package io.vertx.ext.auth.webauthn4j.impl;

import com.webauthn4j.async.WebAuthnAsyncManager;
import com.webauthn4j.async.anchor.KeyStoreTrustAnchorAsyncRepository;
import com.webauthn4j.async.metadata.FidoMDS3MetadataBLOBAsyncProvider;
import com.webauthn4j.async.metadata.MetadataBLOBAsyncProvider;
import com.webauthn4j.async.metadata.anchor.MetadataBLOBBasedTrustAnchorAsyncRepository;
import com.webauthn4j.async.verifier.attestation.statement.androidkey.AndroidKeyAttestationStatementAsyncVerifier;
import com.webauthn4j.async.verifier.attestation.statement.androidsafetynet.AndroidSafetyNetAttestationStatementAsyncVerifier;
import com.webauthn4j.async.verifier.attestation.statement.apple.AppleAnonymousAttestationStatementAsyncVerifier;
import com.webauthn4j.async.verifier.attestation.statement.packed.PackedAttestationStatementAsyncVerifier;
import com.webauthn4j.async.verifier.attestation.statement.tpm.TPMAttestationStatementAsyncVerifier;
import com.webauthn4j.async.verifier.attestation.statement.u2f.FIDOU2FAttestationStatementAsyncVerifier;
import com.webauthn4j.async.verifier.attestation.trustworthiness.certpath.DefaultCertPathTrustworthinessAsyncVerifier;
import com.webauthn4j.async.verifier.attestation.trustworthiness.self.DefaultSelfAttestationTrustworthinessAsyncVerifier;
import com.webauthn4j.converter.util.ObjectConverter;
import com.webauthn4j.credential.CredentialRecord;
import com.webauthn4j.credential.CredentialRecordImpl;
import com.webauthn4j.data.AuthenticationParameters;
import com.webauthn4j.data.AuthenticationRequest;
import com.webauthn4j.data.PublicKeyCredentialParameters;
import com.webauthn4j.data.PublicKeyCredentialType;
import com.webauthn4j.data.RegistrationParameters;
import com.webauthn4j.data.RegistrationRequest;
import com.webauthn4j.data.attestation.authenticator.AAGUID;
import com.webauthn4j.data.attestation.authenticator.AttestedCredentialData;
import com.webauthn4j.data.attestation.authenticator.COSEKey;
import com.webauthn4j.data.attestation.statement.AndroidKeyAttestationStatement;
import com.webauthn4j.data.attestation.statement.AndroidSafetyNetAttestationStatement;
import com.webauthn4j.data.attestation.statement.AppleAnonymousAttestationStatement;
import com.webauthn4j.data.attestation.statement.AttestationCertificatePath;
import com.webauthn4j.data.attestation.statement.AttestationStatement;
import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier;
import com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement;
import com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement;
import com.webauthn4j.data.attestation.statement.PackedAttestationStatement;
import com.webauthn4j.data.attestation.statement.TPMAttestationStatement;
import com.webauthn4j.data.client.CollectedClientData;
import com.webauthn4j.data.client.Origin;
import com.webauthn4j.data.client.challenge.DefaultChallenge;
import com.webauthn4j.data.extension.authenticator.AuthenticationExtensionsAuthenticatorOutputs;
import com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs;
import com.webauthn4j.server.ServerProperty;
import io.vertx.core.Future;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.internal.logging.Logger;
import io.vertx.core.internal.logging.LoggerFactory;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authentication.CredentialValidationException;
import io.vertx.ext.auth.authentication.Credentials;
import io.vertx.ext.auth.impl.CertificateHelper;
import io.vertx.ext.auth.impl.Codec;
import io.vertx.ext.auth.prng.VertxContextPRNG;
import io.vertx.ext.auth.webauthn4j.Attestation;
import io.vertx.ext.auth.webauthn4j.AttestationCertificates;
import io.vertx.ext.auth.webauthn4j.Authenticator;
import io.vertx.ext.auth.webauthn4j.AuthenticatorTransport;
import io.vertx.ext.auth.webauthn4j.COSEAlgorithm;
import io.vertx.ext.auth.webauthn4j.CredentialStorage;
import io.vertx.ext.auth.webauthn4j.ResidentKey;
import io.vertx.ext.auth.webauthn4j.UserVerification;
import io.vertx.ext.auth.webauthn4j.WebAuthn4J;
import io.vertx.ext.auth.webauthn4j.WebAuthn4JCredentials;
import io.vertx.ext.auth.webauthn4j.WebAuthn4JException;
import io.vertx.ext.auth.webauthn4j.WebAuthn4JOptions;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;

