package net.shibboleth.idp.plugin.authn.webauthn.client.impl;

import com.yubico.webauthn.RelyingParty;
import com.yubico.webauthn.data.AttestationType;
import com.yubico.webauthn.data.AuthenticatorAssertionResponse;
import com.yubico.webauthn.data.AuthenticatorAttestationResponse;
import com.yubico.webauthn.data.AuthenticatorSelectionCriteria;
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.ClientAssertionExtensionOutputs;
import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
import com.yubico.webauthn.data.PublicKeyCredential;
import com.yubico.webauthn.data.PublicKeyCredentialCreationOptions;
import com.yubico.webauthn.data.PublicKeyCredentialParameters;
import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions;
import com.yubico.webauthn.data.RegistrationExtensionInputs;
import com.yubico.webauthn.data.UserIdentity;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nonnull;
import net.shibboleth.idp.plugin.authn.webauthn.admin.CredentialCreationOptionsParameters;
import net.shibboleth.idp.plugin.authn.webauthn.admin.RegistrationResult;
import net.shibboleth.idp.plugin.authn.webauthn.authn.AssertionResult;
import net.shibboleth.idp.plugin.authn.webauthn.authn.CredentialRequestOptionsParameters;
import net.shibboleth.idp.plugin.authn.webauthn.client.WebAuthnAuthenticationClient;
import net.shibboleth.idp.plugin.authn.webauthn.exception.AssertionFailureException;
import net.shibboleth.idp.plugin.authn.webauthn.exception.RegistrationFailureException;
import net.shibboleth.idp.plugin.authn.webauthn.exception.WebAuthnAuthenticationClientException;
import net.shibboleth.shared.annotation.constraint.NonnullElements;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/webauthn/client/impl/MockWebAuthnClient.class */
public class MockWebAuthnClient implements WebAuthnAuthenticationClient {
    private final boolean assertionResponseSuccess;
    private final boolean signatureCount;

    @Nonnull
    private final RelyingParty rp;

    @Nonnull
    @NonnullElements
    private final List<PublicKeyCredentialParameters> preferredPublickeyParams = CollectionSupport.listOf(new PublicKeyCredentialParameters[]{PublicKeyCredentialParameters.ES256, PublicKeyCredentialParameters.EdDSA, PublicKeyCredentialParameters.ES384, PublicKeyCredentialParameters.ES512, PublicKeyCredentialParameters.RS256, PublicKeyCredentialParameters.RS384, PublicKeyCredentialParameters.RS512});
    static final /* synthetic */ boolean $assertionsDisabled;

    public MockWebAuthnClient(@Nonnull RelyingParty relyingParty, boolean z, boolean z2) {
        this.rp = (RelyingParty) Constraint.isNotNull(relyingParty, "The reyling party configuration can not be null");
        this.assertionResponseSuccess = z;
        this.signatureCount = z2;
    }

    public PublicKeyCredentialRequestOptions createAuthenticationRequest(CredentialRequestOptionsParameters credentialRequestOptionsParameters) throws WebAuthnAuthenticationClientException {
        PublicKeyCredentialRequestOptions build = PublicKeyCredentialRequestOptions.builder().challenge(new ByteArray(credentialRequestOptionsParameters.getChallenge())).rpId(this.rp.getIdentity().getId()).allowCredentials(Optional.ofNullable(credentialRequestOptionsParameters.getAllowCredentials())).userVerification(credentialRequestOptionsParameters.getUserVerificationRequirement()).timeout(Optional.of(60000L)).build();
        if (build == null) {
            throw new WebAuthnAuthenticationClientException("Unable to build public key credential request options");
        }
        return build;
    }

    public PublicKeyCredentialCreationOptions createRegistrationRequest(CredentialCreationOptionsParameters credentialCreationOptionsParameters) throws WebAuthnAuthenticationClientException {
        PublicKeyCredentialCreationOptions build = PublicKeyCredentialCreationOptions.builder().rp(this.rp.getIdentity()).user(UserIdentity.builder().name(credentialCreationOptionsParameters.getUsername()).displayName(credentialCreationOptionsParameters.getUsername()).id(new ByteArray(credentialCreationOptionsParameters.getUserId())).build()).challenge(new ByteArray(credentialCreationOptionsParameters.getChallenge())).pubKeyCredParams(this.preferredPublickeyParams).excludeCredentials(credentialCreationOptionsParameters.getExcludeCredentials()).attestation(credentialCreationOptionsParameters.getAttestationConveyancePreference()).authenticatorSelection(AuthenticatorSelectionCriteria.builder().userVerification(credentialCreationOptionsParameters.getUserVerificationRequirement()).residentKey(credentialCreationOptionsParameters.getResidentKeyRequirement()).authenticatorAttachment(credentialCreationOptionsParameters.getAuthenticatorAttachment()).build()).extensions(credentialCreationOptionsParameters.isEnableCredProperties() ? RegistrationExtensionInputs.builder().credProps().build() : RegistrationExtensionInputs.builder().build()).timeout(Optional.empty()).build();
        if (build == null) {
            throw new WebAuthnAuthenticationClientException("Unable to build public key credential creation options");
        }
        return build;
    }

    public AssertionResult validateAuthenticatorAssertionResponse(String str, byte[] bArr, PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions, PublicKeyCredential<AuthenticatorAssertionResponse, ClientAssertionExtensionOutputs> publicKeyCredential) throws AssertionFailureException {
        AssertionResult build = AssertionResult.builder().withSuccess(this.assertionResponseSuccess).withUsername(str).withSignatureCounterValid(this.signatureCount).withUserId(bArr).build();
        if ($assertionsDisabled || build != null) {
            return build;
        }
        throw new AssertionError();
    }

    public RegistrationResult validateAuthenticatorAttestationResponse(PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions, PublicKeyCredential<AuthenticatorAttestationResponse, ClientRegistrationExtensionOutputs> publicKeyCredential) throws RegistrationFailureException {
        return RegistrationResult.builder().withAttestationTrusted(true).withAttestationType(AttestationType.NONE).withCredential(publicKeyCredential).build();
    }

    static {
        $assertionsDisabled = !MockWebAuthnClient.class.desiredAssertionStatus();
    }
}
