package org.opensaml.saml.saml2.assertion.tests;

import java.net.URISyntaxException;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.namespace.QName;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.core.xml.AbstractXMLObject;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.assertion.AssertionValidationException;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.assertion.ValidationResult;
import org.opensaml.saml.saml2.assertion.ConditionValidator;
import org.opensaml.saml.saml2.assertion.SAML20AssertionValidator;
import org.opensaml.saml.saml2.assertion.StatementValidator;
import org.opensaml.saml.saml2.assertion.SubjectConfirmationValidator;
import org.opensaml.saml.saml2.assertion.impl.BearerSubjectConfirmationValidator;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Condition;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.OneTimeUse;
import org.opensaml.saml.saml2.core.Statement;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.impl.CollectionCredentialResolver;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignaturePrevalidator;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/assertion/tests/SAML20AssertionValidatorTest.class */
public class SAML20AssertionValidatorTest extends BaseAssertionValidationTest {
    private SAML20AssertionValidator validator;
    private List<ConditionValidator> conditionValidators;
    private List<SubjectConfirmationValidator> subjectConfirmationValidators;
    private List<StatementValidator> statementValidators;
    private Set<Credential> trustedCredentials;
    private CollectionCredentialResolver credentialResolver;
    private SignatureTrustEngine signatureTrustEngine;
    private SignaturePrevalidator signaturePrevalidator;
    private X509Certificate cert1;
    private X509Certificate cert2;
    private PublicKey publicKey1;
    private PublicKey publicKey2;
    private PrivateKey privateKey1;
    private PrivateKey privateKey2;
    private Credential cred1;
    private Credential cred2;

    /* loaded from: input_file:org/opensaml/saml/saml2/assertion/tests/SAML20AssertionValidatorTest$MockCondition.class */
    public static class MockCondition extends AbstractXMLObject implements Condition {
        public static final QName ELEMENT_NAME = new QName("urn:test:conditions", "MockCondition", "mock");

        public MockCondition() {
            this(ELEMENT_NAME.getNamespaceURI(), ELEMENT_NAME.getLocalPart(), ELEMENT_NAME.getPrefix());
        }

        protected MockCondition(String str, String str2, String str3) {
            super(str, str2, str3);
        }

        public List<XMLObject> getOrderedChildren() {
            return null;
        }
    }

    /* loaded from: input_file:org/opensaml/saml/saml2/assertion/tests/SAML20AssertionValidatorTest$MockCondition2.class */
    public static class MockCondition2 extends AbstractXMLObject implements Condition {
        public static final QName ELEMENT_NAME = new QName("urn:test:conditions", "MockCondition2", "mock");

        public MockCondition2() {
            this(ELEMENT_NAME.getNamespaceURI(), ELEMENT_NAME.getLocalPart(), ELEMENT_NAME.getPrefix());
        }

        protected MockCondition2(String str, String str2, String str3) {
            super(str, str2, str3);
        }

        public List<XMLObject> getOrderedChildren() {
            return null;
        }
    }

    /* loaded from: input_file:org/opensaml/saml/saml2/assertion/tests/SAML20AssertionValidatorTest$MockCondition2Validator.class */
    public static class MockCondition2Validator implements ConditionValidator {
        public QName getServicedCondition() {
            return MockCondition2.ELEMENT_NAME;
        }

        public ValidationResult validate(Condition condition, Assertion assertion, ValidationContext validationContext) throws AssertionValidationException {
            return ValidationResult.VALID;
        }
    }

    /* loaded from: input_file:org/opensaml/saml/saml2/assertion/tests/SAML20AssertionValidatorTest$MockConditionValidator.class */
    public static class MockConditionValidator implements ConditionValidator {
        public QName getServicedCondition() {
            return MockCondition.ELEMENT_NAME;
        }

        public ValidationResult validate(Condition condition, Assertion assertion, ValidationContext validationContext) throws AssertionValidationException {
            return ValidationResult.VALID;
        }
    }

    @BeforeClass
    protected void readCertsAndKeys() throws CertificateException, URISyntaxException, KeyException {
        this.cert1 = getCertificate("subject1.crt");
        this.publicKey1 = this.cert1.getPublicKey();
        this.privateKey1 = getPrivateKey("subject1.key");
        this.cred1 = getSigningCredential(this.publicKey1, this.privateKey1);
        this.cert2 = getCertificate("subject2.crt");
        this.publicKey2 = this.cert2.getPublicKey();
        this.privateKey2 = getPrivateKey("subject2.key");
        this.cred2 = getSigningCredential(this.publicKey2, this.privateKey2);
    }