/* loaded from: input_file:io/vertx/ext/auth/webauthn4j/impl/WebAuthn4JImpl.class */
public class WebAuthn4JImpl implements WebAuthn4J {
    private static final Logger LOG = LoggerFactory.getLogger(WebAuthn4J.class);
    private final VertxContextPRNG random;
    private final WebAuthn4JOptions options;
    private CredentialStorage credentialStorage;
    private final WebAuthnAsyncManager webAuthnManager;
    private final ObjectConverter objectConverter = new ObjectConverter();

    /* renamed from: io.vertx.ext.auth.webauthn4j.impl.WebAuthn4JImpl$1, reason: invalid class name */
    /* loaded from: input_file:io/vertx/ext/auth/webauthn4j/impl/WebAuthn4JImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$vertx$ext$auth$webauthn4j$ResidentKey = new int[ResidentKey.values().length];

        static {
            try {
                $SwitchMap$io$vertx$ext$auth$webauthn4j$ResidentKey[ResidentKey.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$vertx$ext$auth$webauthn4j$ResidentKey[ResidentKey.PREFERRED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$vertx$ext$auth$webauthn4j$ResidentKey[ResidentKey.DISCOURAGED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public WebAuthn4JImpl(Vertx vertx, WebAuthn4JOptions webAuthn4JOptions) {
        this.random = VertxContextPRNG.current(vertx);
        this.options = webAuthn4JOptions;
        if (webAuthn4JOptions == null) {
            throw new IllegalArgumentException("options cannot be null!");
        }
        if (webAuthn4JOptions.getRelyingParty() == null) {
            throw new IllegalArgumentException("options.relyingParty cannot be null!");
        }
        if (webAuthn4JOptions.getRelyingParty().getName() == null) {
            throw new IllegalArgumentException("options.relyingParty.name cannot be null!");
        }
        if (webAuthn4JOptions.getAttestation() == Attestation.NONE) {
            this.webAuthnManager = WebAuthnAsyncManager.createNonStrictWebAuthnAsyncManager(this.objectConverter);
            return;
        }
        HashSet hashSet = new HashSet();
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            for (Map.Entry<String, X509Certificate> entry : webAuthn4JOptions.getRootCertificates().entrySet()) {
                keyStore.setCertificateEntry(CertificateHelper.getCertInfo(entry.getValue()).subject("CN"), entry.getValue());
                hashSet.add(new TrustAnchor(entry.getValue(), null));
            }
            this.webAuthnManager = new WebAuthnAsyncManager(Arrays.asList(new FIDOU2FAttestationStatementAsyncVerifier(), new PackedAttestationStatementAsyncVerifier(), new TPMAttestationStatementAsyncVerifier(), new AndroidKeyAttestationStatementAsyncVerifier(), new AndroidSafetyNetAttestationStatementAsyncVerifier(), new AppleAnonymousAttestationStatementAsyncVerifier()), new DefaultCertPathTrustworthinessAsyncVerifier(webAuthn4JOptions.isUseMetadata() ? new MetadataBLOBBasedTrustAnchorAsyncRepository(new MetadataBLOBAsyncProvider[]{new FidoMDS3MetadataBLOBAsyncProvider(this.objectConverter, "https://mds.fidoalliance.org/", new VertxHttpAsyncClient(vertx), hashSet)}) : new KeyStoreTrustAnchorAsyncRepository(keyStore)), new DefaultSelfAttestationTrustworthinessAsyncVerifier(), this.objectConverter);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private String randomBase64URLBuffer(int i) {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return Codec.base64UrlEncode(bArr);
    }

    private void putOpt(JsonObject jsonObject, String str, Object obj) {
        if (obj != null) {
            if (obj instanceof Enum) {
                jsonObject.put(str, obj.toString());
                return;
            }
            if ((obj instanceof JsonObject) && ((JsonObject) obj).isEmpty()) {
                return;
            }
            if ((obj instanceof JsonArray) && ((JsonArray) obj).isEmpty()) {
                return;
            }
            jsonObject.put(str, obj);
        }
    }

