package com.yubico.u2f;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.yubico.u2f.crypto.BouncyCastleCrypto;
import com.yubico.u2f.crypto.ChallengeGenerator;
import com.yubico.u2f.crypto.Crypto;
import com.yubico.u2f.crypto.RandomChallengeGenerator;
import com.yubico.u2f.data.DeviceRegistration;
import com.yubico.u2f.data.messages.AuthenticateRequest;
import com.yubico.u2f.data.messages.AuthenticateResponse;
import com.yubico.u2f.data.messages.ClientData;
import com.yubico.u2f.data.messages.RegisterRequest;
import com.yubico.u2f.data.messages.RegisterResponse;
import com.yubico.u2f.data.messages.key.RawAuthenticateResponse;
import com.yubico.u2f.data.messages.key.RawRegisterResponse;
import com.yubico.u2f.data.messages.key.util.U2fB64Encoding;
import com.yubico.u2f.exceptions.DeviceCompromisedException;
import com.yubico.u2f.exceptions.U2fBadInputException;
import java.util.Set;

/* loaded from: input_file:com/yubico/u2f/U2fPrimitives.class */
public class U2fPrimitives {
    public static final String AUTHENTICATE_TYP = "navigator.id.getAssertion";
    public static final String REGISTER_TYPE = "navigator.id.finishEnrollment";
    public static final String U2F_VERSION = "U2F_V2";
    private final Crypto crypto;
    private final ChallengeGenerator challengeGenerator;

    public U2fPrimitives(Crypto crypto, ChallengeGenerator challengeGenerator) {
        this.crypto = crypto;
        this.challengeGenerator = challengeGenerator;
    }

    public U2fPrimitives() {
        this(new BouncyCastleCrypto(), new RandomChallengeGenerator());
    }

    public RegisterRequest startRegistration(String str) {
        return startRegistration(str, this.challengeGenerator.generateChallenge());
    }

    public RegisterRequest startRegistration(String str, byte[] bArr) {
        return new RegisterRequest(U2fB64Encoding.encode(bArr), str);
    }

    public DeviceRegistration finishRegistration(RegisterRequest registerRequest, RegisterResponse registerResponse) throws U2fBadInputException {
        return finishRegistration(registerRequest, registerResponse, null);
    }

    public DeviceRegistration finishRegistration(RegisterRequest registerRequest, RegisterResponse registerResponse, Set<String> set) throws U2fBadInputException {
        ClientData clientData = registerResponse.getClientData();
        clientData.checkContent(REGISTER_TYPE, registerRequest.getChallenge(), Optional.fromNullable(set));
        RawRegisterResponse fromBase64 = RawRegisterResponse.fromBase64(registerResponse.getRegistrationData(), this.crypto);
        fromBase64.checkSignature(registerRequest.getAppId(), clientData.asJson());
        return fromBase64.createDevice();
    }

    public AuthenticateRequest startAuthentication(String str, DeviceRegistration deviceRegistration) {
        return startAuthentication(str, deviceRegistration, this.challengeGenerator.generateChallenge());
    }

    public AuthenticateRequest startAuthentication(String str, DeviceRegistration deviceRegistration, byte[] bArr) {
        Preconditions.checkArgument(!deviceRegistration.isCompromised(), "Device has been marked as compromised, cannot authenticate");
        return new AuthenticateRequest(U2fB64Encoding.encode(bArr), str, deviceRegistration.getKeyHandle());
    }

    public void finishAuthentication(AuthenticateRequest authenticateRequest, AuthenticateResponse authenticateResponse, DeviceRegistration deviceRegistration) throws U2fBadInputException, DeviceCompromisedException {
        finishAuthentication(authenticateRequest, authenticateResponse, deviceRegistration, null);
    }

    public void finishAuthentication(AuthenticateRequest authenticateRequest, AuthenticateResponse authenticateResponse, DeviceRegistration deviceRegistration, Set<String> set) throws U2fBadInputException, DeviceCompromisedException {
        Preconditions.checkArgument(!deviceRegistration.isCompromised(), "Device has been marked as compromised, cannot authenticate");
        Preconditions.checkArgument(authenticateRequest.getKeyHandle().equals(deviceRegistration.getKeyHandle()), "Wrong DeviceRegistration for the given AuthenticateRequest");
        if (!deviceRegistration.getKeyHandle().equals(authenticateResponse.getKeyHandle())) {
            throw new U2fBadInputException("KeyHandle of AuthenticateResponse does not match");
        }
        ClientData clientData = authenticateResponse.getClientData();
        clientData.checkContent(AUTHENTICATE_TYP, authenticateRequest.getChallenge(), Optional.fromNullable(set));
        RawAuthenticateResponse fromBase64 = RawAuthenticateResponse.fromBase64(authenticateResponse.getSignatureData(), this.crypto);
        fromBase64.checkSignature(authenticateRequest.getAppId(), clientData.asJson(), U2fB64Encoding.decode(deviceRegistration.getPublicKey()));
        fromBase64.checkUserPresence();
        deviceRegistration.checkAndUpdateCounter(fromBase64.getCounter());
    }
}
