package net.shibboleth.idp.plugin.authn.webauthn.admin.impl;

import com.yubico.webauthn.data.AuthenticatorAttestationResponse;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.webauthn.admin.RegistrationResult;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnRegistrationContext;
import net.shibboleth.idp.plugin.authn.webauthn.exception.RegistrationFailureException;
import net.shibboleth.shared.annotation.constraint.NonnullBeforeExec;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/admin/impl/ValidateAuthenticatorAttestationResponse.class */
public class ValidateAuthenticatorAttestationResponse extends AbstractWebAuthnRegistrationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ValidateAuthenticatorAttestationResponse.class);

    @NonnullBeforeExec
    private PublicKeyCredentialCreationOptions pkCredCreationOptions;

    @NonnullBeforeExec
    private PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> attestation;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.plugin.authn.webauthn.admin.impl.AbstractWebAuthnRegistrationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull WebAuthnRegistrationContext webAuthnRegistrationContext) {
        if (!super.doPreExecute(profileRequestContext, webAuthnRegistrationContext)) {
            return false;
        }
        this.attestation = webAuthnRegistrationContext.getAuthenticatorAttestationResponse();
        if (this.attestation == null) {
            this.log.error("{} Authenticator attestation response was null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
            return false;
        }
        this.pkCredCreationOptions = webAuthnRegistrationContext.getPublicKeyCredentialCreationOptions();
        if (this.pkCredCreationOptions != null) {
            return true;
        }
        this.log.error("{} Public key credential creation options was null", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
        return false;
    }

    @Override // net.shibboleth.idp.plugin.authn.webauthn.admin.impl.AbstractWebAuthnRegistrationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull WebAuthnRegistrationContext webAuthnRegistrationContext) {
        try {
            RegistrationResult validateAuthenticatorAttestationResponse = getWebAuthnClient().validateAuthenticatorAttestationResponse(this.pkCredCreationOptions, this.attestation);
            ByteArray aaguid = validateAuthenticatorAttestationResponse.getAaguid();
            String hex = aaguid != null ? aaguid.getHex() : "unknown";
            Logger logger = this.log;
            Object[] objArr = new Object[3];
            objArr[0] = getLogPrefix();
            objArr[1] = hex;
            objArr[2] = validateAuthenticatorAttestationResponse.isAttestationTrusted() ? "Yes" : "No";
            logger.debug("{} Was attestation for authenticator '{}' trusted? {}", objArr);
            webAuthnRegistrationContext.setRegistrationResult(validateAuthenticatorAttestationResponse);
            this.log.info("{} Public Key Registration was valid", getLogPrefix());
        } catch (RegistrationFailureException e) {
            this.log.warn("{} Public key registration failed", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
        }
    }
}
