package net.shibboleth.idp.plugin.authn.webauthn.admin.impl;

import com.yubico.webauthn.data.PublicKeyCredential;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnRegistrationContext;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/admin/impl/ExtractAuthenticatorAttestationFromFormRequest.class */
public class ExtractAuthenticatorAttestationFromFormRequest extends AbstractWebAuthnRegistrationAction {

    @Nonnull
    @NotEmpty
    public static final String DEFAULT_ASSERTION_FIELD_NAME = "authenticatorAttestation";

    @Nonnull
    @NotEmpty
    public static final String DEFAULT_NICKNAME_FIELD_NAME = "credentialNickname";

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ExtractAuthenticatorAttestationFromFormRequest.class);

    @Nonnull
    @NotEmpty
    private String attestationParameterName = DEFAULT_ASSERTION_FIELD_NAME;

    @Nonnull
    @NotEmpty
    private String credentialNicknameParameterName = DEFAULT_NICKNAME_FIELD_NAME;

    public void setAttestationParameterName(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.attestationParameterName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Attestation parameter name cannot be null or empty");
    }

    public void setCredentialNicknameParameterName(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.credentialNicknameParameterName = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Nickname parameter can not be null or empty");
    }

    @Override // net.shibboleth.idp.plugin.authn.webauthn.admin.impl.AbstractWebAuthnRegistrationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull WebAuthnRegistrationContext webAuthnRegistrationContext) {
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            this.log.debug("{} Profile action does not contain an HttpServletRequest", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        String parameter = httpServletRequest.getParameter(this.attestationParameterName);
        if (StringSupport.trimOrNull(parameter) == null) {
            this.log.warn("{} No authenticator attestation response in request", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        this.log.trace("Public key credential authenticator attestation response in JSON is '{}'", parameter);
        String parameter2 = httpServletRequest.getParameter(this.credentialNicknameParameterName);
        this.log.trace("Public key credential nickname is '{}'", parameter2);
        if (StringSupport.trimOrNull(parameter2) == null) {
            this.log.warn("{} No nickname in request", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
            return;
        }
        try {
            webAuthnRegistrationContext.setAuthenticatorAttestationResponse(PublicKeyCredential.parseRegistrationResponseJson(parameter));
            webAuthnRegistrationContext.setCredentialNickname(parameter2);
        } catch (IOException e) {
            this.log.warn("{} Could not convert AuthenticatorAttestationResponse from request parameter", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistration");
        }
    }
}
