null;
        TPMSECCParms tPMSECCParms = null;
        if (publicKey instanceof ECPublicKey) {
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            tPMSECCParms = new TPMSECCParms(new byte[2], new byte[2], TPMEccCurve.create(eCPublicKey.getParams().getCurve()), new byte[2]);
            tPMIAlgPublic = TPMIAlgPublic.TPM_ALG_ECC;
            ECPoint w = eCPublicKey.getW();
            eCCUnique = new ECCUnique(w.getAffineX().toByteArray(), w.getAffineY().toByteArray());
        }
        return new TPMTPublic(tPMIAlgPublic, tPMIAlgHash, tPMAObject, decode, tPMSECCParms, eCCUnique);
    }
}
