package net.shibboleth.idp.plugin.authn.webauthn.client.impl;

import com.google.common.base.Predicates;
import com.yubico.fido.metadata.FidoMetadataService;
import com.yubico.webauthn.CredentialRepository;
import com.yubico.webauthn.RelyingParty;
import com.yubico.webauthn.data.COSEAlgorithmIdentifier;
import com.yubico.webauthn.data.PublicKeyCredentialParameters;
import com.yubico.webauthn.data.RelyingPartyIdentity;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import net.shibboleth.idp.plugin.authn.webauthn.client.WebAuthnAuthenticationClient;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NonnullElements;
import net.shibboleth.shared.annotation.constraint.NotLive;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.AbstractInitializableComponent;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.NonnullSupplier;
import net.shibboleth.shared.primitive.StringSupport;
import org.slf4j.Logger;
import org.springframework.beans.factory.FactoryBean;

@ThreadSafe
/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/client/impl/YubicoWebauthnClientFactory.class */
public class YubicoWebauthnClientFactory extends AbstractInitializableComponent implements FactoryBean<WebAuthnAuthenticationClient> {

    @GuardedBy("this")
    @NonnullAfterInit
    private String relyingPartyId;

    @GuardedBy("this")
    @NonnullAfterInit
    private String relyingPartyName;

    @GuardedBy("this")
    @NonnullAfterInit
    private CredentialRepository credentialRepository;

    @GuardedBy("this")
    private boolean allowUntrustedAttestation;

    @GuardedBy("this")
    @Nullable
    private FidoMetadataService fidoMetadataService;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(YubicoWebauthnClientFactory.class);

    @GuardedBy("this")
    private boolean allowOriginPort = false;

    @GuardedBy("this")
    private boolean allowOriginSubdomain = false;

    @Nonnull
    @GuardedBy("this")
    @NonnullElements
    private Set<String> origins = CollectionSupport.emptySet();

    @Nonnull
    @GuardedBy("this")
    @NonnullElements
    private List<PublicKeyCredentialParameters> preferredPublickeyParams = CollectionSupport.listOf(new PublicKeyCredentialParameters[]{PublicKeyCredentialParameters.ES256, PublicKeyCredentialParameters.EdDSA, PublicKeyCredentialParameters.ES384, PublicKeyCredentialParameters.ES512, PublicKeyCredentialParameters.RS256, PublicKeyCredentialParameters.RS384, PublicKeyCredentialParameters.RS512});

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.relyingPartyId == null) {
            throw new ComponentInitializationException("relyingPartyId cannot be null");
        }
        if (this.relyingPartyName == null) {
            throw new ComponentInitializationException("relyingPartyName cannot be null");
        }
        if (this.credentialRepository == null) {
            throw new ComponentInitializationException("Credential repository cannot be null");
        }
    }

    /* renamed from: getObject, reason: merged with bridge method [inline-methods] */
    public WebAuthnAuthenticationClient m10getObject() throws Exception {
        checkComponentActive();
        RelyingParty.RelyingPartyBuilder validateSignatureCounter = RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(getRelyingPartyId()).name(getRelyingPartyName()).build()).credentialRepository(getCredentialRepository()).allowOriginPort(isAllowOriginPort()).allowOriginSubdomain(isAllowOriginSubdomain()).allowUntrustedAttestation(isAllowUntrustedAttestation()).validateSignatureCounter(this.allowOriginPort);
        FidoMetadataService fidoMetadataService = getFidoMetadataService();
        if (fidoMetadataService != null) {
            validateSignatureCounter.attestationTrustSource(fidoMetadataService);
        }
        Logger logger = this.log;
        Object[] objArr = new Object[5];
        objArr[0] = getRelyingPartyId();
        objArr[1] = fidoMetadataService != null ? "yes" : "no";
        objArr[2] = Boolean.valueOf(isAllowOriginPort());
        objArr[3] = Boolean.valueOf(isAllowOriginSubdomain());
        objArr[4] = Boolean.valueOf(isAllowUntrustedAttestation());
        logger.info("Built Yubico WebAuthn Client for RelyingParty '{}', using FIDO metadata '{}', allowOriginPort '{}', allowOriginSubdomain '{}', allowUntrustedMetadata '{}'", objArr);
        if (getOrigins().isEmpty()) {
            RelyingParty build = validateSignatureCounter.build();
            if ($assertionsDisabled || build != null) {
                return new YubicoWebAuthnAuthenticationClient(build, getPreferredPublickeyParams());
            }
            throw new AssertionError();
        }
        RelyingParty build2 = validateSignatureCounter.origins(getOrigins()).build();
        if ($assertionsDisabled || build2 != null) {
            return new YubicoWebAuthnAuthenticationClient(build2, getPreferredPublickeyParams());
        }
        throw new AssertionError();
    }

    public synchronized void setPreferredPublickeyParamsNative(@Nonnull @NonnullElements List<PublicKeyCredentialParameters> list) {
        checkSetterPreconditions();
        this.preferredPublickeyParams = (List) Constraint.isNotNull((List) ((NonnullSupplier) list.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(CollectionSupport.nonnullCollector(Collectors.toList()))).get(), "PreferredPublickeyParams can not be null");
    }

