package net.shibboleth.idp.plugin.authn.webauthn.impl;

import com.yubico.webauthn.data.AuthenticatorAttestationResponse;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions;
import com.yubico.webauthn.data.UserIdentity;
import com.yubico.webauthn.data.UserVerificationRequirement;
import java.util.Optional;
import net.shibboleth.idp.plugin.authn.webauthn.client.impl.MockWebAuthnClient;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnAuthenticationContext;
import net.shibboleth.idp.plugin.authn.webauthn.storage.impl.MockAuthenticator;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.DecodingException;
import org.springframework.webflow.execution.Event;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/impl/ValidateWebAuthnAssertionTest.class */
public class ValidateWebAuthnAssertionTest extends AbstractWebAuthnTest {
    private ValidateWebAuthnAssertion action;
    private WebAuthnAuthenticationContext context;
    private PublicKeyCredentialRequestOptions credentialRequestOptions;
    private UserIdentity userIdentity;
    private PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> attestation;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // net.shibboleth.idp.plugin.authn.webauthn.impl.AbstractWebAuthnTest
    @BeforeMethod
    public void setup() throws Exception {
        super.setup();
        this.context = addWebAuthnAuthenticationContext();
        this.mockAuthenticator = new MockAuthenticator("idp.example.com");
        this.action = new ValidateWebAuthnAssertion();
        this.action.setWebAuthnClient(new MockWebAuthnClient(this.rp, true, true));
        this.action.setCredentialRepository(this.credentialRepo);
        this.attestation = this.mockAuthenticator.createAuthenticatorAttestationResponse("dGhpc2lzBaNoYWxsZW5nZQ==", createClientData("webauthn.create", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ=="), Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="));
        this.credentialRequestOptions = PublicKeyCredentialRequestOptions.builder().challenge(new ByteArray(Base64Support.decode("dGhpc2lzBaNoYWxsZW5nZQ=="))).rpId(this.rp.getIdentity().getId()).userVerification(UserVerificationRequirement.REQUIRED).timeout(Optional.of(60000L)).build();
        this.context.setPublicKeyCredentialRequestOptions(this.credentialRequestOptions);
    }

    @Test
    public void testValidAssertion() throws DecodingException, Exception {
        this.context.setUsername("test-user");
        this.context.setUserId(Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="));
        this.action.initialize();
        this.context.setAuthenticatorAssertionResponse(this.mockAuthenticator.createAuthenticatorAssertionResponse(this.attestation.getId().getBytes(), createClientData("webauthn.get", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ==")));
        Assert.assertNull(this.action.execute(this.src));
    }

    @Test
    public void testInValidAssertion_NotSuccessful() throws DecodingException, Exception {
        this.action.setWebAuthnClient(new MockWebAuthnClient(this.rp, false, true));
        this.context.setUsername("test-user");
        this.context.setUserId(Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="));
        this.action.initialize();
        this.context.setAuthenticatorAssertionResponse(this.mockAuthenticator.createAuthenticatorAssertionResponse(this.attestation.getId().getBytes(), createClientData("webauthn.get", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ==")));
        Event execute = this.action.execute(this.src);
        Assert.assertNotNull(execute);
        if (!$assertionsDisabled && execute == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(execute.getId(), "InvalidCredentials");
    }

    static {
        $assertionsDisabled = !ValidateWebAuthnAssertionTest.class.desiredAssertionStatus();
    }
}
