package net.shibboleth.idp.attribute.resolver.dc.http.impl;

import com.google.common.io.ByteStreams;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import javax.script.ScriptException;
import net.shibboleth.ext.spring.resource.ResourceHelper;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext;
import net.shibboleth.idp.attribute.resolver.dc.impl.TestCache;
import net.shibboleth.idp.saml.impl.testing.TestSources;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import net.shibboleth.utilities.java.support.test.repository.RepositorySupport;
import net.shibboleth.utilities.java.support.velocity.VelocityEngine;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver;
import org.opensaml.security.credential.impl.StaticCredentialResolver;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.opensaml.security.httpclient.impl.SecurityEnhancedHttpClientSupport;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.trust.impl.ExplicitKeyTrustEngine;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509Support;
import org.opensaml.security.x509.impl.BasicPKIXValidationInformation;
import org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator;
import org.opensaml.security.x509.impl.CertPathPKIXTrustEvaluator;
import org.opensaml.security.x509.impl.PKIXX509CredentialTrustEngine;
import org.opensaml.security.x509.impl.StaticPKIXValidationInformationResolver;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/attribute/resolver/dc/http/impl/HTTPDataConnectorTest.class */
public class HTTPDataConnectorTest {
    private static final String TEST_CONNECTOR_NAME = "HTTPConnector";
    private static final String TEST_URL = RepositorySupport.buildHTTPResourceURL("java-shib-attribute", "shib-attribute-resolver-impl/src/test/resources/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.json", false);
    private static final String SCRIPT_PATH = "/net/shibboleth/idp/attribute/resolver/impl/dc/http/";
    private HTTPDataConnector connector;

    @BeforeMethod
    public void setUp() throws Exception {
        this.connector = new HTTPDataConnector();
        this.connector.setId(TEST_CONNECTOR_NAME);
        HttpClientBuilder httpClientBuilder = new HttpClientBuilder();
        httpClientBuilder.setTLSSocketFactory(SecurityEnhancedHttpClientSupport.buildTLSSocketFactory(false, false));
        this.connector.setHttpClient(httpClientBuilder.buildClient());
    }

    @Test
    public void test() throws ComponentInitializationException, ResolutionException, ScriptException, IOException {
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSProtocols(Collections.singleton("TLSv1"));
        this.connector.setHttpClientSecurityParameters(httpClientSecurityParameters);
        TemplatedURLBuilder templatedURLBuilder = new TemplatedURLBuilder();
        templatedURLBuilder.setTemplateText(TEST_URL);
        templatedURLBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedURLBuilder.setHttpClientSecurityParameters(httpClientSecurityParameters);
        templatedURLBuilder.setHeaders(Collections.singletonMap("Accept", "test/html"));
        templatedURLBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedURLBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        this.connector.initialize();
        Map map = (Map) this.connector.resolve(TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp"));
        Assert.assertEquals(map.size(), 2);
        Assert.assertEquals(((IdPAttribute) map.get("foo")).getValues().size(), 1);
        Assert.assertEquals(((StringAttributeValue) ((IdPAttribute) map.get("foo")).getValues().get(0)).getValue(), "foo1");
        Assert.assertEquals(((IdPAttribute) map.get("bar")).getValues().size(), 2);
        Assert.assertEquals(((StringAttributeValue) ((IdPAttribute) map.get("bar")).getValues().get(0)).getValue(), "bar1");
        Assert.assertEquals(((StringAttributeValue) ((IdPAttribute) map.get("bar")).getValues().get(1)).getValue(), "bar2");
    }

    @Test(expectedExceptions = {ResolutionException.class})
    public void testBadProtocol() throws Exception {
        HttpClientBuilder httpClientBuilder = new HttpClientBuilder();
        httpClientBuilder.setTLSSocketFactory(buildSocketFactory());
        this.connector.setHttpClient(httpClientBuilder.buildClient());
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSProtocols(Collections.singleton("SSLv3"));
        httpClientSecurityParameters.setTLSTrustEngine(buildExplicitKeyTrustEngine("repo-entity.crt"));
        this.connector.setHttpClientSecurityParameters(httpClientSecurityParameters);
        TemplatedURLBuilder templatedURLBuilder = new TemplatedURLBuilder();
        templatedURLBuilder.setTemplateText(RepositorySupport.buildHTTPSResourceURL("java-identity-provider", "idp-attribute-resolver-impl/src/test/resources/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.json"));
        templatedURLBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedURLBuilder.setHttpClientSecurityParameters(httpClientSecurityParameters);
        templatedURLBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedURLBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        this.connector.initialize();
        this.connector.resolve(TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp"));
    }

    @Test(expectedExceptions = {ResolutionException.class})
    public void testSize() throws ComponentInitializationException, ResolutionException, ScriptException, IOException {
        TemplatedURLBuilder templatedURLBuilder = new TemplatedURLBuilder();
        templatedURLBuilder.setTemplateText(TEST_URL);
        templatedURLBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedURLBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedURLBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/testsize.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        this.connector.initialize();
        this.connector.resolve(TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp"));
    }

    @Test(expectedExceptions = {ResolutionException.class})
    public void testMissing() throws ComponentInitializationException, ResolutionException, ScriptException, IOException {
        TemplatedURLBuilder templatedURLBuilder = new TemplatedURLBuilder();
        templatedURLBuilder.setTemplateText("https://shibboleth.net/test.json");
        templatedURLBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedURLBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedURLBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        this.connector.initialize();
        this.connector.resolve(TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp"));
    }