    public synchronized void setPreferredPublickeyParams(@Nonnull @NonnullElements List<String> list) {
        checkSetterPreconditions();
        this.preferredPublickeyParams = CollectionSupport.copyToList((Collection) ((NonnullSupplier) StringSupport.normalizeStringCollection(list).stream().map(str -> {
            boolean z = -1;
            switch (str.hashCode()) {
                case 81424:
                    if (str.equals("RS1")) {
                        z = 4;
                        break;
                    }
                    break;
                case 66245349:
                    if (str.equals("ES256")) {
                        z = true;
                        break;
                    }
                    break;
                case 66246401:
                    if (str.equals("ES384")) {
                        z = 2;
                        break;
                    }
                    break;
                case 66248104:
                    if (str.equals("ES512")) {
                        z = 3;
                        break;
                    }
                    break;
                case 66770035:
                    if (str.equals("EdDSA")) {
                        z = false;
                        break;
                    }
                    break;
                case 78251122:
                    if (str.equals("RS256")) {
                        z = 5;
                        break;
                    }
                    break;
                case 78252174:
                    if (str.equals("RS384")) {
                        z = 6;
                        break;
                    }
                    break;
                case 78253877:
                    if (str.equals("RS512")) {
                        z = 7;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.EdDSA).build();
                case true:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.ES256).build();
                case true:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.ES384).build();
                case true:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.ES512).build();
                case true:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.RS1).build();
                case true:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.RS256).build();
                case true:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.RS384).build();
                case true:
                    return PublicKeyCredentialParameters.builder().alg(COSEAlgorithmIdentifier.RS512).build();
                default:
                    return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(CollectionSupport.nonnullCollector(Collectors.toList()))).get());
    }

    @Nonnull
    @NonnullElements
    public synchronized List<PublicKeyCredentialParameters> getPreferredPublickeyParams() {
        return this.preferredPublickeyParams;
    }

    @Nonnull
    public synchronized CredentialRepository getCredentialRepository() {
        checkComponentActive();
        if ($assertionsDisabled || this.credentialRepository != null) {
            return this.credentialRepository;
        }
        throw new AssertionError();
    }

    @Nonnull
    @NotLive
    @NonnullElements
    public synchronized Set<String> getOrigins() {
        return this.origins;
    }

    public synchronized void setOrigins(@Nullable Set<String> set) {
        checkSetterPreconditions();
        if (set == null || set.isEmpty()) {
            return;
        }
        this.origins = (Set) ((NonnullSupplier) set.stream().map(StringSupport::trimOrNull).filter(Predicates.notNull()).collect(CollectionSupport.nonnullCollector(Collectors.toSet()))).get();
    }

    public synchronized void setCredentialRepository(@Nonnull CredentialRepository credentialRepository) {
        checkSetterPreconditions();
        this.credentialRepository = (CredentialRepository) Constraint.isNotNull(credentialRepository, "Credential respository can not be null");
    }

    public Class<?> getObjectType() {
        return WebAuthnAuthenticationClient.class;
    }

    public boolean isSingleton() {
        return true;
    }

    public synchronized void setRelyingPartyId(@Nonnull String str) {
        checkSetterPreconditions();
        this.relyingPartyId = (String) Constraint.isNotNull(str, "You must set a relying party ID");
    }

    @NonnullAfterInit
    private synchronized String getRelyingPartyId() {
        return this.relyingPartyId;
    }

    public synchronized void setRelyingPartyName(@Nonnull String str) {
        checkSetterPreconditions();
        this.relyingPartyName = (String) Constraint.isNotNull(str, "You must set a relying party name");
    }

    @NonnullAfterInit
    private synchronized String getRelyingPartyName() {
        checkComponentActive();
        return this.relyingPartyName;
    }

    private synchronized boolean isAllowOriginPort() {
        checkComponentActive();
        return this.allowOriginPort;
    }

    public synchronized void setAllowOriginPort(boolean z) {
        checkSetterPreconditions();
        this.allowOriginPort = z;
    }

    private synchronized boolean isAllowOriginSubdomain() {
        checkComponentActive();
        return this.allowOriginSubdomain;
    }

    public synchronized void setAllowOriginSubdomain(boolean z) {
        checkSetterPreconditions();
        this.allowOriginSubdomain = z;
    }

    public synchronized void setAllowUntrustedAttestation(boolean z) {
        checkSetterPreconditions();
        this.allowUntrustedAttestation = z;
    }

    private synchronized boolean isAllowUntrustedAttestation() {
        checkComponentActive();
        return this.allowUntrustedAttestation;
    }

    public synchronized void setFidoMetadataService(@Nullable FidoMetadataService fidoMetadataService) {
        checkSetterPreconditions();
        this.fidoMetadataService = fidoMetadataService;
    }

    @Nullable
    public synchronized FidoMetadataService getFidoMetadataService() {
        checkComponentActive();
        return this.fidoMetadataService;
    }

    static {
        $assertionsDisabled = !YubicoWebauthnClientFactory.class.desiredAssertionStatus();
    }
}
