package com.yubico.webauthn;

import com.yubico.data.RegistrationRequest;
import com.yubico.data.U2fRegistrationResponse;
import com.yubico.internal.util.CertificateParser;
import com.yubico.internal.util.ExceptionUtil;
import com.yubico.internal.util.JacksonCodecs;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.exception.Base64UrlException;
import com.yubico.webauthn.extension.appid.AppId;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/yubico/webauthn/U2fVerifier.class */
public class U2fVerifier {
    private static final BouncyCastleCrypto crypto = new BouncyCastleCrypto();

    public static boolean verify(AppId appId, RegistrationRequest registrationRequest, U2fRegistrationResponse u2fRegistrationResponse) throws CertificateException, IOException, Base64UrlException {
        ByteArray hash = crypto.hash(appId.getId());
        ByteArray hash2 = crypto.hash(u2fRegistrationResponse.getCredential().getU2fResponse().getClientDataJSON());
        ExceptionUtil.assure(registrationRequest.getPublicKeyCredentialCreationOptions().getChallenge().equals(ByteArray.fromBase64Url(JacksonCodecs.json().readTree(u2fRegistrationResponse.getCredential().getU2fResponse().getClientDataJSON().getBytes()).get("challenge").textValue())), "Wrong challenge.", new Object[0]);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(u2fRegistrationResponse.getCredential().getU2fResponse().getAttestationCertAndSignature().getBytes());
        X509Certificate parseDer = CertificateParser.parseDer(byteArrayInputStream);
        byte[] bArr = new byte[byteArrayInputStream.available()];
        byteArrayInputStream.read(bArr);
        return new U2fRawRegisterResponse(u2fRegistrationResponse.getCredential().getU2fResponse().getPublicKey(), u2fRegistrationResponse.getCredential().getU2fResponse().getKeyHandle(), parseDer, new ByteArray(bArr)).verifySignature(hash, hash2);
    }
}