    private void addOpt(JsonArray jsonArray, Object obj) {
        if (obj != null) {
            if (obj instanceof Enum) {
                jsonArray.add(obj.toString());
                return;
            }
            if ((obj instanceof JsonObject) && ((JsonObject) obj).isEmpty()) {
                return;
            }
            if ((obj instanceof JsonArray) && ((JsonArray) obj).isEmpty()) {
                return;
            }
            jsonArray.add(obj);
        }
    }

    private static String uUIDtoBase64Url(UUID uuid) {
        Buffer buffer = Buffer.buffer(16);
        buffer.setLong(0, uuid.getMostSignificantBits());
        buffer.setLong(8, uuid.getLeastSignificantBits());
        return Codec.base64UrlEncode(buffer.getBytes());
    }

    @Override // io.vertx.ext.auth.webauthn4j.WebAuthn4J
    public WebAuthn4J credentialStorage(CredentialStorage credentialStorage) {
        if (credentialStorage == null) {
            throw new IllegalArgumentException("CredentialStorage cannot be null");
        }
        this.credentialStorage = credentialStorage;
        return this;
    }

    @Override // io.vertx.ext.auth.webauthn4j.WebAuthn4J
    public Future<JsonObject> createCredentialsOptions(JsonObject jsonObject) {
        return this.credentialStorage.find(jsonObject.getString("name"), null).map(list -> {
            JsonObject put = new JsonObject().put("rp", new JsonObject()).put("user", new JsonObject()).put("challenge", randomBase64URLBuffer(this.options.getChallengeLength())).put("pubKeyCredParams", new JsonArray()).put("authenticatorSelection", new JsonObject());
            putOpt(put.getJsonObject("rp"), "id", this.options.getRelyingParty().getId());
            putOpt(put.getJsonObject("rp"), "name", this.options.getRelyingParty().getName());
            putOpt(put.getJsonObject("user"), "id", uUIDtoBase64Url(UUID.randomUUID()));
            putOpt(put.getJsonObject("user"), "name", jsonObject.getString("name"));
            putOpt(put.getJsonObject("user"), "displayName", jsonObject.getString("displayName"));
            putOpt(put.getJsonObject("user"), "icon", jsonObject.getString("icon"));
            Iterator<COSEAlgorithm> it = this.options.getPubKeyCredParams().iterator();
            while (it.hasNext()) {
                addOpt(put.getJsonArray("pubKeyCredParams"), new JsonObject().put("alg", Integer.valueOf(it.next().coseId())).put("type", "public-key"));
            }
            putOpt(put, "timeout", this.options.getTimeoutInMilliseconds());
            if (!list.isEmpty()) {
                JsonArray jsonArray = new JsonArray();
                Iterator<AuthenticatorTransport> it2 = this.options.getTransports().iterator();
                while (it2.hasNext()) {
                    addOpt(jsonArray, it2.next().toString());
                }
                JsonArray jsonArray2 = new JsonArray();
                Iterator it3 = list.iterator();
                while (it3.hasNext()) {
                    Authenticator authenticator = (Authenticator) it3.next();
                    JsonObject put2 = new JsonObject().put("type", authenticator.getType()).put("id", authenticator.getCredID());
                    putOpt(put2, "transports", jsonArray);
                    addOpt(jsonArray2, put2);
                }
                putOpt(put, "excludeCredentials", jsonArray2);
            }
            putOpt(put.getJsonObject("authenticatorSelection"), "authenticatorAttachment", this.options.getAuthenticatorAttachment());
            putOpt(put.getJsonObject("authenticatorSelection"), "residentKey", this.options.getResidentKey());
            putOpt(put.getJsonObject("authenticatorSelection"), "requireResidentKey", Boolean.valueOf(this.options.getResidentKey() == ResidentKey.REQUIRED));
            putOpt(put.getJsonObject("authenticatorSelection"), "userVerification", this.options.getUserVerification());
            putOpt(put, "attestation", this.options.getAttestation());
            putOpt(put, "extensions", this.options.getExtensions());
            return put;
        });
    }