    @BeforeMethod(dependsOnMethods = {"setUpBasicAssertion"})
    protected void setUp() throws NoSuchAlgorithmException, NoSuchProviderException {
        this.conditionValidators = new ArrayList();
        this.subjectConfirmationValidators = new ArrayList();
        this.statementValidators = new ArrayList();
        this.subjectConfirmationValidators.add(new BearerSubjectConfirmationValidator());
        this.trustedCredentials = new HashSet();
        this.credentialResolver = new CollectionCredentialResolver(this.trustedCredentials);
        this.signatureTrustEngine = new ExplicitKeySignatureTrustEngine(this.credentialResolver, DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
        this.signaturePrevalidator = new SAMLSignatureProfileValidator();
    }

    @Test
    public void testNoSubjectConfirmationValidators() throws AssertionValidationException {
        this.subjectConfirmationValidators.clear();
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
        Assert.assertNull(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"));
    }

    @Test
    public void testNoSubject() throws AssertionValidationException {
        getAssertion().setSubject((Subject) null);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.VALID);
        Assert.assertNull(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"));
    }

    @Test
    public void testNoSubjectConfirmations() throws AssertionValidationException {
        getAssertion().getSubject().getSubjectConfirmations().clear();
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.VALID);
        Assert.assertNull(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"));
    }

    @Test
    public void testNoSignatureAndNotRequired() throws AssertionValidationException {
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assertion assertion = getAssertion();
        Assert.assertEquals(this.validator.validate(assertion, validationContext), ValidationResult.VALID);
        Assert.assertSame(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"), assertion.getSubject().getSubjectConfirmations().get(0));
    }

    @Test
    public void testNoSignatureAndRequired() throws AssertionValidationException {
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testWithTrustedSignature() throws AssertionValidationException, SecurityException, MarshallingException, SignatureException {
        this.trustedCredentials.add(this.cred1);
        signAssertion(getAssertion(), this.cred1);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assertion assertion = getAssertion();
        Assert.assertEquals(this.validator.validate(assertion, validationContext), ValidationResult.VALID);
        Assert.assertSame(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"), assertion.getSubject().getSubjectConfirmations().get(0));
    }

    @Test
    public void testWithTrustedSignatureAndContextTrustEngine() throws AssertionValidationException, SecurityException, MarshallingException, SignatureException {
        this.trustedCredentials.add(this.cred1);
        signAssertion(getAssertion(), this.cred1);
        this.validator = new SAML20AssertionValidator(this.conditionValidators, this.subjectConfirmationValidators, this.statementValidators, (SignatureTrustEngine) null, this.signaturePrevalidator);
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        buildBasicStaticParameters.put("saml2.SignatureValidationTrustEngine", this.signatureTrustEngine);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assertion assertion = getAssertion();
        Assert.assertEquals(this.validator.validate(assertion, validationContext), ValidationResult.VALID);
        Assert.assertSame(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"), assertion.getSubject().getSubjectConfirmations().get(0));
    }

    @Test
    public void testWithTrustedSignatureAndContextPrevalidator() throws AssertionValidationException, SecurityException, MarshallingException, SignatureException {
        this.trustedCredentials.add(this.cred1);
        signAssertion(getAssertion(), this.cred1);
        this.validator = new SAML20AssertionValidator(this.conditionValidators, this.subjectConfirmationValidators, this.statementValidators, this.signatureTrustEngine, (SignaturePrevalidator) null);
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        buildBasicStaticParameters.put("saml2.SignatureValidationPrevalidator", this.signaturePrevalidator);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assertion assertion = getAssertion();
        Assert.assertEquals(this.validator.validate(assertion, validationContext), ValidationResult.VALID);
        Assert.assertSame(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"), assertion.getSubject().getSubjectConfirmations().get(0));
    }

    @Test
    public void testWithSignatureAndUntrustedCredential() throws AssertionValidationException, SecurityException, MarshallingException, SignatureException {
        this.trustedCredentials.add(this.cred2);
        signAssertion(getAssertion(), this.cred1);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testWithSignatureNoSignatureTrustEngine() throws AssertionValidationException, SecurityException, MarshallingException, SignatureException {
        signAssertion(getAssertion(), this.cred1);
        this.validator = new SAML20AssertionValidator(this.conditionValidators, this.subjectConfirmationValidators, this.statementValidators, (SignatureTrustEngine) null, this.signaturePrevalidator);
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INDETERMINATE);
    }

