package com.webauthn4j.test.authenticator.u2f;

import com.webauthn4j.test.TestConstants;
import com.webauthn4j.test.authenticator.u2f.exception.FIDOU2FException;
import com.webauthn4j.test.client.AuthenticationEmulationOption;
import com.webauthn4j.test.client.RegistrationEmulationOption;
import com.webauthn4j.util.AssertUtil;
import com.webauthn4j.util.ECUtil;
import com.webauthn4j.util.MACUtil;
import com.webauthn4j.util.SignatureUtil;
import com.webauthn4j.util.UnsignedNumberUtil;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.util.Arrays;

/* loaded from: input_file:com/webauthn4j/test/authenticator/u2f/FIDOU2FAuthenticator.class */
public class FIDOU2FAuthenticator {
    public static final byte FLAG_OFF = 0;
    public static final byte FLAG_UP = 1;
    private static final SecureRandom secureRandom = new SecureRandom();
    private final PrivateKey attestationPrivateKey;
    private final X509Certificate attestationPublicKeyCertificate;
    private long counter;
    private byte flags;
    private boolean countUpEnabled;

    public FIDOU2FAuthenticator(PrivateKey privateKey, X509Certificate x509Certificate, int i) {
        this.flags = (byte) 1;
        this.countUpEnabled = true;
        AssertUtil.notNull(privateKey, "attestationPrivateKey must not be null");
        AssertUtil.notNull(x509Certificate, "attestationPublicKeyCertificate must not be null");
        this.attestationPrivateKey = privateKey;
        this.attestationPublicKeyCertificate = x509Certificate;
        this.counter = i;
    }

    public FIDOU2FAuthenticator() {
        this(TestConstants.GENERIC_2TIER_ATTESTATION_PRIVATE_KEY, TestConstants.GENERIC_2TIER_ATTESTATION_CERTIFICATE, 0);
    }

    public RegistrationResponse register(RegistrationRequest registrationRequest, RegistrationEmulationOption registrationEmulationOption) {
        byte[] challengeParameter = registrationRequest.getChallengeParameter();
        byte[] applicationParameter = registrationRequest.getApplicationParameter();
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        KeyPair keyPair = getKeyPair(applicationParameter, bArr);
        byte[] encoded = keyPair.getPrivate().getEncoded();
        byte[] array = ByteBuffer.allocate(64).put(bArr).put(MACUtil.calculateHmacSHA256(ByteBuffer.allocate(32 + encoded.length).put(applicationParameter).put(encoded).array(), this.attestationPrivateKey.getEncoded())).array();
        byte[] bytesFromECPublicKey = getBytesFromECPublicKey((ECPublicKey) keyPair.getPublic());
        return new RegistrationResponse(bytesFromECPublicKey, array, this.attestationPublicKeyCertificate, registrationEmulationOption.isSignatureOverrideEnabled() ? registrationEmulationOption.getSignature() : calculateSignature(this.attestationPrivateKey, ByteBuffer.allocate(65 + array.length + 65).put((byte) 0).put(applicationParameter).put(challengeParameter).put(array).put(bytesFromECPublicKey).array()));
    }

    public RegistrationResponse register(RegistrationRequest registrationRequest) {
        return register(registrationRequest, new RegistrationEmulationOption());
    }

    public AuthenticationResponse authenticate(AuthenticationRequest authenticationRequest, AuthenticationEmulationOption authenticationEmulationOption) {
        authenticationRequest.getControl();
        byte[] applicationParameter = authenticationRequest.getApplicationParameter();
        byte[] challenge = authenticationRequest.getChallenge();
        KeyPair keyPair = getKeyPair(applicationParameter, Arrays.copyOf(authenticationRequest.getKeyHandle(), 32));
        countUp();
        return new AuthenticationResponse(this.flags, getCounterBytes(), calculateSignature(keyPair.getPrivate(), ByteBuffer.allocate(69).put(applicationParameter).put(this.flags).put(getCounterBytes()).put(challenge).array()));
    }

    public AuthenticationResponse authenticate(AuthenticationRequest authenticationRequest) {
        return authenticate(authenticationRequest, new AuthenticationEmulationOption());
    }

    private byte[] getBytesFromECPublicKey(ECPublicKey eCPublicKey) {
        ECPoint w = eCPublicKey.getW();
        byte[] byteArray = w.getAffineX().toByteArray();
        byte[] byteArray2 = w.getAffineY().toByteArray();
        byte[] copyOfRange = Arrays.copyOfRange(byteArray, Math.max(0, byteArray.length - 32), byteArray.length);
        byte[] copyOfRange2 = Arrays.copyOfRange(byteArray2, Math.max(0, byteArray2.length - 32), byteArray2.length);
        ByteBuffer allocate = ByteBuffer.allocate(65);
        allocate.put((byte) 4);
        allocate.position((allocate.position() + 32) - copyOfRange.length);
        allocate.put(copyOfRange);
        allocate.position((allocate.position() + 32) - copyOfRange2.length);
        allocate.put(copyOfRange2);
        return allocate.array();
    }

    private KeyPair getKeyPair(byte[] bArr, byte[] bArr2) {
        return ECUtil.createKeyPair(ByteBuffer.allocate(64).put(bArr).put(bArr2).array());
    }

    private byte[] calculateSignature(PrivateKey privateKey, byte[] bArr) {
        try {
            Signature createES256 = SignatureUtil.createES256();
            createES256.initSign(privateKey);
            createES256.update(bArr);
            return createES256.sign();
        } catch (InvalidKeyException | SignatureException e) {
            throw new FIDOU2FException("Signature calculation error", e);
        }
    }

    private void countUp() {
        if (isCountUpEnabled()) {
            this.counter++;
        }
    }

    private byte[] getCounterBytes() {
        return UnsignedNumberUtil.toBytes(this.counter);
    }

    public boolean isCountUpEnabled() {
        return this.countUpEnabled;
    }

    public void setCountUpEnabled(boolean z) {
        this.countUpEnabled = z;
    }

    public byte getFlags() {
        return this.flags;
    }

    public void setFlags(byte b) {
        this.flags = b;
    }
}
