package com.webauthn4j.validator.attestation.statement.apple;

import com.webauthn4j.data.attestation.statement.AppleAnonymousAttestationStatement;
import com.webauthn4j.data.attestation.statement.AttestationType;
import com.webauthn4j.util.MessageDigestUtil;
import com.webauthn4j.validator.CoreRegistrationObject;
import com.webauthn4j.validator.attestation.statement.AbstractStatementValidator;
import com.webauthn4j.validator.exception.BadAttestationStatementException;
import com.webauthn4j.validator.exception.PublicKeyMismatchException;
import g.a.e1;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Arrays;
import l.a.a.a.d.a;
import l.a.a.a.d.e;
import l.a.a.a.e.d;

/* loaded from: classes.dex */
public class AppleAnonymousAttestationStatementValidator extends AbstractStatementValidator<AppleAnonymousAttestationStatement> {
    private byte[] getNonce(CoreRegistrationObject coreRegistrationObject) {
        byte[] authenticatorDataBytes = coreRegistrationObject.getAuthenticatorDataBytes();
        byte[] clientDataHash = coreRegistrationObject.getClientDataHash();
        return MessageDigestUtil.createSHA256().digest(ByteBuffer.allocate(authenticatorDataBytes.length + clientDataHash.length).put(authenticatorDataBytes).put(clientDataHash).array());
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void validateNonce(CoreRegistrationObject coreRegistrationObject) {
        AppleAnonymousAttestationStatement appleAnonymousAttestationStatement = (AppleAnonymousAttestationStatement) coreRegistrationObject.getAttestationObject().getAttestationStatement();
        byte[] nonce = getNonce(coreRegistrationObject);
        byte[] extensionValue = appleAnonymousAttestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate().getExtensionValue("1.2.840.113635.100.8.2");
        try {
            d dVar = new d();
            dVar.e(extensionValue);
            e eVar = ((a) e1.g0(ByteBuffer.wrap((byte[]) dVar.d))).f768f.get(0);
            d dVar2 = new d();
            dVar2.d(eVar);
            if (!Arrays.equals((byte[]) dVar2.d, nonce)) {
                throw new BadAttestationStatementException("nonce doesn't match.");
            }
        } catch (IOException | RuntimeException e) {
            throw new BadAttestationStatementException("Failed to extract nonce from Apple anonymous attestation statement.", e);
        }
    }

    private void validatePublicKey(CoreRegistrationObject coreRegistrationObject, AppleAnonymousAttestationStatement appleAnonymousAttestationStatement) {
        if (!appleAnonymousAttestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate().getPublicKey().equals(coreRegistrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCOSEKey().getPublicKey())) {
            throw new PublicKeyMismatchException("The public key in the first certificate in x5c doesn't matches the credentialPublicKey in the attestedCredentialData in authenticatorData.");
        }
    }

    @Override // com.webauthn4j.validator.attestation.statement.AttestationStatementValidator
    public AttestationType validate(CoreRegistrationObject coreRegistrationObject) {
        if (!supports(coreRegistrationObject)) {
            throw new IllegalArgumentException(String.format("Specified format '%s' is not supported by %s.", coreRegistrationObject.getAttestationObject().getFormat(), AppleAnonymousAttestationStatementValidator.class.getName()));
        }
        AppleAnonymousAttestationStatement appleAnonymousAttestationStatement = (AppleAnonymousAttestationStatement) coreRegistrationObject.getAttestationObject().getAttestationStatement();
        validateNonce(coreRegistrationObject);
        validatePublicKey(coreRegistrationObject, appleAnonymousAttestationStatement);
        return AttestationType.BASIC;
    }
}
