package edu.internet2.middleware.shibboleth.idp.system.conf1;

import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.ProfileHandler;
import edu.internet2.middleware.shibboleth.common.profile.ProfileHandlerManager;
import edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler;
import edu.internet2.middleware.shibboleth.idp.authn.Saml2LoginContext;
import edu.internet2.middleware.shibboleth.idp.authn.UsernamePrincipal;
import edu.internet2.middleware.shibboleth.idp.session.impl.AuthenticationMethodInformationImpl;
import edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper;
import java.security.Principal;
import javax.security.auth.Subject;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/system/conf1/SAML2SSOTestCase.class */
public class SAML2SSOTestCase extends BaseConf1TestCase {
    public void testFirstAuthenticationLeg() throws Exception {
        MockServletContext mockServletContext = new MockServletContext();
        MockHttpServletRequest buildServletRequest = buildServletRequest("urn:example.org:sp1");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AbstractShibbolethProfileHandler profileHandler = ((ProfileHandlerManager) getApplicationContext().getBean("shibboleth.HandlerManager")).getProfileHandler(buildServletRequest);
        assertNotNull(profileHandler);
        profileHandler.processRequest(new HttpServletRequestAdapter(buildServletRequest), new HttpServletResponseAdapter(mockHttpServletResponse, false));
        buildServletRequest.setCookies(mockHttpServletResponse.getCookies());
        Saml2LoginContext loginContext = HttpServletHelper.getLoginContext(profileHandler.getStorageService(), mockServletContext, buildServletRequest);
        assertNotNull(loginContext);
        assertEquals(false, loginContext.getAuthenticationAttempted());
        assertEquals(false, loginContext.isForceAuthRequired());
        assertEquals(false, loginContext.isPassiveAuthRequired());
        assertEquals("/AuthnEngine", loginContext.getAuthenticationEngineURL());
        assertEquals("/saml2/POST/SSO", loginContext.getProfileHandlerURL());
        assertEquals("urn:example.org:sp1", loginContext.getRelyingPartyId());
        assertEquals(0, loginContext.getRequestedAuthenticationMethods().size());
        assertTrue(mockHttpServletResponse.getRedirectedUrl().endsWith("/AuthnEngine"));
    }

    public void testSecondAuthenticationLeg() throws Exception {
        MockServletContext mockServletContext = new MockServletContext();
        MockHttpServletRequest buildServletRequest = buildServletRequest("urn:example.org:sp1");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        AbstractShibbolethProfileHandler profileHandler = ((ProfileHandlerManager) getApplicationContext().getBean("shibboleth.HandlerManager")).getProfileHandler(buildServletRequest);
        assertNotNull(profileHandler);
        HttpServletHelper.bindLoginContext(buildLoginContext("urn:example.org:sp1"), profileHandler.getStorageService(), mockServletContext, buildServletRequest, mockHttpServletResponse);
        buildServletRequest.setCookies(mockHttpServletResponse.getCookies());
        profileHandler.processRequest(new HttpServletRequestAdapter(buildServletRequest), new HttpServletResponseAdapter(mockHttpServletResponse, false));
        String contentAsString = mockHttpServletResponse.getContentAsString();
        assertTrue(contentAsString.contains("action=\"https&#x3a;&#x2f;&#x2f;example.org&#x2f;mySP\" method=\"post\""));
        assertTrue(contentAsString.contains("SAMLResponse"));
    }

    public void testAuthenticationWithoutConfiguredSSO() throws Exception {
        MockHttpServletRequest buildServletRequest = buildServletRequest("urn:example.org:BogusSP");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        ProfileHandler profileHandler = ((ProfileHandlerManager) getApplicationContext().getBean("shibboleth.HandlerManager")).getProfileHandler(buildServletRequest);
        assertNotNull(profileHandler);
        try {
            profileHandler.processRequest(new HttpServletRequestAdapter(buildServletRequest), new HttpServletResponseAdapter(mockHttpServletResponse, false));
            fail("Request processing expected to due to lack of configured SAML 2 SSO profile");
        } catch (ProfileException e) {
        }
    }

    protected MockHttpServletRequest buildServletRequest(String str) throws Exception {
        String samlRequestString = getSamlRequestString(buildAuthnRequest(str));
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setMethod("POST");
        mockHttpServletRequest.setPathInfo("/saml2/POST/SSO");
        mockHttpServletRequest.setParameter("SAMLRequest", Base64.encodeBytes(samlRequestString.getBytes()));
        return mockHttpServletRequest;
    }

    protected Saml2LoginContext buildLoginContext(String str) throws Exception {
        Principal usernamePrincipal = new UsernamePrincipal("test");
        Subject subject = new Subject();
        subject.getPrincipals().add(usernamePrincipal);
        AuthenticationMethodInformationImpl authenticationMethodInformationImpl = new AuthenticationMethodInformationImpl(subject, usernamePrincipal, "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified", new DateTime(), 3600L);
        Saml2LoginContext saml2LoginContext = new Saml2LoginContext(str, (String) null, buildAuthnRequest(str));
        saml2LoginContext.setAuthenticationMethodInformation(authenticationMethodInformationImpl);
        saml2LoginContext.setPrincipalAuthenticated(true);
        saml2LoginContext.setRelyingParty(str);
        return saml2LoginContext;
    }

    protected AuthnRequest buildAuthnRequest(String str) {
        Issuer buildObject = this.builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setValue(str);
        AuthnRequest buildObject2 = this.builderFactory.getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject2.setID("1");
        buildObject2.setIssueInstant(new DateTime());
        buildObject2.setIssuer(buildObject);
        return buildObject2;
    }

    protected String getSamlRequestString(AuthnRequest authnRequest) throws MarshallingException {
        return XMLHelper.nodeToString(this.marshallerFactory.getMarshaller(authnRequest).marshall(authnRequest));
    }
}