    @Override // io.vertx.ext.auth.webauthn4j.WebAuthn4J
    public Future<JsonObject> getCredentialsOptions(String str) {
        JsonObject put = new JsonObject().put("challenge", randomBase64URLBuffer(this.options.getChallengeLength()));
        putOpt(put, "timeout", this.options.getTimeoutInMilliseconds());
        putOpt(put, "rpId", this.options.getRelyingParty().getId());
        putOpt(put, "userVerification", this.options.getUserVerification());
        putOpt(put, "extensions", this.options.getExtensions());
        switch (AnonymousClass1.$SwitchMap$io$vertx$ext$auth$webauthn4j$ResidentKey[this.options.getResidentKey().ordinal()]) {
            case AuthData.USER_PRESENT /* 1 */:
            case 2:
                return Future.succeededFuture(put);
            case 3:
                if (str == null) {
                    return Future.failedFuture("Name is required for non RK requests");
                }
                break;
        }
        return this.credentialStorage.find(str, null).compose(list -> {
            return list.isEmpty() ? Future.failedFuture("No authenticators registered for user: " + str) : Future.succeededFuture(list);
        }).map(list2 -> {
            JsonArray jsonArray = new JsonArray();
            JsonArray jsonArray2 = new JsonArray();
            if (this.options.getTransports() != null) {
                Iterator<AuthenticatorTransport> it = this.options.getTransports().iterator();
                while (it.hasNext()) {
                    jsonArray2.add(it.next().toString());
                }
            }
            Iterator it2 = list2.iterator();
            while (it2.hasNext()) {
                String credID = ((Authenticator) it2.next()).getCredID();
                if (credID != null) {
                    JsonObject put2 = new JsonObject().put("type", "public-key").put("id", credID);
                    putOpt(put2, "transports", jsonArray2);
                    jsonArray.add(put2);
                }
            }
            putOpt(put, "allowCredentials", jsonArray);
            return put;
        });
    }

    public Future<User> authenticate(Credentials credentials) {
        try {
            try {
                WebAuthn4JCredentials webAuthn4JCredentials = (WebAuthn4JCredentials) credentials;
                webAuthn4JCredentials.checkValid(null);
                JsonObject webauthn = webAuthn4JCredentials.getWebauthn();
                JsonObject jsonObject = webauthn.getJsonObject("response");
                byte[] base64UrlDecode = Codec.base64UrlDecode(jsonObject.getString("clientDataJSON"));
                JsonObject jsonObject2 = new JsonObject(Buffer.buffer(base64UrlDecode));
                if (!webAuthn4JCredentials.getChallenge().equals(jsonObject2.getString("challenge"))) {
                    return Future.failedFuture("Challenges don't match!");
                }
                if (webAuthn4JCredentials.getOrigin() != null && !webAuthn4JCredentials.getOrigin().equals(jsonObject2.getString("origin"))) {
                    return Future.failedFuture("Origins don't match!" + jsonObject2.getString("origin"));
                }
                String username = webAuthn4JCredentials.getUsername();
                if (!jsonObject2.containsKey("type")) {
                    return Future.failedFuture("Missing type on client data");
                }
                String string = jsonObject2.getString("type");
                boolean z = -1;
                switch (string.hashCode()) {
                    case -417943176:
                        if (string.equals("webauthn.create")) {
                            z = false;
                            break;
                        }
                        break;
                    case 766685274:
                        if (string.equals("webauthn.get")) {
                            z = true;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return username == null ? Future.failedFuture("username can't be null!") : verifyWebAuthNCreate(jsonObject, webAuthn4JCredentials, base64UrlDecode).compose(authenticator -> {
                            authenticator.setUsername(username);
                            return this.credentialStorage.storeCredential(authenticator).compose(r8 -> {
                                User create = User.create(authenticator.toJson());
                                if ((authenticator.getFlags() & 1) != 0) {
                                    create.principal().put("amr", Arrays.asList("user", "swk"));
                                } else {
                                    create.principal().put("amr", Collections.singletonList("swk"));
                                }
                                return Future.succeededFuture(create);
                            });
                        });
                    case AuthData.USER_PRESENT /* 1 */:
                        if (this.options.getResidentKey() == ResidentKey.DISCOURAGED && username == null) {
                            return Future.failedFuture("username can't be null!");
                        }
                        return this.credentialStorage.find(username, webauthn.getString("id")).compose(list -> {
                            Objects.requireNonNull(list);
                            if (list.isEmpty()) {
                                return Future.failedFuture("Cannot find authenticator with id: " + webauthn.getString("id"));
                            }
                            if (list.size() != 1) {
                                return Future.failedFuture("Found multiple authenticators for id: " + webauthn.getString("id") + " and username: " + username + " which breaks the contract of CredentialStorage");
                            }
                            Authenticator authenticator2 = (Authenticator) list.get(0);
                            return verifyWebAuthNGet(jsonObject, webAuthn4JCredentials, base64UrlDecode, authenticator2).compose(l -> {
                                authenticator2.setCounter(l.longValue());
                                return this.credentialStorage.updateCounter(authenticator2).compose(r8 -> {
                                    User create = User.create(authenticator2.toJson());
                                    if ((authenticator2.getFlags() & 1) != 0) {
                                        create.principal().put("amr", Arrays.asList("user", "swk"));
                                    } else {
                                        create.principal().put("amr", Collections.singletonList("swk"));
                                    }
                                    return Future.succeededFuture(create);
                                });
                            });
                        });
                    default:
                        return Future.failedFuture("Can not determine type of response!");
                }
            } catch (ClassCastException e) {
                throw new CredentialValidationException("Invalid credentials type", e);
            }
        } catch (RuntimeException e2) {
            return Future.failedFuture(e2);
        }
    }

