package org.forgerock.android.auth.webauthn;

import android.app.PendingIntent;
import android.content.Context;
import android.util.Base64;
import androidx.fragment.app.FragmentManager;
import com.google.android.gms.fido.Fido;
import com.google.android.gms.fido.fido2.Fido2ApiClient;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorAssertionResponse;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialDescriptor;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialRequestOptions;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.google.android.gms.tasks.Task;
import java.util.Collections;
import java.util.List;
import org.forgerock.android.auth.FRListener;
import org.forgerock.android.auth.Listener;
import org.forgerock.android.auth.WebAuthnDataRepository;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class WebAuthnAuthentication extends WebAuthn {
    protected final List<PublicKeyCredentialDescriptor> allowCredentials;
    protected final byte[] challenge;
    protected final String relayingPartyId;
    protected final Double timeout;
    protected final String userVerification;

    public WebAuthnAuthentication(JSONObject jSONObject) throws JSONException {
        this.challenge = Base64.decode(jSONObject.getString("challenge"), 2);
        this.relayingPartyId = getRelyingPartyId(jSONObject);
        this.timeout = Double.valueOf(Double.parseDouble(jSONObject.optString(WebAuthn.TIMEOUT, WebAuthn.TIMEOUT_DEFAULT)) / 1000.0d);
        this.allowCredentials = getAllowCredentials(jSONObject);
        this.userVerification = jSONObject.optString(WebAuthn.USER_VERIFICATION, null);
    }

    public void authenticate(final Context context, final FragmentManager fragmentManager, WebAuthnKeySelector webAuthnKeySelector, final WebAuthnListener webAuthnListener) {
        if (!this.allowCredentials.isEmpty()) {
            authenticate(context, fragmentManager, webAuthnListener, this.allowCredentials, null);
            return;
        }
        List<PublicKeyCredentialSource> publicKeyCredentialSource = getPublicKeyCredentialSource(context);
        if (publicKeyCredentialSource.isEmpty()) {
            authenticate(context, fragmentManager, webAuthnListener, this.allowCredentials, null);
            return;
        }
        if (publicKeyCredentialSource.size() == 1) {
            authenticate(context, fragmentManager, webAuthnListener, Collections.singletonList(publicKeyCredentialSource.get(0).toDescriptor()), publicKeyCredentialSource.get(0).getUserHandle());
            return;
        }
        FRListener<PublicKeyCredentialSource> fRListener = new FRListener<PublicKeyCredentialSource>() { // from class: org.forgerock.android.auth.webauthn.WebAuthnAuthentication.1
            @Override // org.forgerock.android.auth.FRListener
            public void onException(Exception exc) {
                Listener.onException(webAuthnListener, exc);
            }

            @Override // org.forgerock.android.auth.FRListener
            public void onSuccess(PublicKeyCredentialSource publicKeyCredentialSource2) {
                WebAuthnAuthentication.this.authenticate(context, fragmentManager, webAuthnListener, Collections.singletonList(publicKeyCredentialSource2.toDescriptor()), publicKeyCredentialSource2.getUserHandle());
            }
        };
        if (webAuthnKeySelector == null) {
            webAuthnKeySelector = WebAuthnKeySelector.DEFAULT;
        }
        webAuthnKeySelector.select(fragmentManager, publicKeyCredentialSource, fRListener);
    }

    protected void authenticate(Context context, final FragmentManager fragmentManager, final WebAuthnListener webAuthnListener, List<PublicKeyCredentialDescriptor> list, final byte[] bArr) {
        getSignPendingIntent(Fido.getFido2ApiClient(context), new PublicKeyCredentialRequestOptions.Builder().setRpId(this.relayingPartyId).setChallenge(this.challenge).setAllowList(list).setTimeoutSeconds(this.timeout).build()).addOnSuccessListener(new OnSuccessListener() { // from class: org.forgerock.android.auth.webauthn.WebAuthnAuthentication$$ExternalSyntheticLambda0
            @Override // com.google.android.gms.tasks.OnSuccessListener
            public final void onSuccess(Object obj) {
                WebAuthnAuthentication.this.m1912x32ff756e(fragmentManager, bArr, webAuthnListener, (PendingIntent) obj);
            }
        }).addOnFailureListener(new OnFailureListener() { // from class: org.forgerock.android.auth.webauthn.WebAuthnAuthentication$$ExternalSyntheticLambda1
            @Override // com.google.android.gms.tasks.OnFailureListener
            public final void onFailure(Exception exc) {
                WebAuthnAuthentication.this.m1913x390340cd(webAuthnListener, exc);
            }
        });
    }

