package net.shibboleth.idp.plugin.authn.webauthn.impl;

import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions;
import com.yubico.webauthn.data.UserVerificationRequirement;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.webauthn.authn.CredentialRequestOptionsParameters;
import net.shibboleth.idp.plugin.authn.webauthn.client.WebAuthnAuthenticationClient;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnAuthenticationContext;
import net.shibboleth.idp.plugin.authn.webauthn.exception.WebAuthnAuthenticationClientException;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.NonnullSupplier;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/impl/CreatePublicKeyCredentialRequestOptions.class */
public class CreatePublicKeyCredentialRequestOptions extends AbstractWebAuthnAuthenticationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(CreatePublicKeyCredentialRequestOptions.class);
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // net.shibboleth.idp.plugin.authn.webauthn.impl.AbstractWebAuthnAuthenticationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nonnull WebAuthnAuthenticationContext webAuthnAuthenticationContext) {
        WebAuthnAuthenticationClient webAuthnClient = getWebAuthnClient();
        byte[] serverChallenge = webAuthnAuthenticationContext.getServerChallenge();
        if (serverChallenge == null) {
            this.log.error("{} WebAuthn challenge is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "AuthenticationException");
            return;
        }
        UserVerificationRequirement userVerificationRequirement = webAuthnAuthenticationContext.getUserVerificationRequirement();
        if (userVerificationRequirement == null) {
            this.log.error("{} User verification requirement is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "AuthenticationException");
            return;
        }
        try {
            CredentialRequestOptionsParameters build = CredentialRequestOptionsParameters.builder().withUserVerificationRequirement(userVerificationRequirement).withChallenge(serverChallenge).withAllowCredentials((List) ((NonnullSupplier) webAuthnAuthenticationContext.getExistingCredentials().stream().map(credentialRegistration -> {
                return credentialRegistration.toPublicKeyCredentialDescriptor();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(CollectionSupport.nonnullCollector(Collectors.toUnmodifiableList()))).get()).build();
            if (!$assertionsDisabled && build == null) {
                throw new AssertionError();
            }
            PublicKeyCredentialRequestOptions createAuthenticationRequest = webAuthnClient.createAuthenticationRequest(build);
            webAuthnAuthenticationContext.setPublicKeyCredentialRequestOptions(createAuthenticationRequest);
            this.log.debug("{} Created PublicKeyCredentialRequestOptions: '{}'", getLogPrefix(), createAuthenticationRequest);
        } catch (WebAuthnAuthenticationClientException e) {
            this.log.error("{} Unable to generate PublicKeyCredentialRequestOptions", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "AuthenticationException");
        }
    }

    static {
        $assertionsDisabled = !CreatePublicKeyCredentialRequestOptions.class.desiredAssertionStatus();
    }
}
