package com.yubico.webauthn.attestation;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.hash.Hashing;
import com.yubico.internal.util.ExceptionUtil;
import com.yubico.webauthn.attestation.resolver.SimpleAttestationResolver;
import com.yubico.webauthn.attestation.resolver.SimpleTrustResolver;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.ExecutionException;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yubico/webauthn/attestation/StandardMetadataService.class */
public final class StandardMetadataService implements MetadataService {
    private static final Logger logger = LoggerFactory.getLogger(StandardMetadataService.class);
    private final Attestation unknownAttestation;
    private final AttestationResolver attestationResolver;
    private final Cache<String, Attestation> cache;

    private StandardMetadataService(@NonNull AttestationResolver attestationResolver, @NonNull Cache<String, Attestation> cache) {
        this.unknownAttestation = Attestation.empty();
        if (attestationResolver == null) {
            throw new NullPointerException("attestationResolver is marked @NonNull but is null");
        }
        if (cache == null) {
            throw new NullPointerException("cache is marked @NonNull but is null");
        }
        this.attestationResolver = attestationResolver;
        this.cache = cache;
    }

    public StandardMetadataService(AttestationResolver attestationResolver) {
        this(attestationResolver, CacheBuilder.newBuilder().build());
    }

    public StandardMetadataService() throws CertificateException {
        this(createDefaultAttestationResolver());
    }

    public static TrustResolver createDefaultTrustResolver() throws CertificateException {
        return SimpleTrustResolver.fromMetadata(Collections.singleton(MetadataObject.readDefault()));
    }

    public static AttestationResolver createDefaultAttestationResolver(TrustResolver trustResolver) throws CertificateException {
        return new SimpleAttestationResolver(Collections.singleton(MetadataObject.readDefault()), trustResolver);
    }

    public static AttestationResolver createDefaultAttestationResolver() throws CertificateException {
        return createDefaultAttestationResolver(createDefaultTrustResolver());
    }

    public Attestation getCachedAttestation(String str) {
        return (Attestation) this.cache.getIfPresent(str);
    }

    public Attestation getAttestation(@NonNull List<X509Certificate> list) throws CertificateEncodingException {
        if (list == null) {
            throw new NullPointerException("attestationCertificateChain is marked @NonNull but is null");
        }
        if (list.isEmpty()) {
            return this.unknownAttestation;
        }
        X509Certificate x509Certificate = list.get(0);
        List<X509Certificate> subList = list.subList(1, list.size());
        try {
            return (Attestation) this.cache.get(Hashing.sha1().hashBytes(x509Certificate.getEncoded()).toString(), () -> {
                return this.attestationResolver.resolve(x509Certificate, subList).orElseGet(() -> {
                    return this.attestationResolver.untrustedFromCertificate(x509Certificate);
                });
            });
        } catch (ExecutionException e) {
            throw ExceptionUtil.wrapAndLog(logger, "Failed to look up attestation information for certificate: " + x509Certificate, e);
        }
    }
}