    @Test
    public void testWithSignatureFailsSignaturePrevalidation() throws AssertionValidationException, SecurityException, MarshallingException, SignatureException {
        this.trustedCredentials.add(this.cred1);
        signAssertion(getAssertion(), this.cred1);
        this.validator = new SAML20AssertionValidator(this.conditionValidators, this.subjectConfirmationValidators, this.statementValidators, this.signatureTrustEngine, new SignaturePrevalidator() { // from class: org.opensaml.saml.saml2.assertion.tests.SAML20AssertionValidatorTest.1
            public void validate(@Nonnull Signature signature) throws SignatureException {
                throw new SignatureException();
            }
        });
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testWithSignatureTrustEngineFailure() throws AssertionValidationException, SecurityException, MarshallingException, SignatureException {
        this.trustedCredentials.add(this.cred1);
        signAssertion(getAssertion(), this.cred1);
        this.validator = new SAML20AssertionValidator(this.conditionValidators, this.subjectConfirmationValidators, this.statementValidators, new SignatureTrustEngine() { // from class: org.opensaml.saml.saml2.assertion.tests.SAML20AssertionValidatorTest.2
            public boolean validate(Signature signature, CriteriaSet criteriaSet) throws SecurityException {
                throw new SecurityException();
            }

            @Nullable
            public KeyInfoCredentialResolver getKeyInfoResolver() {
                return null;
            }

            public boolean validate(@Nonnull byte[] bArr, @Nonnull byte[] bArr2, @Nonnull String str, @Nullable CriteriaSet criteriaSet, @Nullable Credential credential) throws SecurityException {
                throw new SecurityException();
            }
        }, this.signaturePrevalidator);
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", true);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INDETERMINATE);
    }

    @Test
    public void testNoConditions() throws AssertionValidationException {
        getAssertion().setConditions((Conditions) null);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assertion assertion = getAssertion();
        Assert.assertEquals(this.validator.validate(assertion, validationContext), ValidationResult.VALID);
        Assert.assertSame(validationContext.getDynamicParameters().get("saml2.ConfirmedSubjectConfirmation"), assertion.getSubject().getSubjectConfirmations().get(0));
    }

    @Test
    public void testNoConditionsWithRequired() throws AssertionValidationException {
        getAssertion().setConditions((Conditions) null);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        buildBasicStaticParameters.put("saml2.Conditions.RequiredConditions", Collections.singleton(MockCondition.ELEMENT_NAME));
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testConditionsWithRequiredPresent() throws AssertionValidationException {
        getAssertion().getConditions().getConditions().add(new MockCondition());
        getAssertion().getConditions().getConditions().add(new MockCondition2());
        this.conditionValidators.add(new MockConditionValidator());
        this.conditionValidators.add(new MockCondition2Validator());
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        buildBasicStaticParameters.put("saml2.Conditions.RequiredConditions", Collections.singleton(MockCondition.ELEMENT_NAME));
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.VALID);
    }

    @Test
    public void testConditionsWithRequiredMissing() throws AssertionValidationException {
        getAssertion().getConditions().getConditions().add(new MockCondition2());
        this.conditionValidators.add(new MockConditionValidator());
        this.conditionValidators.add(new MockCondition2Validator());
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        buildBasicStaticParameters.put("saml2.Conditions.RequiredConditions", Collections.singleton(MockCondition.ELEMENT_NAME));
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testInvalidConditionsNotBefore() throws AssertionValidationException {
        getAssertion().getConditions().setNotBefore(Instant.now().plus(30L, (TemporalUnit) ChronoUnit.MINUTES));
        getAssertion().getConditions().setNotOnOrAfter(Instant.now().plus(60L, (TemporalUnit) ChronoUnit.MINUTES));
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testInvalidConditionsNotOnOrAfter() throws AssertionValidationException {
        getAssertion().getConditions().setNotBefore(Instant.now().minus(60L, (TemporalUnit) ChronoUnit.MINUTES));
        getAssertion().getConditions().setNotOnOrAfter(Instant.now().minus(30L, (TemporalUnit) ChronoUnit.MINUTES));
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testFailConditionValidator() throws AssertionValidationException {
        this.conditionValidators.add(new ConditionValidator() { // from class: org.opensaml.saml.saml2.assertion.tests.SAML20AssertionValidatorTest.3
            @Nonnull
            public ValidationResult validate(@Nonnull Condition condition, @Nonnull Assertion assertion, @Nonnull ValidationContext validationContext) throws AssertionValidationException {
                return ValidationResult.INVALID;
            }

            @Nonnull
            public QName getServicedCondition() {
                return OneTimeUse.DEFAULT_ELEMENT_NAME;
            }
        });
        getAssertion().getConditions().getConditions().add(buildXMLObject(OneTimeUse.DEFAULT_ELEMENT_NAME));
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testUnknownCondition() throws AssertionValidationException {
        getAssertion().getConditions().getConditions().add(buildXMLObject(OneTimeUse.DEFAULT_ELEMENT_NAME));
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INDETERMINATE);
    }

