package net.shibboleth.idp.plugin.authn.webauthn.admin.impl;

import com.yubico.fido.metadata.AAGUID;
import com.yubico.fido.metadata.FidoMetadataService;
import com.yubico.fido.metadata.MetadataBLOBPayloadEntry;
import com.yubico.webauthn.RegisteredCredential;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.UserIdentity;
import java.time.Instant;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.webauthn.admin.RegistrationResult;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnRegistrationContext;
import net.shibboleth.idp.plugin.authn.webauthn.storage.CredentialRegistration;
import net.shibboleth.shared.annotation.constraint.NonnullElements;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/admin/impl/StorePublicKeyCredential.class */
public class StorePublicKeyCredential extends AbstractWebAuthnRegistrationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(StorePublicKeyCredential.class);
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // net.shibboleth.idp.plugin.authn.webauthn.admin.impl.AbstractWebAuthnRegistrationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull WebAuthnRegistrationContext webAuthnRegistrationContext) {
        String str;
        String username = webAuthnRegistrationContext.getUsername();
        if (username == null) {
            this.log.error("Unable to find username in registration context");
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
            return;
        }
        String displayName = webAuthnRegistrationContext.getDisplayName();
        if (displayName == null) {
            this.log.error("Unable to find displayName in registration context");
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
            return;
        }
        RegistrationResult registrationResult = webAuthnRegistrationContext.getRegistrationResult();
        if (registrationResult == null) {
            this.log.error("Unable to find registration result in registration context");
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
            return;
        }
        byte[] userId = webAuthnRegistrationContext.getUserId();
        try {
            RegisteredCredential build = RegisteredCredential.builder().credentialId(registrationResult.getKeyId().getId()).userHandle(new ByteArray(webAuthnRegistrationContext.getUserId())).publicKeyCose(registrationResult.getPublicKeyCose()).build();
            UserIdentity build2 = UserIdentity.builder().name(username).displayName(displayName).id(new ByteArray(webAuthnRegistrationContext.getUserId())).build();
            if (!$assertionsDisabled && build2 == null) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && build == null) {
                throw new AssertionError();
            }
            Instant now = Instant.now();
            if (!$assertionsDisabled && now == null) {
                throw new AssertionError();
            }
            getCredentialRepository().addRegistrationByUsername(username, CredentialRegistration.builder().withUserIdentity(build2).withTransports((SortedSet) registrationResult.getKeyId().getTransports().orElse(new TreeSet())).withRegistrationTime(now).withCredential(build).withAttestationMetadata(getAttestationMetadata(registrationResult.getAaguid())).withCredentialNickname(webAuthnRegistrationContext.getCredentialNickname()).withDiscoverable(registrationResult.isDiscoverable()).withUserVerified(registrationResult.isUserVerified()).build());
            if (this.log.isInfoEnabled()) {
                try {
                    str = webAuthnRegistrationContext.getUserId() != null ? Base64Support.encodeURLSafe(userId) : null;
                } catch (EncodingException e) {
                    str = "null";
                }
                Logger logger = this.log;
                Object[] objArr = new Object[6];
                objArr[0] = getLogPrefix();
                objArr[1] = username;
                objArr[2] = str;
                objArr[3] = registrationResult.getKeyId().getId().getBase64Url();
                objArr[4] = registrationResult.isDiscoverable().isPresent() ? registrationResult.isDiscoverable() : "unknown";
                objArr[5] = Boolean.valueOf(registrationResult.isUserVerified());
                logger.info("{} Added public key credential registration for user '{}' with user.id '{}' and key '{}'. Using a discoverable credential '{}' and user verification '{}'", objArr);
            }
        } catch (Exception e2) {
            this.log.error("{} Unable to store registration for key '{}'", new Object[]{getLogPrefix(), registrationResult.getKeyId().getId().getBase64Url(), e2});
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
        }
    }

    @Nonnull
    @NotLive
    @NonnullElements
    private Set<MetadataBLOBPayloadEntry> getAttestationMetadata(ByteArray byteArray) {
        Set findEntries;
        FidoMetadataService fidoMetadataService = getFidoMetadataService();
        if (fidoMetadataService != null && (findEntries = fidoMetadataService.findEntries(new AAGUID(byteArray))) != null) {
            return CollectionSupport.copyToSet(findEntries);
        }
        return CollectionSupport.emptySet();
    }

    static {
        $assertionsDisabled = !StorePublicKeyCredential.class.desiredAssertionStatus();
    }
}
