package org.forgerock.android.auth.webauthn;

import android.app.PendingIntent;
import android.content.Context;
import android.util.Base64;
import androidx.fragment.app.FragmentManager;
import com.google.android.gms.fido.Fido;
import com.google.android.gms.fido.fido2.Fido2ApiClient;
import com.google.android.gms.fido.fido2.api.common.Attachment;
import com.google.android.gms.fido.fido2.api.common.AttestationConveyancePreference;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorAttestationResponse;
import com.google.android.gms.fido.fido2.api.common.AuthenticatorSelectionCriteria;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialCreationOptions;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialDescriptor;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialParameters;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialRpEntity;
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialUserEntity;
import com.google.android.gms.tasks.OnFailureListener;
import com.google.android.gms.tasks.OnSuccessListener;
import com.google.android.gms.tasks.Task;
import java.util.ArrayList;
import java.util.List;
import org.forgerock.android.auth.FRListener;
import org.forgerock.android.auth.Listener;
import org.forgerock.android.auth.WebAuthnDataRepository;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class WebAuthnRegistration extends WebAuthn {
    protected final AttestationConveyancePreference attestationPreference;
    protected final AuthenticatorSelectionCriteria authenticatorSelection;
    protected final byte[] challenge;
    protected final String displayName;
    protected final List<PublicKeyCredentialDescriptor> excludeCredentials;
    protected final List<PublicKeyCredentialParameters> pubKeyCredParams;
    protected final String relyingPartyId;
    protected final String relyingPartyName;
    protected final boolean requireResidentKey;
    protected final Double timeout;
    protected final String userId;
    protected final String userName;

    public WebAuthnRegistration(JSONObject jSONObject) throws JSONException, UnsupportedOperationException {
        try {
            this.challenge = Base64.decode(jSONObject.getString("challenge"), 2);
            this.attestationPreference = AttestationConveyancePreference.fromString(jSONObject.optString(WebAuthn.ATTESTATION_PREFERENCE, "none"));
            this.userName = jSONObject.optString(WebAuthn.USER_NAME);
            this.userId = jSONObject.optString(WebAuthn.USER_ID);
            this.relyingPartyName = jSONObject.optString(WebAuthn.RELYING_PARTY_NAME);
            this.authenticatorSelection = getAuthenticatorSelectionCriteria(jSONObject);
            this.requireResidentKey = isRequireResidentKey(jSONObject);
            this.pubKeyCredParams = getPublicKeyCredentialParameters(jSONObject);
            this.timeout = Double.valueOf(Double.parseDouble(jSONObject.optString(WebAuthn.TIMEOUT, WebAuthn.TIMEOUT_DEFAULT)) / 1000.0d);
            this.excludeCredentials = getExcludeCredentials(jSONObject);
            this.displayName = jSONObject.optString(WebAuthn.DISPLAY_NAME);
            this.relyingPartyId = getRelyingPartyId(jSONObject);
        } catch (AttestationConveyancePreference.UnsupportedAttestationConveyancePreferenceException e) {
            throw new UnsupportedOperationException(e);
        }
    }

    protected AuthenticatorSelectionCriteria getAuthenticatorSelectionCriteria(JSONObject jSONObject) throws JSONException {
        JSONObject jSONObject2 = jSONObject.has(WebAuthn._AUTHENTICATOR_SELECTION) ? jSONObject.getJSONObject(WebAuthn._AUTHENTICATOR_SELECTION) : new JSONObject(jSONObject.getString(WebAuthn.AUTHENTICATOR_SELECTION));
        if (!jSONObject2.has(WebAuthn.AUTHENTICATOR_ATTACHMENT)) {
            return new AuthenticatorSelectionCriteria.Builder().setAttachment(Attachment.PLATFORM).build();
        }
        try {
            Attachment fromString = Attachment.fromString(jSONObject2.getString(WebAuthn.AUTHENTICATOR_ATTACHMENT));
            if (fromString != Attachment.CROSS_PLATFORM) {
                return new AuthenticatorSelectionCriteria.Builder().setAttachment(fromString).build();
            }
            throw new UnsupportedOperationException("Cross Platform attachment is not supported");
        } catch (Attachment.UnsupportedAttachmentException e) {
            throw new UnsupportedOperationException(e);
        }
    }

    protected List<PublicKeyCredentialDescriptor> getExcludeCredentials(JSONObject jSONObject) throws JSONException {
        JSONArray jSONArray;
        if (jSONObject.has(WebAuthn._EXCLUDE_CREDENTIALS)) {
            jSONArray = jSONObject.getJSONArray(WebAuthn._EXCLUDE_CREDENTIALS);
        } else {
            jSONArray = new JSONArray(("[" + jSONObject.optString(WebAuthn.EXCLUDE_CREDENTIALS, "") + "]").replaceAll("(new Int8Array\\(|\\).buffer )", ""));
        }
        return getCredentials(jSONArray);
    }

