package com.webauthn4j.verifier;

import com.webauthn4j.converter.util.ObjectConverter;
import com.webauthn4j.data.CoreRegistrationData;
import com.webauthn4j.data.CoreRegistrationParameters;
import com.webauthn4j.data.PublicKeyCredentialParameters;
import com.webauthn4j.data.attestation.AttestationObject;
import com.webauthn4j.data.attestation.authenticator.AuthenticatorData;
import com.webauthn4j.data.attestation.authenticator.COSEKey;
import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier;
import com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput;
import com.webauthn4j.server.CoreServerProperty;
import com.webauthn4j.util.AssertUtil;
import com.webauthn4j.verifier.attestation.statement.AttestationStatementVerifier;
import com.webauthn4j.verifier.attestation.trustworthiness.certpath.CertPathTrustworthinessVerifier;
import com.webauthn4j.verifier.attestation.trustworthiness.self.SelfAttestationTrustworthinessVerifier;
import com.webauthn4j.verifier.exception.ConstraintViolationException;
import com.webauthn4j.verifier.exception.NotAllowedAlgorithmException;
import com.webauthn4j.verifier.exception.UserNotPresentException;
import com.webauthn4j.verifier.exception.UserNotVerifiedException;
import java.util.Iterator;
import java.util.List;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/webauthn4j/verifier/CoreRegistrationDataVerifier.class */
public class CoreRegistrationDataVerifier {
    private final RpIdHashVerifier rpIdHashVerifier = new RpIdHashVerifier();
    private final AuthenticatorExtensionVerifier authenticatorExtensionVerifier = new AuthenticatorExtensionVerifier();
    private final AttestationVerifier attestationVerifier;
    private final List<CustomCoreRegistrationVerifier> customRegistrationVerifiers;

    public CoreRegistrationDataVerifier(@NotNull List<AttestationStatementVerifier> list, @NotNull CertPathTrustworthinessVerifier certPathTrustworthinessVerifier, @NotNull SelfAttestationTrustworthinessVerifier selfAttestationTrustworthinessVerifier, @NotNull List<CustomCoreRegistrationVerifier> list2, @NotNull ObjectConverter objectConverter) {
        AssertUtil.notNull(list, "attestationStatementVerifiers must not be null");
        AssertUtil.notNull(certPathTrustworthinessVerifier, "certPathTrustworthinessVerifier must not be null");
        AssertUtil.notNull(selfAttestationTrustworthinessVerifier, "selfAttestationTrustworthinessVerifier must not be null");
        AssertUtil.notNull(list2, "customRegistrationVerifiers must not be null");
        AssertUtil.notNull(objectConverter, "objectConverter must not be null");
        this.attestationVerifier = new AttestationVerifier(list, certPathTrustworthinessVerifier, selfAttestationTrustworthinessVerifier);
        this.customRegistrationVerifiers = list2;
    }

    public void verify(@NotNull CoreRegistrationData coreRegistrationData, @NotNull CoreRegistrationParameters coreRegistrationParameters) {
        BeanAssertUtil.validate(coreRegistrationData);
        AssertUtil.notNull(coreRegistrationParameters, "registrationParameters must not be null");
        AttestationObject attestationObject = coreRegistrationData.getAttestationObject();
        verifyAuthenticatorDataField(attestationObject.getAuthenticatorData());
        CoreServerProperty serverProperty = coreRegistrationParameters.getServerProperty();
        CoreRegistrationObject createCoreRegistrationObject = createCoreRegistrationObject(coreRegistrationData, coreRegistrationParameters);
        AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData = attestationObject.getAuthenticatorData();
        verifyCOSEKey(authenticatorData.getAttestedCredentialData().getCOSEKey());
        this.rpIdHashVerifier.verify(authenticatorData.getRpIdHash(), serverProperty);
        verifyUVUPFlags(authenticatorData, coreRegistrationParameters.isUserVerificationRequired(), coreRegistrationParameters.isUserPresenceRequired());
        verifyAlg(authenticatorData.getAttestedCredentialData().getCOSEKey().getAlgorithm(), coreRegistrationParameters.getPubKeyCredParams());
        this.authenticatorExtensionVerifier.verify(authenticatorData.getExtensions());
        this.attestationVerifier.verify(createCoreRegistrationObject);
        Iterator<CustomCoreRegistrationVerifier> it = this.customRegistrationVerifiers.iterator();
        while (it.hasNext()) {
            it.next().verify(createCoreRegistrationObject);
        }
    }

    void verifyAlg(COSEAlgorithmIdentifier cOSEAlgorithmIdentifier, List<PublicKeyCredentialParameters> list) {
        if (list != null && list.stream().noneMatch(publicKeyCredentialParameters -> {
            return publicKeyCredentialParameters.getAlg().equals(cOSEAlgorithmIdentifier);
        })) {
            throw new NotAllowedAlgorithmException("alg not listed in options.pubKeyCredParams is used.");
        }
    }

    void verifyCOSEKey(COSEKey cOSEKey) {
        if (cOSEKey.getPublicKey() == null) {
            throw new ConstraintViolationException("coseKey doesn't contain public key");
        }
    }

    protected CoreRegistrationObject createCoreRegistrationObject(@NotNull CoreRegistrationData coreRegistrationData, @NotNull CoreRegistrationParameters coreRegistrationParameters) {
        return new CoreRegistrationObject(coreRegistrationData.getAttestationObject(), coreRegistrationData.getAttestationObjectBytes(), coreRegistrationData.getClientDataHash(), coreRegistrationParameters.getServerProperty());
    }

    void verifyAuthenticatorDataField(@NotNull AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData) {
        if (authenticatorData.getAttestedCredentialData() == null) {
            throw new ConstraintViolationException("attestedCredentialData must not be null on registration");
        }
    }

    void verifyUVUPFlags(@NotNull AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData, boolean z, boolean z2) {
        if (z && !authenticatorData.isFlagUV()) {
            throw new UserNotVerifiedException("Verifier is configured to check user verified, but UV flag in authenticatorData is not set.");
        }
        if (z2 && !authenticatorData.isFlagUP()) {
            throw new UserNotPresentException("Verifier is configured to check user present, but UP flag in authenticatorData is not set.");
        }
    }

    @NotNull
    public List<CustomCoreRegistrationVerifier> getCustomRegistrationVerifiers() {
        return this.customRegistrationVerifiers;
    }
}
