package net.shibboleth.idp.plugin.authn.webauthn.impl;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.core.Base64Variants;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.json.JsonMapper;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.yubico.webauthn.RelyingParty;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions;
import com.yubico.webauthn.data.PublicKeyCredentialParameters;
import com.yubico.webauthn.data.RelyingPartyIdentity;
import com.yubico.webauthn.data.UserIdentity;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Random;
import javax.annotation.Nonnull;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.webauthn.client.WebAuthnAuthenticationClient;
import net.shibboleth.idp.plugin.authn.webauthn.client.impl.MockWebAuthnClient;
import net.shibboleth.idp.plugin.authn.webauthn.context.BaseWebAuthnContext;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnAuthenticationContext;
import net.shibboleth.idp.plugin.authn.webauthn.context.WebAuthnRegistrationContext;
import net.shibboleth.idp.plugin.authn.webauthn.storage.StorageServiceCredentialRepository;
import net.shibboleth.idp.plugin.authn.webauthn.storage.impl.InMemoryRegistrationStorage;
import net.shibboleth.idp.plugin.authn.webauthn.storage.impl.MockAuthenticator;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.collection.CollectionSupport;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/impl/AbstractWebAuthnTest.class */
public abstract class AbstractWebAuthnTest {
    protected static final String ORIGIN = "https://idp.example.com";
    protected static final String RPID = "idp.example.com";
    protected static final String CHALLENGE_B64 = "dGhpc2lzBaNoYWxsZW5nZQ==";
    protected static final String USER_HANDLE_B64 = "dGhpc2lzYWNoYWxsZW5nZQ==";
    protected static final String USERNAME = "test-user";
    protected ProfileRequestContext prc;
    protected RequestContext src;
    protected WebAuthnAuthenticationContext webAuthnContext;
    protected WebAuthnRegistrationContext webAuthnRegContext;
    protected AuthenticationContext ac;
    protected MockAuthenticator mockAuthenticator;
    protected ObjectMapper jsonMapper;
    protected WebAuthnAuthenticationClient client;
    protected StorageServiceCredentialRepository credentialRepo;
    protected RelyingParty rp;

    @Nonnull
    protected final List<PublicKeyCredentialParameters> preferredPublickeyParams = CollectionSupport.listOf(new PublicKeyCredentialParameters[]{PublicKeyCredentialParameters.ES256, PublicKeyCredentialParameters.EdDSA, PublicKeyCredentialParameters.ES384, PublicKeyCredentialParameters.ES512, PublicKeyCredentialParameters.RS256, PublicKeyCredentialParameters.RS384, PublicKeyCredentialParameters.RS512});
    static final /* synthetic */ boolean $assertionsDisabled;

    public void setup() throws Exception {
        this.jsonMapper = JsonMapper.builder().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true).serializationInclusion(JsonInclude.Include.NON_ABSENT).defaultBase64Variant(Base64Variants.MODIFIED_FOR_URL).addModule(new Jdk8Module()).addModule(new JavaTimeModule()).build();
        this.src = new RequestContextBuilder().buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.src);
        this.webAuthnContext = new WebAuthnAuthenticationContext();
        if (!$assertionsDisabled && null == this.prc) {
            throw new AssertionError();
        }
        this.ac = new AuthenticationContext();
        AuthenticationFlowDescriptor authenticationFlowDescriptor = new AuthenticationFlowDescriptor();
        authenticationFlowDescriptor.setId("authn/WebAuthn");
        this.ac.setAttemptedFlow(authenticationFlowDescriptor);
        this.ac.setAuthenticatingAuthority(ORIGIN);
        if (!$assertionsDisabled && null == this.ac) {
            throw new AssertionError();
        }
        this.prc.addSubcontext(this.ac);
        if (!$assertionsDisabled && null == this.webAuthnContext) {
            throw new AssertionError();
        }
        this.ac.addSubcontext(this.webAuthnContext);
        this.webAuthnRegContext = new WebAuthnRegistrationContext();
        this.prc.addSubcontext(this.webAuthnRegContext);
        this.rp = RelyingParty.builder().identity(RelyingPartyIdentity.builder().id(RPID).name("Demo IdP as a WebAuthn RP").build()).credentialRepository(new InMemoryRegistrationStorage()).allowOriginPort(true).allowOriginSubdomain(true).build();
        this.webAuthnRegContext.setPublicKeyCredentialCreationOptions(PublicKeyCredentialCreationOptions.builder().rp(this.rp.getIdentity()).user(UserIdentity.builder().name(USERNAME).displayName("test user").id(new ByteArray(Base64Support.decode(USER_HANDLE_B64))).build()).challenge(new ByteArray(Base64Support.decode(CHALLENGE_B64))).pubKeyCredParams(this.preferredPublickeyParams).excludeCredentials(Optional.empty()).timeout(Optional.empty()).build());
        this.client = new MockWebAuthnClient(this.rp, true, true);
        this.credentialRepo = new InMemoryRegistrationStorage();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WebAuthnRegistrationContext addWebAuthnRegistrationContext() {
        return this.prc.ensureSubcontext(WebAuthnRegistrationContext.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BaseWebAuthnContext addBaseWebAuthnRegistrationContext() {
        return this.prc.ensureSubcontext(AuthenticationContext.class).ensureSubcontext(BaseWebAuthnContext.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WebAuthnAuthenticationContext addWebAuthnAuthenticationContext() {
        return this.prc.ensureSubcontext(AuthenticationContext.class).ensureSubcontext(WebAuthnAuthenticationContext.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MockWebServer createSimpleServer() throws UnknownHostException {
        MockWebServer mockWebServer = new MockWebServer();
        mockWebServer.useHttps(new HandshakeCertificates.Builder().heldCertificate(new HeldCertificate.Builder().addSubjectAlternativeName("localhost").build(), new X509Certificate[0]).build().sslSocketFactory(), false);
        return mockWebServer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void queueMockServerResponse(MockWebServer mockWebServer, int i, String str, String str2) {
        mockWebServer.enqueue(new MockResponse().setResponseCode(i).setHeader("content-type", str2).setBody(str));
    }

    protected byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        new Random().nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> createClientData(@Nonnull @NotEmpty String str, @Nonnull @NotEmpty String str2, @Nonnull @NotEmpty String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("challenge", str3);
        hashMap.put("origin", str2);
        hashMap.put("type", str);
        return hashMap;
    }

    static {
        $assertionsDisabled = !AbstractWebAuthnTest.class.desiredAssertionStatus();
    }
}