    private Future<Authenticator> verifyWebAuthNCreate(JsonObject jsonObject, WebAuthn4JCredentials webAuthn4JCredentials, byte[] bArr) {
        byte[] base64UrlDecode = Codec.base64UrlDecode(jsonObject.getString("attestationObject"));
        HashSet hashSet = new HashSet();
        JsonArray jsonArray = jsonObject.getJsonArray("transports");
        if (jsonArray != null) {
            Iterator it = jsonArray.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (!(next instanceof String)) {
                    return Future.failedFuture(new WebAuthn4JException("Invalid transport: " + String.valueOf(next)));
                }
                hashSet.add((String) next);
            }
        }
        JsonObject jsonObject2 = jsonObject.getJsonObject("clientExtensionResults");
        RegistrationRequest registrationRequest = new RegistrationRequest(base64UrlDecode, bArr, jsonObject2 != null ? jsonObject2.encode() : null, hashSet);
        ServerProperty serverProperty = getServerProperty(webAuthn4JCredentials);
        boolean z = this.options.getUserVerification() == UserVerification.REQUIRED;
        boolean isUserPresenceRequired = this.options.isUserPresenceRequired();
        ArrayList arrayList = new ArrayList(this.options.getPubKeyCredParams().size());
        Iterator<COSEAlgorithm> it2 = this.options.getPubKeyCredParams().iterator();
        while (it2.hasNext()) {
            arrayList.add(new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.create(it2.next().coseId())));
        }
        return Future.fromCompletionStage(this.webAuthnManager.verify(registrationRequest, new RegistrationParameters(serverProperty, arrayList, z, isUserPresenceRequired))).map(registrationData -> {
            return new Authenticator().setFmt(registrationData.getAttestationObject().getAttestationStatement().getFormat()).setAaguid(registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid().toString()).setPublicKey(Codec.base64UrlEncode(this.objectConverter.getCborConverter().writeValueAsBytes(registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCOSEKey()))).setCounter(registrationData.getAttestationObject().getAuthenticatorData().getSignCount()).setCredID(Codec.base64UrlEncode(registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCredentialId())).setAttestationCertificates(convertAttestationCertificates(registrationData.getAttestationObject().getAttestationStatement())).setFlags(registrationData.getAttestationObject().getAuthenticatorData().getFlags());
        });
    }

