package net.shibboleth.idp.plugin.authn.webauthn.impl;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.authn.webauthn.context.BaseWebAuthnContext;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/impl/GenerateServerChallenge.class */
public class GenerateServerChallenge extends AbstractWebAuthnBaseAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(GenerateServerChallenge.class);

    @Nonnull
    private Function<ProfileRequestContext, byte[]> challengeGeneratorStrategy = new DefaultChallengeGenerator();

    /* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/impl/GenerateServerChallenge$DefaultChallengeGenerator.class */
    private static final class DefaultChallengeGenerator implements Function<ProfileRequestContext, byte[]> {

        @Nonnull
        private final Logger log = LoggerFactory.getLogger(DefaultChallengeGenerator.class);

        private DefaultChallengeGenerator() {
        }

        @Override // java.util.function.Function
        @Nullable
        public byte[] apply(@Nullable ProfileRequestContext profileRequestContext) {
            try {
                byte[] bArr = new byte[32];
                SecureRandom.getInstanceStrong().nextBytes(bArr);
                return bArr;
            } catch (NoSuchAlgorithmException e) {
                this.log.error("Unable to generate challenge", e);
                return null;
            }
        }
    }

    public void setChallengeGeneratorStrategy(@Nonnull Function<ProfileRequestContext, byte[]> function) {
        checkSetterPreconditions();
        this.challengeGeneratorStrategy = (Function) Constraint.isNotNull(function, "Challenge Generator cannot be null");
    }

    @Override // net.shibboleth.idp.plugin.authn.webauthn.impl.AbstractWebAuthnBaseAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull BaseWebAuthnContext baseWebAuthnContext) {
        byte[] apply = this.challengeGeneratorStrategy.apply(profileRequestContext);
        if (apply == null) {
            this.log.trace("{} Generated challenge was null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidProfileContext");
        } else {
            this.log.trace("{} Generated server challenge {}", getLogPrefix(), apply);
            baseWebAuthnContext.setServerChallenge(apply);
        }
    }
}