    @Test
    public void testFailStatementValidator() throws AssertionValidationException {
        this.statementValidators.add(new StatementValidator() { // from class: org.opensaml.saml.saml2.assertion.tests.SAML20AssertionValidatorTest.4
            @Nonnull
            public QName getServicedStatement() {
                return AuthnStatement.DEFAULT_ELEMENT_NAME;
            }

            @Nonnull
            public ValidationResult validate(@Nonnull Statement statement, @Nonnull Assertion assertion, @Nonnull ValidationContext validationContext) throws AssertionValidationException {
                return ValidationResult.INVALID;
            }
        });
        getAssertion().getStatements().add(buildXMLObject(AuthnStatement.DEFAULT_ELEMENT_NAME));
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testInvalidSAMLVersion() throws AssertionValidationException {
        getAssertion().setVersion(SAMLVersion.VERSION_11);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testInvalidIssuer() throws AssertionValidationException {
        getAssertion().getIssuer().setValue("invalid");
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testNoIssuer() throws AssertionValidationException {
        getAssertion().setIssuer((Issuer) null);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testNoIssueInstant() throws AssertionValidationException {
        getAssertion().setIssueInstant((Instant) null);
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testGetLifetime() {
        HashMap hashMap = new HashMap();
        Assert.assertEquals(SAML20AssertionValidator.getLifetime(new ValidationContext(hashMap)), Duration.ofMinutes(5L));
        hashMap.put("saml2.Lifetime", Duration.ofMinutes(10L));
        Assert.assertEquals(SAML20AssertionValidator.getLifetime(new ValidationContext(hashMap)), Duration.ofMinutes(10L));
        hashMap.put("saml2.Lifetime", Duration.ofMinutes(8L).negated());
        Assert.assertEquals(SAML20AssertionValidator.getLifetime(new ValidationContext(hashMap)), Duration.ofMinutes(8L));
        hashMap.put("saml2.Lifetime", 420000L);
        Assert.assertEquals(SAML20AssertionValidator.getLifetime(new ValidationContext(hashMap)), Duration.ofMinutes(7L));
        hashMap.put("saml2.Lifetime", -540000L);
        Assert.assertEquals(SAML20AssertionValidator.getLifetime(new ValidationContext(hashMap)), Duration.ofMinutes(9L));
        hashMap.put("saml2.Lifetime", Duration.ofSeconds(0L));
        Assert.assertEquals(SAML20AssertionValidator.getLifetime(new ValidationContext(hashMap)), Duration.ofMinutes(5L));
    }

    @Test
    public void testIssueInstantInFuture() throws AssertionValidationException {
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        getAssertion().setIssueInstant(Instant.now().plus((TemporalAmount) SAML20AssertionValidator.getClockSkew(validationContext)).plusSeconds(5L));
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testIssueInstantInFutureWithinClockSkew() throws AssertionValidationException {
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        getAssertion().setIssueInstant(Instant.now().plus((TemporalAmount) SAML20AssertionValidator.getClockSkew(validationContext)).minusSeconds(5L));
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.VALID);
    }

    @Test
    public void testIssueInstantExpired() throws AssertionValidationException {
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Instant now = Instant.now();
        Duration clockSkew = SAML20AssertionValidator.getClockSkew(validationContext);
        getAssertion().setIssueInstant(now.minus((TemporalAmount) SAML20AssertionValidator.getLifetime(validationContext).plus(clockSkew).plusSeconds(5L)));
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.INVALID);
    }

    @Test
    public void testIssueInstantExpiredWithinClockSkew() throws AssertionValidationException {
        this.validator = getCurrentValidator();
        Map<String, Object> buildBasicStaticParameters = buildBasicStaticParameters();
        buildBasicStaticParameters.put("saml2.SignatureRequired", false);
        ValidationContext validationContext = new ValidationContext(buildBasicStaticParameters);
        Instant now = Instant.now();
        Duration clockSkew = SAML20AssertionValidator.getClockSkew(validationContext);
        getAssertion().setIssueInstant(now.minus((TemporalAmount) SAML20AssertionValidator.getLifetime(validationContext).plus(clockSkew).minusSeconds(5L)));
        Assert.assertEquals(this.validator.validate(getAssertion(), validationContext), ValidationResult.VALID);
    }

    private SAML20AssertionValidator getCurrentValidator() {
        return new SAML20AssertionValidator(this.conditionValidators, this.subjectConfirmationValidators, this.statementValidators, this.signatureTrustEngine, this.signaturePrevalidator);
    }
}