    protected List<PublicKeyCredentialDescriptor> getAllowCredentials(JSONObject jSONObject) throws JSONException {
        JSONArray jSONArray = new JSONArray();
        if (jSONObject.has(WebAuthn._ALLOW_CREDENTIALS)) {
            jSONArray = jSONObject.getJSONArray(WebAuthn._ALLOW_CREDENTIALS);
        } else if (jSONObject.has(WebAuthn.ALLOW_CREDENTIALS)) {
            String replaceAll = jSONObject.getString(WebAuthn.ALLOW_CREDENTIALS).replaceAll("(allowCredentials: |new Int8Array\\(|\\).buffer )", "");
            if (replaceAll.trim().length() > 0) {
                jSONArray = new JSONArray(replaceAll);
            }
        }
        return getCredentials(jSONArray);
    }

    protected List<PublicKeyCredentialSource> getPublicKeyCredentialSource(Context context) {
        return WebAuthnDataRepository.builder().context(context).build().getPublicKeyCredentialSource(this.relayingPartyId);
    }

    protected Task<PendingIntent> getSignPendingIntent(Fido2ApiClient fido2ApiClient, PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions) {
        return fido2ApiClient.getSignPendingIntent(publicKeyCredentialRequestOptions);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$authenticate$0$org-forgerock-android-auth-webauthn-WebAuthnAuthentication, reason: not valid java name */
    public /* synthetic */ void m1912x32ff756e(FragmentManager fragmentManager, final byte[] bArr, final WebAuthnListener webAuthnListener, PendingIntent pendingIntent) {
        WebAuthnHeadlessAuthenticateFragment.init(fragmentManager, pendingIntent).setListener(new FRListener<AuthenticatorAssertionResponse>() { // from class: org.forgerock.android.auth.webauthn.WebAuthnAuthentication.2
            @Override // org.forgerock.android.auth.FRListener
            public void onException(Exception exc) {
                WebAuthnAuthentication.this.onWebAuthnException(webAuthnListener, exc);
            }

            @Override // org.forgerock.android.auth.FRListener
            public void onSuccess(AuthenticatorAssertionResponse authenticatorAssertionResponse) {
                StringBuilder sb = new StringBuilder();
                sb.append(new String(authenticatorAssertionResponse.getClientDataJSON()));
                sb.append("::");
                sb.append(WebAuthnAuthentication.this.format(authenticatorAssertionResponse.getAuthenticatorData()));
                sb.append("::");
                sb.append(WebAuthnAuthentication.this.format(authenticatorAssertionResponse.getSignature()));
                sb.append("::");
                sb.append(Base64.encodeToString(authenticatorAssertionResponse.getKeyHandle(), 11));
                if (bArr != null) {
                    sb.append("::");
                    sb.append(Base64.encodeToString(bArr, 10));
                } else if (authenticatorAssertionResponse.getUserHandle() != null) {
                    sb.append("::");
                    sb.append(Base64.encodeToString(authenticatorAssertionResponse.getUserHandle(), 10));
                }
                Listener.onSuccess(webAuthnListener, sb.toString());
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$authenticate$1$org-forgerock-android-auth-webauthn-WebAuthnAuthentication, reason: not valid java name */
    public /* synthetic */ void m1913x390340cd(WebAuthnListener webAuthnListener, Exception exc) {
        onWebAuthnException(webAuthnListener, exc);
    }
}
