package net.shibboleth.idp.plugin.authn.webauthn.admin.impl;

import com.yubico.webauthn.data.AttestationConveyancePreference;
import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions;
import com.yubico.webauthn.data.ResidentKeyRequirement;
import com.yubico.webauthn.data.UserVerificationRequirement;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.webauthn.admin.CredentialCreationOptionsParameters;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnRegistrationContext;
import net.shibboleth.idp.plugin.authn.webauthn.exception.WebAuthnAuthenticationClientException;
import net.shibboleth.shared.logic.ConstraintViolationException;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/admin/impl/CreatePublicKeyCredentialCreationOptions.class */
public class CreatePublicKeyCredentialCreationOptions extends AbstractWebAuthnRegistrationAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(CreatePublicKeyCredentialCreationOptions.class);
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // net.shibboleth.idp.plugin.authn.webauthn.admin.impl.AbstractWebAuthnRegistrationAction
    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull WebAuthnRegistrationContext webAuthnRegistrationContext) {
        byte[] serverChallenge = webAuthnRegistrationContext.getServerChallenge();
        if (serverChallenge == null) {
            this.log.error("{} WebAuthn challenge is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
            return;
        }
        ResidentKeyRequirement residentKeyRequirement = webAuthnRegistrationContext.getResidentKeyRequirement();
        if (residentKeyRequirement == null) {
            this.log.error("{} ResidentKeyRequirement is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
            return;
        }
        UserVerificationRequirement userVerificationRequirement = webAuthnRegistrationContext.getUserVerificationRequirement();
        if (userVerificationRequirement == null) {
            this.log.error("{} UserVerificationRequirement is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
            return;
        }
        String username = webAuthnRegistrationContext.getUsername();
        if (username == null) {
            this.log.error("{} user.name is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
            return;
        }
        String displayName = webAuthnRegistrationContext.getDisplayName();
        if (displayName == null) {
            this.log.error("{} user.displayName is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
            return;
        }
        byte[] userId = webAuthnRegistrationContext.getUserId();
        if (userId == null) {
            this.log.error("{} user.id is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
            return;
        }
        AttestationConveyancePreference attestationConveyancePreference = webAuthnRegistrationContext.getAttestationConveyancePreference();
        if (attestationConveyancePreference == null) {
            this.log.error("{} AttestationConveyancePreference is null", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "InvalidRegistrationContext");
            return;
        }
        try {
            Set set = (Set) webAuthnRegistrationContext.getExistingCredentials().stream().map(credentialRegistration -> {
                return credentialRegistration.toPublicKeyCredentialDescriptor();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toSet());
            if (!$assertionsDisabled && null == set) {
                throw new AssertionError();
            }
            CredentialCreationOptionsParameters build = CredentialCreationOptionsParameters.builder().withUserVerificationRequirement(userVerificationRequirement).withChallenge(serverChallenge).withExcludeCredentials(set).withUsername(username).withDisplayName(displayName).withResidentKeyRequirement(residentKeyRequirement).withUserId(userId).withAttestationConveyancePreference(attestationConveyancePreference).withAuthenticatorAttachment(webAuthnRegistrationContext.getAuthenticatorAttachmentRequirement()).withCredentialPropertiesExt(true).build();
            if (!$assertionsDisabled && build == null) {
                throw new AssertionError();
            }
            PublicKeyCredentialCreationOptions createRegistrationRequest = getWebAuthnClient().createRegistrationRequest(build);
            webAuthnRegistrationContext.setPublicKeyCredentialCreationOptions(createRegistrationRequest);
            this.log.debug("{} Created PublicKeyCredentialCreationOptions '{}'", getLogPrefix(), createRegistrationRequest);
        } catch (WebAuthnAuthenticationClientException | ConstraintViolationException e) {
            this.log.error("{} Unable to generate PublicKeyCredentialCreationOptions", getLogPrefix(), e);
            ActionSupport.buildEvent(profileRequestContext, "InputOutputError");
        }
    }

    static {
        $assertionsDisabled = !CreatePublicKeyCredentialCreationOptions.class.desiredAssertionStatus();
    }
}