    private AttestationCertificates convertAttestationCertificates(AttestationStatement attestationStatement) {
        AttestationCertificates attestationCertificates = new AttestationCertificates();
        if (attestationStatement instanceof CertificateBaseAttestationStatement) {
            AttestationCertificatePath x5c = ((CertificateBaseAttestationStatement) attestationStatement).getX5c();
            if (x5c != null) {
                attestationCertificates.setX5c((List<String>) x5c.stream().map(x509Certificate -> {
                    try {
                        return Codec.base64UrlEncode(x509Certificate.getEncoded());
                    } catch (CertificateEncodingException e) {
                        throw new WebAuthn4JException(e);
                    }
                }).collect(Collectors.toList()));
            }
            if (attestationStatement instanceof AndroidKeyAttestationStatement) {
                attestationCertificates.setAlg(COSEAlgorithm.valueOf((int) ((AndroidKeyAttestationStatement) attestationStatement).getAlg().getValue()));
            } else if (attestationStatement instanceof AndroidSafetyNetAttestationStatement) {
                attestationCertificates.setAlg(COSEAlgorithm.valueOf(((AndroidSafetyNetAttestationStatement) attestationStatement).getResponse().getHeader().getAlg().getName()));
            } else if (attestationStatement instanceof AppleAnonymousAttestationStatement) {
                attestationCertificates.setAlg(null);
            } else if (attestationStatement instanceof FIDOU2FAttestationStatement) {
                attestationCertificates.setAlg(COSEAlgorithm.valueOf((int) COSEAlgorithmIdentifier.ES256.getValue()));
            } else if (attestationStatement instanceof PackedAttestationStatement) {
                attestationCertificates.setAlg(COSEAlgorithm.valueOf((int) ((PackedAttestationStatement) attestationStatement).getAlg().getValue()));
            } else {
                if (!(attestationStatement instanceof TPMAttestationStatement)) {
                    throw new WebAuthn4JException("Unsupported attestation statement format: " + attestationStatement.getFormat());
                }
                attestationCertificates.setAlg(COSEAlgorithm.valueOf((int) ((TPMAttestationStatement) attestationStatement).getAlg().getValue()));
            }
        }
        return attestationCertificates;
    }

    private ServerProperty getServerProperty(WebAuthn4JCredentials webAuthn4JCredentials) {
        Origin create = Origin.create(webAuthn4JCredentials.getOrigin());
        String id = this.options.getRelyingParty().getId();
        if (id == null) {
            id = create.getHost();
        }
        return new ServerProperty(create, id, new DefaultChallenge(webAuthn4JCredentials.getChallenge()), (byte[]) null);
    }

    private Future<Long> verifyWebAuthNGet(JsonObject jsonObject, WebAuthn4JCredentials webAuthn4JCredentials, byte[] bArr, Authenticator authenticator) {
        byte[] base64UrlDecode = Codec.base64UrlDecode(webAuthn4JCredentials.getWebauthn().getString("id"));
        byte[] base64UrlDecode2 = jsonObject.containsKey("userHandle") ? Codec.base64UrlDecode(jsonObject.getString("userHandle")) : null;
        byte[] base64UrlDecode3 = Codec.base64UrlDecode(jsonObject.getString("authenticatorData"));
        JsonObject jsonObject2 = jsonObject.getJsonObject("clientExtensionResults");
        return Future.fromCompletionStage(this.webAuthnManager.verify(new AuthenticationRequest(base64UrlDecode, base64UrlDecode2, base64UrlDecode3, bArr, jsonObject2 != null ? jsonObject2.encode() : null, Codec.base64UrlDecode(jsonObject.getString("signature"))), new AuthenticationParameters(getServerProperty(webAuthn4JCredentials), loadCredentialRecord(authenticator), List.of(Codec.base64UrlDecode(authenticator.getCredID())), this.options.getUserVerification() == UserVerification.REQUIRED, this.options.isUserPresenceRequired()))).map(authenticationData -> {
            return Long.valueOf(authenticationData.getAuthenticatorData().getSignCount());
        });
    }

    private CredentialRecord loadCredentialRecord(Authenticator authenticator) {
        long counter = authenticator.getCounter();
        COSEKey cOSEKey = (COSEKey) this.objectConverter.getCborConverter().readValue(Codec.base64UrlDecode(authenticator.getPublicKey()), COSEKey.class);
        return new CredentialRecordImpl((AttestationStatement) null, (Boolean) null, (Boolean) null, (Boolean) null, counter, new AttestedCredentialData(new AAGUID(authenticator.getAaguid()), Codec.base64UrlDecode(authenticator.getCredID()), cOSEKey), (AuthenticationExtensionsAuthenticatorOutputs) null, (CollectedClientData) null, (AuthenticationExtensionsClientOutputs) null, (Set) null);
    }
}
