package net.shibboleth.idp.plugin.authn.webauthn.impl;

import com.yubico.webauthn.RegisteredCredential;
import com.yubico.webauthn.data.AttestedCredentialData;
import com.yubico.webauthn.data.AuthenticatorAttestationResponse;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.UserIdentity;
import java.time.Instant;
import java.util.Optional;
import java.util.TreeSet;
import net.shibboleth.idp.plugin.authn.webauthn.storage.CredentialRegistration;
import net.shibboleth.idp.plugin.authn.webauthn.storage.impl.MockAuthenticator;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.collection.CollectionSupport;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/impl/LookupRegisteredCredentialsFromUserHandleTest.class */
public class LookupRegisteredCredentialsFromUserHandleTest extends AbstractWebAuthnTest {
    private LookupRegisteredCredentialsFromUserHandle lookup;
    private UserIdentity userIdentity;

    @Override // net.shibboleth.idp.plugin.authn.webauthn.impl.AbstractWebAuthnTest
    @BeforeMethod
    public void setup() throws Exception {
        super.setup();
        this.lookup = new LookupRegisteredCredentialsFromUserHandle();
        this.lookup.setWebAuthnClient(this.client);
        this.lookup.setCredentialRepository(this.credentialRepo);
        this.lookup.setTriggerEventOnNoCredentials(true);
        this.userIdentity = UserIdentity.builder().name("test-user").displayName("Test User").id(ByteArray.fromBase64("dGhpc2lzYWNoYWxsZW5nZQ==")).build();
    }

    @Test
    public void testUserHandleHasCredentials() throws Exception {
        this.lookup.initialize();
        this.mockAuthenticator = new MockAuthenticator("idp.example.com");
        PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> createAuthenticatorAttestationResponse = this.mockAuthenticator.createAuthenticatorAttestationResponse("dGhpc2lzBaNoYWxsZW5nZQ==", createClientData("webauthn.create", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ=="), Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="));
        this.credentialRepo.addRegistrationByUsername("test-user", CredentialRegistration.builder().withUserIdentity(this.userIdentity).withTransports(new TreeSet()).withRegistrationTime(Instant.now()).withCredential(RegisteredCredential.builder().credentialId(createAuthenticatorAttestationResponse.getId()).userHandle(new ByteArray(Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="))).publicKeyCose(((AttestedCredentialData) createAuthenticatorAttestationResponse.getResponse().getParsedAuthenticatorData().getAttestedCredentialData().get()).getCredentialPublicKey()).build()).withAttestationMetadata(CollectionSupport.emptySet()).withCredentialNickname("Nickname").withDiscoverable(Optional.of(Boolean.TRUE)).withUserVerified(true).build());
        this.webAuthnContext.setAuthenticatorAssertionResponse(this.mockAuthenticator.createAuthenticatorAssertionResponse(createAuthenticatorAttestationResponse.getId().getBytes(), createClientData("webauthn.get", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ==")));
        Assert.assertNull(this.lookup.execute(this.src));
    }

    @Test
    public void testUserHandleHasCredentials_UsernameInContextIsDifferent() throws Exception {
        this.webAuthnContext.setUsername("username-collected");
        this.lookup.initialize();
        this.mockAuthenticator = new MockAuthenticator("idp.example.com");
        PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> createAuthenticatorAttestationResponse = this.mockAuthenticator.createAuthenticatorAttestationResponse("dGhpc2lzBaNoYWxsZW5nZQ==", createClientData("webauthn.create", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ=="), Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="));
        this.credentialRepo.addRegistrationByUsername("test-user", CredentialRegistration.builder().withUserIdentity(this.userIdentity).withTransports(new TreeSet()).withRegistrationTime(Instant.now()).withCredential(RegisteredCredential.builder().credentialId(createAuthenticatorAttestationResponse.getId()).userHandle(new ByteArray(Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="))).publicKeyCose(((AttestedCredentialData) createAuthenticatorAttestationResponse.getResponse().getParsedAuthenticatorData().getAttestedCredentialData().get()).getCredentialPublicKey()).build()).withAttestationMetadata(CollectionSupport.emptySet()).withCredentialNickname("Nickname").withDiscoverable(Optional.of(Boolean.TRUE)).withUserVerified(true).build());
        this.webAuthnContext.setAuthenticatorAssertionResponse(this.mockAuthenticator.createAuthenticatorAssertionResponse(createAuthenticatorAttestationResponse.getId().getBytes(), createClientData("webauthn.get", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ==")));
        Assert.assertEquals(this.lookup.execute(this.src).getId(), "NoCredentials");
    }

    @Test
    public void testUserHandleHasNoCredentials() throws Exception {
        this.lookup.initialize();
        this.mockAuthenticator = new MockAuthenticator("idp.example.com");
        PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> createAuthenticatorAttestationResponse = this.mockAuthenticator.createAuthenticatorAttestationResponse("dGhpc2lzBaNoYWxsZW5nZQ==", createClientData("webauthn.create", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ=="), Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="));
        this.webAuthnContext.setAuthenticatorAssertionResponse(this.mockAuthenticator.createAuthenticatorAssertionResponse(createAuthenticatorAttestationResponse.getId().getBytes(), createClientData("webauthn.get", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ==")));
        Assert.assertEquals(this.lookup.execute(this.src).getId(), "NoRegisteredWebAuthnCredentials");
    }

    @Test
    public void testUserHandleHasNoCredentialsNoTrigger() throws Exception {
        this.lookup.setTriggerEventOnNoCredentials(false);
        this.lookup.initialize();
        this.mockAuthenticator = new MockAuthenticator("idp.example.com");
        PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> createAuthenticatorAttestationResponse = this.mockAuthenticator.createAuthenticatorAttestationResponse("dGhpc2lzBaNoYWxsZW5nZQ==", createClientData("webauthn.create", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ=="), Base64Support.decode("dGhpc2lzYWNoYWxsZW5nZQ=="));
        this.webAuthnContext.setAuthenticatorAssertionResponse(this.mockAuthenticator.createAuthenticatorAssertionResponse(createAuthenticatorAttestationResponse.getId().getBytes(), createClientData("webauthn.get", "https://idp.example.com", "dGhpc2lzBaNoYWxsZW5nZQ==")));
        Assert.assertNull(this.lookup.execute(this.src));
    }
}
