package net.shibboleth.idp.plugin.authn.webauthn.admin.impl;

import com.yubico.webauthn.data.ByteArray;
import java.util.Optional;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnRegistrationContext;
import net.shibboleth.shared.annotation.constraint.NonnullBeforeExec;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/admin/impl/AddUserId.class */
public class AddUserId extends AbstractWebAuthnRegistrationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AddUserId.class);

    @Nonnull
    private Function<ProfileRequestContext, byte[]> userIdGeneratorStrategy = new RandomUserIdGenerator();

    @NonnullBeforeExec
    private String username;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setUserIdGeneratorStrategy(@Nonnull Function<ProfileRequestContext, byte[]> function) {
        checkSetterPreconditions();
        this.userIdGeneratorStrategy = (Function) Constraint.isNotNull(function, "Challenge Generator cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.idp.plugin.authn.webauthn.admin.impl.AbstractWebAuthnRegistrationAction
    public boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull WebAuthnRegistrationContext webAuthnRegistrationContext) {
        if (!super.doPreExecute(profileRequestContext, webAuthnRegistrationContext)) {
            return false;
        }
        this.username = webAuthnRegistrationContext.getUsername();
        if (this.username != null) {
            return true;
        }
        this.log.error("{} Username not available in registration context", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
        return false;
    }

    @Override // net.shibboleth.idp.plugin.authn.webauthn.admin.impl.AbstractWebAuthnRegistrationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull WebAuthnRegistrationContext webAuthnRegistrationContext) {
        String str;
        Optional userHandleForUsername = getCredentialRepository().getUserHandleForUsername(this.username);
        if (userHandleForUsername.isPresent()) {
            byte[] bytes = ((ByteArray) userHandleForUsername.get()).getBytes();
            if (!$assertionsDisabled && bytes == null) {
                throw new AssertionError();
            }
            this.log.trace("{} Found user.id '{}'", getLogPrefix(), bytes);
            webAuthnRegistrationContext.setUserId(bytes);
            return;
        }
        byte[] apply = this.userIdGeneratorStrategy.apply(profileRequestContext);
        if (apply == null || apply.length == 0) {
            this.log.trace("{} Generated user.id was empty or null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
        } else {
            if (apply.length > 64) {
                this.log.warn("{}: User.id is larger than 64 bytes", getLogPrefix());
                ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
                return;
            }
            if (this.log.isTraceEnabled()) {
                try {
                    str = Base64Support.encodeURLSafe(apply);
                } catch (EncodingException e) {
                    str = null;
                }
                this.log.trace("{} Generated user.id '{}'", getLogPrefix(), str);
            }
            webAuthnRegistrationContext.setUserId(apply);
        }
    }

    static {
        $assertionsDisabled = !AddUserId.class.desiredAssertionStatus();
    }
}
