package io.vertx.ext.auth.webauthn.impl.metadata;

import io.vertx.core.Future;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.impl.VertxInternal;
import io.vertx.core.impl.future.PromiseInternal;
import io.vertx.core.impl.logging.Logger;
import io.vertx.core.impl.logging.LoggerFactory;
import io.vertx.core.json.JsonArray;
import io.vertx.core.json.JsonObject;
import io.vertx.core.json.impl.JsonUtil;
import io.vertx.ext.auth.impl.CertificateHelper;
import io.vertx.ext.auth.impl.Codec;
import io.vertx.ext.auth.impl.http.SimpleHttpClient;
import io.vertx.ext.auth.impl.jose.JWS;
import io.vertx.ext.auth.impl.jose.JWT;
import io.vertx.ext.auth.webauthn.Authenticator;
import io.vertx.ext.auth.webauthn.MetaDataService;
import io.vertx.ext.auth.webauthn.WebAuthnOptions;
import io.vertx.ext.auth.webauthn.impl.attestation.AttestationException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: input_file:io/vertx/ext/auth/webauthn/impl/metadata/MetaDataServiceImpl.class */
public class MetaDataServiceImpl implements MetaDataService {
    private static final Logger LOG = LoggerFactory.getLogger(MetaDataServiceImpl.class);
    private final VertxInternal vertx;
    private final WebAuthnOptions options;
    private final SimpleHttpClient httpClient;
    private final JWT jwt = new JWT().allowEmbeddedKey(true);
    private final MetaData metadata;

    public MetaDataServiceImpl(Vertx vertx, WebAuthnOptions webAuthnOptions) {
        this.vertx = (VertxInternal) vertx;
        this.options = webAuthnOptions;
        this.httpClient = new SimpleHttpClient(vertx, "vertx-auth", new HttpClientOptions());
        this.metadata = new MetaData(vertx, webAuthnOptions);
    }

    @Override // io.vertx.ext.auth.webauthn.MetaDataService
    public Future<Boolean> fetchTOC(String str) {
        PromiseInternal promise = this.vertx.promise();
        Future fetch = this.httpClient.fetch(HttpMethod.GET, str, (JsonObject) null, (Buffer) null);
        promise.getClass();
        fetch.onFailure(promise::fail).onSuccess(simpleHttpResponse -> {
            JsonObject jsonObject;
            String str2 = null;
            Buffer body = simpleHttpResponse.body();
            if (body == null) {
                promise.fail("null JWT");
                return;
            }
            try {
                JsonObject decode = this.jwt.decode(body.toString(), true, this.options.getRootCrls());
                JsonArray jsonArray = decode.getJsonObject("header").getJsonArray("x5c");
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < jsonArray.size(); i++) {
                    arrayList.add(JWS.parseX5c(Codec.base64Decode(jsonArray.getString(i))));
                }
                arrayList.add(this.options.getRootCertificate("mds"));
                List<X509CRL> rootCrls = this.options.getRootCrls();
                if (rootCrls == null || rootCrls.size() == 0) {
                    LOG.warn("No CRLs loaded for MDS Certificate");
                }
                CertificateHelper.checkValidity(arrayList, rootCrls);
                jsonObject = decode.getJsonObject("payload");
            } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                try {
                    str2 = e.getMessage();
                    jsonObject = JWT.parse(body.toString()).getJsonObject("payload");
                } catch (RuntimeException e2) {
                    promise.fail(e2);
                    return;
                }
            }
            try {
                if (jsonObject == null) {
                    promise.fail("Could not parse TOC");
                } else {
                    if (jsonObject.containsKey("legalHeader")) {
                        LOG.info(jsonObject.getString("legalHeader"));
                    }
                    JsonArray jsonArray2 = jsonObject.getJsonArray("entries");
                    String str3 = str2;
                    AtomicInteger atomicInteger = new AtomicInteger(jsonArray2.size());
                    AtomicBoolean atomicBoolean = new AtomicBoolean(true);
                    jsonArray2.forEach(obj -> {
                        addEntry(str3, (JsonObject) obj).onFailure(th -> {
                            LOG.error("Failed to add entry", th);
                            atomicBoolean.set(false);
                            if (atomicInteger.decrementAndGet() == 0) {
                                promise.complete(Boolean.valueOf(atomicBoolean.get()));
                            }
                        }).onComplete(asyncResult -> {
                            if (atomicInteger.decrementAndGet() == 0) {
                                promise.complete(Boolean.valueOf(atomicBoolean.get()));
                            }
                        });
                    });
                }
            } catch (RuntimeException e3) {
                promise.fail(e3);
            }
        });
        return promise.future();
    }

    private Future<Void> addEntry(String str, JsonObject jsonObject) {
        PromiseInternal promise = this.vertx.promise();
        if (jsonObject.containsKey("url")) {
            Future fetch = this.httpClient.fetch(HttpMethod.GET, jsonObject.getString("url"), (JsonObject) null, (Buffer) null);
            promise.getClass();
            fetch.onFailure(promise::fail).onSuccess(simpleHttpResponse -> {
                Buffer body = simpleHttpResponse.body();
                if (body == null) {
                    promise.fail("null JWT");
                    return;
                }
                try {
                    this.metadata.loadMetadata(new MetaDataEntry(jsonObject, body.getBytes(), str));
                    promise.complete();
                } catch (RuntimeException | NoSuchAlgorithmException e) {
                    promise.fail(e);
                }
            });
        } else if (jsonObject.containsKey("metadataStatement") && jsonObject.getJsonObject("metadataStatement").getInteger("schema", 0).intValue() == 3) {
            try {
                this.metadata.loadMetadata(new MetaDataEntry(jsonObject, jsonObject.getJsonObject("metadataStatement"), str));
                promise.complete();
            } catch (RuntimeException e) {
                promise.fail(e);
            }
        } else {
            promise.fail("Invalid metadataStatement (no url or metadataStatement with schema == 3)");
        }
        return promise.future();
    }

    @Override // io.vertx.ext.auth.webauthn.MetaDataService
    public MetaDataService addStatement(JsonObject jsonObject) {
        this.metadata.loadMetadata(new MetaDataEntry(jsonObject));
        return this;
    }

    @Override // io.vertx.ext.auth.webauthn.MetaDataService
    public MetaDataService flush() {
        this.metadata.clear();
        return this;
    }

    @Override // io.vertx.ext.auth.webauthn.MetaDataService
    public JsonObject verify(Authenticator authenticator) {
        boolean z;
        try {
            String fmt = authenticator.getFmt();
            boolean z2 = -1;
            switch (fmt.hashCode()) {
                case -1775281235:
                    if (fmt.equals("android-safetynet")) {
                        z2 = true;
                        break;
                    }
                    break;
                case 115057:
                    if (fmt.equals("tpm")) {
                        z2 = 2;
                        break;
                    }
                    break;
                case 3387192:
                    if (fmt.equals("none")) {
                        z2 = false;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                case true:
                case true:
                    z = false;
                    break;
                default:
                    z = true;
                    break;
            }
            return this.metadata.verifyMetadata(authenticator.getAaguid(), authenticator.getAttestationCertificates().getAlg(), parseX5c(authenticator.getAttestationCertificates().getX5c()), z);
        } catch (AttestationException | MetaDataException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private static List<X509Certificate> parseX5c(List<String> list) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        if (list == null || list.size() == 0) {
            return arrayList;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(JWS.parseX5c(JsonUtil.BASE64_DECODER.decode(it.next())));
        }
        return arrayList;
    }

    public MetaData metadata() {
        return this.metadata;
    }
}