    protected List<PublicKeyCredentialParameters> getPublicKeyCredentialParameters(JSONObject jSONObject) throws JSONException {
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray = jSONObject.has(WebAuthn._PUB_KEY_CRED_PARAMS) ? jSONObject.getJSONArray(WebAuthn._PUB_KEY_CRED_PARAMS) : new JSONArray(jSONObject.getString(WebAuthn.PUB_KEY_CRED_PARAMS));
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            arrayList.add(new PublicKeyCredentialParameters(jSONObject2.getString("type"), jSONObject2.getInt(WebAuthn.ALG)));
        }
        return arrayList;
    }

    protected Task<PendingIntent> getRegisterPendingIntent(Fido2ApiClient fido2ApiClient, PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions) {
        return fido2ApiClient.getRegisterPendingIntent(publicKeyCredentialCreationOptions);
    }

    protected boolean isRequireResidentKey(JSONObject jSONObject) throws JSONException {
        JSONObject jSONObject2 = jSONObject.has(WebAuthn._AUTHENTICATOR_SELECTION) ? jSONObject.getJSONObject(WebAuthn._AUTHENTICATOR_SELECTION) : new JSONObject(jSONObject.getString(WebAuthn.AUTHENTICATOR_SELECTION));
        if (jSONObject2.has(WebAuthn.REQUIRE_RESIDENT_KEY)) {
            return jSONObject2.getBoolean(WebAuthn.REQUIRE_RESIDENT_KEY);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$register$0$org-forgerock-android-auth-webauthn-WebAuthnRegistration, reason: not valid java name */
    public /* synthetic */ void m1914x43448a21(FragmentManager fragmentManager, final Context context, final WebAuthnListener webAuthnListener, PendingIntent pendingIntent) {
        WebAuthnHeadlessRegistrationFragment.init(fragmentManager, pendingIntent).setListener(new FRListener<AuthenticatorAttestationResponse>() { // from class: org.forgerock.android.auth.webauthn.WebAuthnRegistration.1
            @Override // org.forgerock.android.auth.FRListener
            public void onException(Exception exc) {
                WebAuthnRegistration.this.onWebAuthnException(webAuthnListener, exc);
            }

            @Override // org.forgerock.android.auth.FRListener
            public void onSuccess(AuthenticatorAttestationResponse authenticatorAttestationResponse) {
                if (WebAuthnRegistration.this.requireResidentKey) {
                    WebAuthnRegistration.this.persist(context, PublicKeyCredentialSource.builder().id(authenticatorAttestationResponse.getKeyHandle()).rpid(WebAuthnRegistration.this.relyingPartyId).userHandle(Base64.decode(WebAuthnRegistration.this.userId, 10)).otherUI(WebAuthnRegistration.this.displayName).build());
                }
                Listener.onSuccess(webAuthnListener, new String(authenticatorAttestationResponse.getClientDataJSON()) + "::" + WebAuthnRegistration.this.format(authenticatorAttestationResponse.getAttestationObject()) + "::" + Base64.encodeToString(authenticatorAttestationResponse.getKeyHandle(), 11));
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$register$1$org-forgerock-android-auth-webauthn-WebAuthnRegistration, reason: not valid java name */
    public /* synthetic */ void m1915xd031a140(WebAuthnListener webAuthnListener, Exception exc) {
        onWebAuthnException(webAuthnListener, exc);
    }

    protected void persist(Context context, PublicKeyCredentialSource publicKeyCredentialSource) {
        WebAuthnDataRepository.builder().context(context).build().persist(publicKeyCredentialSource);
    }

    public void register(final Context context, final FragmentManager fragmentManager, final WebAuthnListener webAuthnListener) {
        getRegisterPendingIntent(Fido.getFido2ApiClient(context), new PublicKeyCredentialCreationOptions.Builder().setRp(new PublicKeyCredentialRpEntity(this.relyingPartyId, this.relyingPartyName, null)).setAttestationConveyancePreference(this.attestationPreference).setUser(new PublicKeyCredentialUserEntity(this.userId.getBytes(), this.userName, null, this.displayName)).setChallenge(this.challenge).setTimeoutSeconds(this.timeout).setAuthenticatorSelection(this.authenticatorSelection).setExcludeList(this.excludeCredentials).setParameters(this.pubKeyCredParams).build()).addOnSuccessListener(new OnSuccessListener() { // from class: org.forgerock.android.auth.webauthn.WebAuthnRegistration$$ExternalSyntheticLambda0
            @Override // com.google.android.gms.tasks.OnSuccessListener
            public final void onSuccess(Object obj) {
                WebAuthnRegistration.this.m1914x43448a21(fragmentManager, context, webAuthnListener, (PendingIntent) obj);
            }
        }).addOnFailureListener(new OnFailureListener() { // from class: org.forgerock.android.auth.webauthn.WebAuthnRegistration$$ExternalSyntheticLambda1
            @Override // com.google.android.gms.tasks.OnFailureListener
            public final void onFailure(Exception exc) {
                WebAuthnRegistration.this.m1915xd031a140(webAuthnListener, exc);
            }
        });
    }
}
