package com.webauthn4j.metadata;

import com.webauthn4j.data.AuthenticatorAttestationType;
import com.webauthn4j.data.attestation.authenticator.AAGUID;
import com.webauthn4j.metadata.data.MetadataBLOBPayloadEntry;
import com.webauthn4j.metadata.data.statement.MetadataStatement;
import com.webauthn4j.metadata.data.toc.StatusReport;
import com.webauthn4j.util.HexUtil;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:com/webauthn4j/metadata/MetadataBLOBBasedMetadataStatementRepository.class */
public class MetadataBLOBBasedMetadataStatementRepository implements MetadataStatementRepository {
    private final List<MetadataBLOBProvider> metadataBLOBProviders;
    private boolean notFidoCertifiedAllowed = false;
    private boolean selfAssertionSubmittedAllowed = false;

    public MetadataBLOBBasedMetadataStatementRepository(MetadataBLOBProvider... metadataBLOBProviderArr) {
        this.metadataBLOBProviders = Arrays.asList(metadataBLOBProviderArr);
    }

    @Override // com.webauthn4j.metadata.MetadataStatementRepository
    public Set<MetadataStatement> find(AAGUID aaguid) {
        return (Set) this.metadataBLOBProviders.stream().flatMap(metadataBLOBProvider -> {
            return metadataBLOBProvider.provide().getPayload().getEntries().stream();
        }).filter(metadataBLOBPayloadEntry -> {
            return Objects.equals(metadataBLOBPayloadEntry.getAaguid(), aaguid);
        }).filter(this::checkMetadataBLOBPayloadEntry).map((v0) -> {
            return v0.getMetadataStatement();
        }).filter(this::checkSurrogateMetadataStatementAttestationRootCertificate).collect(Collectors.toSet());
    }

    @Override // com.webauthn4j.metadata.MetadataStatementRepository
    public Set<MetadataStatement> find(byte[] bArr) {
        return (Set) this.metadataBLOBProviders.stream().flatMap(metadataBLOBProvider -> {
            return metadataBLOBProvider.provide().getPayload().getEntries().stream();
        }).filter(metadataBLOBPayloadEntry -> {
            MetadataStatement metadataStatement = metadataBLOBPayloadEntry.getMetadataStatement();
            if (metadataStatement == null || metadataStatement.getAttestationCertificateKeyIdentifiers() == null) {
                return false;
            }
            return metadataStatement.getAttestationCertificateKeyIdentifiers().stream().anyMatch(str -> {
                return Arrays.equals(HexUtil.decode(str), bArr);
            });
        }).map((v0) -> {
            return v0.getMetadataStatement();
        }).filter(this::checkSurrogateMetadataStatementAttestationRootCertificate).collect(Collectors.toSet());
    }

    public boolean isNotFidoCertifiedAllowed() {
        return this.notFidoCertifiedAllowed;
    }

    public void setNotFidoCertifiedAllowed(boolean z) {
        this.notFidoCertifiedAllowed = z;
    }

    public boolean isSelfAssertionSubmittedAllowed() {
        return this.selfAssertionSubmittedAllowed;
    }

    public void setSelfAssertionSubmittedAllowed(boolean z) {
        this.selfAssertionSubmittedAllowed = z;
    }

    private boolean checkMetadataBLOBPayloadEntry(MetadataBLOBPayloadEntry metadataBLOBPayloadEntry) {
        Iterator<StatusReport> it = metadataBLOBPayloadEntry.getStatusReports().iterator();
        while (it.hasNext()) {
            switch (it.next().getStatus()) {
                case UPDATE_AVAILABLE:
                case FIDO_CERTIFIED:
                case FIDO_CERTIFIED_L1:
                case FIDO_CERTIFIED_L1_PLUS:
                case FIDO_CERTIFIED_L2:
                case FIDO_CERTIFIED_L2_PLUS:
                case FIDO_CERTIFIED_L3:
                case FIDO_CERTIFIED_L3_PLUS:
                    break;
                case NOT_FIDO_CERTIFIED:
                    if (!this.notFidoCertifiedAllowed) {
                        return false;
                    }
                    break;
                case SELF_ASSERTION_SUBMITTED:
                    if (!this.selfAssertionSubmittedAllowed) {
                        return false;
                    }
                    break;
                case ATTESTATION_KEY_COMPROMISE:
                case USER_VERIFICATION_BYPASS:
                case USER_KEY_REMOTE_COMPROMISE:
                case USER_KEY_PHYSICAL_COMPROMISE:
                case REVOKED:
                default:
                    return false;
            }
        }
        return true;
    }

    private boolean checkSurrogateMetadataStatementAttestationRootCertificate(MetadataStatement metadataStatement) {
        if (metadataStatement != null && metadataStatement.getAttestationTypes().stream().allMatch(authenticatorAttestationType -> {
            return authenticatorAttestationType.equals(AuthenticatorAttestationType.BASIC_SURROGATE);
        })) {
            return metadataStatement.getAttestationRootCertificates().isEmpty();
        }
        return true;
    }
}
