package com.webauthn4j.validator.attestation.statement.androidkey;

import com.webauthn4j.validator.exception.BadAttestationStatementException;
import com.webauthn4j.validator.exception.KeyDescriptionValidationException;
import g.a.e1;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Objects;
import l.a.a.a.d.a;
import l.a.a.a.d.e;
import l.a.a.a.e.d;
import l.c.b;
import l.c.c;

/* loaded from: classes.dex */
public class KeyDescriptionValidator {
    public static final int ATTESTATION_CHALLENGE_INDEX = 4;
    public static final String ATTESTATION_EXTENSION_OID = "1.3.6.1.4.1.11129.2.1.17";
    public static final int KM_ORIGIN_GENERATED = 0;
    public static final int KM_PURPOSE_SIGN = 2;
    public static final int KM_TAG_ALL_APPLICATIONS = 600;
    public static final int KM_TAG_CREATION_DATE_TIME = 701;
    public static final int KM_TAG_ORIGIN = 702;
    public static final int KM_TAG_PURPOSE = 1;
    public static final int SW_ENFORCED_INDEX = 6;
    public static final int TEE_ENFORCED_INDEX = 7;
    public final b logger = c.d(KeyDescriptionValidator.class);

    private boolean containsValidPurpose(e eVar) {
        if (eVar == null) {
            return false;
        }
        try {
            Iterator<e> it = ((a) eVar).f768f.iterator();
            while (it.hasNext()) {
                if (Objects.equals(getIntegerFromAsn1(it.next()), BigInteger.valueOf(2L))) {
                    return true;
                }
            }
            return false;
        } catch (RuntimeException e) {
            this.logger.a("Failed to retrieve purpose.", e);
            return false;
        }
    }

    private e findAuthorizationListEntry(a aVar, int i2) {
        for (e eVar : aVar.f768f) {
            if (eVar.c().b == i2) {
                return ((a) eVar).f768f.get(0);
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private BigInteger getIntegerFromAsn1(e eVar) {
        if (eVar == null) {
            return null;
        }
        if (!eVar.c().a()) {
            throw new BadAttestationStatementException(String.format("ASN1Integer is expected. Found %s instead.", eVar.getClass().getName()));
        }
        l.a.a.a.e.b bVar = new l.a.a.a.e.b();
        bVar.d(eVar);
        return (BigInteger) bVar.d;
    }

    private boolean isKeyGeneratedInKeymaster(e eVar) {
        try {
            return Objects.equals(getIntegerFromAsn1(eVar), BigInteger.valueOf(0L));
        } catch (IOException | RuntimeException e) {
            this.logger.a("Failed to retrieve origin.", e);
            return false;
        }
    }

    private void validateAuthorizationList(boolean z, a aVar, a aVar2) {
        if (z) {
            if (!isKeyGeneratedInKeymaster(findAuthorizationListEntry(aVar2, KM_TAG_ORIGIN))) {
                throw new KeyDescriptionValidationException("Key is not generated in keymaster.");
            }
            if (!containsValidPurpose(findAuthorizationListEntry(aVar2, 1))) {
                throw new KeyDescriptionValidationException("Key purpose is invalid.");
            }
            return;
        }
        if (!isKeyGeneratedInKeymaster(findAuthorizationListEntry(aVar2, KM_TAG_ORIGIN)) && !isKeyGeneratedInKeymaster(findAuthorizationListEntry(aVar, KM_TAG_ORIGIN))) {
            throw new KeyDescriptionValidationException("Key is not generated in keymaster.");
        }
        if (!containsValidPurpose(findAuthorizationListEntry(aVar2, 1)) && !containsValidPurpose(findAuthorizationListEntry(aVar, 1))) {
            throw new KeyDescriptionValidationException("Key purpose is invalid.");
        }
    }

    public void doValidate(a aVar, byte[] bArr, boolean z) {
        if (!Arrays.equals(aVar.f768f.get(4).f(), bArr)) {
            throw new KeyDescriptionValidationException("Attestation challenge doesn't match.");
        }
        a aVar2 = (a) aVar.f768f.get(6);
        a aVar3 = (a) aVar.f768f.get(7);
        if (findAuthorizationListEntry(aVar2, KM_TAG_ALL_APPLICATIONS) != null || findAuthorizationListEntry(aVar3, KM_TAG_ALL_APPLICATIONS) != null) {
            throw new KeyDescriptionValidationException("Key is not scoped properly.");
        }
        validateAuthorizationList(z, aVar2, aVar3);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public a extractKeyDescription(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(ATTESTATION_EXTENSION_OID);
        d dVar = new d();
        if (extensionValue == null) {
            throw new KeyDescriptionValidationException("KeyDescription must not be null");
        }
        dVar.e(extensionValue);
        return (a) e1.g0(ByteBuffer.wrap((byte[]) dVar.d));
    }

    public void validate(X509Certificate x509Certificate, byte[] bArr, boolean z) {
        try {
            doValidate(extractKeyDescription(x509Certificate), bArr, z);
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }
}