    @Test
    public void testMissingOk() throws ComponentInitializationException, ResolutionException, ScriptException {
        TemplatedURLBuilder templatedURLBuilder = new TemplatedURLBuilder();
        templatedURLBuilder.setTemplateText("https://build.shibboleth.net/test.json");
        templatedURLBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedURLBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedURLBuilder);
        ScriptedResponseMappingStrategy inlineScript = ScriptedResponseMappingStrategy.inlineScript("1");
        inlineScript.setLogPrefix("HTTPConnector:");
        inlineScript.setAcceptStatuses(Collections.singleton(404));
        this.connector.setMappingStrategy(inlineScript);
        this.connector.initialize();
        Map map = (Map) this.connector.resolve(TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp"));
        Assert.assertTrue(map == null || map.isEmpty());
    }

    @Test
    public void resolveWithCache() throws ComponentInitializationException, ResolutionException, ScriptException, IOException {
        TemplatedURLBuilder templatedURLBuilder = new TemplatedURLBuilder();
        templatedURLBuilder.setTemplateText(TEST_URL);
        templatedURLBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedURLBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedURLBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        TestCache testCache = new TestCache();
        this.connector.setResultsCache(testCache);
        this.connector.initialize();
        AttributeResolutionContext createResolutionContext = TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp");
        Assert.assertTrue(testCache.size() == 0);
        Map map = (Map) this.connector.resolve(createResolutionContext);
        Assert.assertTrue(testCache.size() == 1);
        Assert.assertEquals(testCache.iterator().next(), map);
    }

    @Test(enabled = false)
    public void testPOST() throws ComponentInitializationException, ResolutionException, ScriptException, IOException {
        TemplatedBodyBuilder templatedBodyBuilder = new TemplatedBodyBuilder();
        templatedBodyBuilder.setURLTemplateText("https://shibboleth.net/cgi-bin/_frobnitz.cgi");
        templatedBodyBuilder.setBodyTemplateText("[{\"name\" : \"foo\",\"values\" : [ \"foo1\" ]},{\"name\" : \"bar\",\"values\" : [ \"bar1\", \"bar2\" ]}]");
        templatedBodyBuilder.setMIMEType("application/json");
        templatedBodyBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedBodyBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedBodyBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        this.connector.initialize();
        Map map = (Map) this.connector.resolve(TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp"));
        Assert.assertEquals(map.size(), 2);
        Assert.assertEquals(((IdPAttribute) map.get("foo")).getValues().size(), 1);
        Assert.assertEquals(((StringAttributeValue) ((IdPAttribute) map.get("foo")).getValues().get(0)).getValue(), "foo1");
        Assert.assertEquals(((IdPAttribute) map.get("bar")).getValues().size(), 2);
        Assert.assertEquals(((StringAttributeValue) ((IdPAttribute) map.get("bar")).getValues().get(0)).getValue(), "bar1");
        Assert.assertEquals(((StringAttributeValue) ((IdPAttribute) map.get("bar")).getValues().get(1)).getValue(), "bar2");
    }

    @Test(enabled = false)
    public void testCacheable() throws ComponentInitializationException, ResolutionException, ScriptException, IOException {
        TemplatedBodyBuilder templatedBodyBuilder = new TemplatedBodyBuilder();
        templatedBodyBuilder.setURLTemplateText("https://shibboleth.net/cgi-bin/_frobnitz.cgi");
        templatedBodyBuilder.setBodyTemplateText("[{\"name\" : \"foo\",\"values\" : [ \"foo1\" ]},{\"name\" : \"bar\",\"values\" : [ \"bar1\", \"bar2\" ]}]");
        templatedBodyBuilder.setCacheKeyTemplateText("foo");
        templatedBodyBuilder.setMIMEType("application/json");
        templatedBodyBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedBodyBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedBodyBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        TestCache testCache = new TestCache();
        this.connector.setResultsCache(testCache);
        this.connector.initialize();
        AttributeResolutionContext createResolutionContext = TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp");
        Assert.assertTrue(testCache.size() == 0);
        Map map = (Map) this.connector.resolve(createResolutionContext);
        Assert.assertTrue(testCache.size() == 1);
        Assert.assertEquals(testCache.iterator().next(), map);
    }

    @Test(enabled = false)
    public void testUncacheable() throws ComponentInitializationException, ResolutionException, ScriptException, IOException {
        TemplatedBodyBuilder templatedBodyBuilder = new TemplatedBodyBuilder();
        templatedBodyBuilder.setURLTemplateText("https://shibboleth.net/cgi-bin/_frobnitz.cgi");
        templatedBodyBuilder.setBodyTemplateText("[{\"name\" : \"foo\",\"values\" : [ \"foo1\" ]},{\"name\" : \"bar\",\"values\" : [ \"bar1\", \"bar2\" ]}]");
        templatedBodyBuilder.setMIMEType("application/json");
        templatedBodyBuilder.setVelocityEngine(VelocityEngine.newVelocityEngine());
        templatedBodyBuilder.initialize();
        this.connector.setExecutableSearchBuilder(templatedBodyBuilder);
        ScriptedResponseMappingStrategy resourceScript = ScriptedResponseMappingStrategy.resourceScript(ResourceHelper.of(new ClassPathResource("/net/shibboleth/idp/attribute/resolver/impl/dc/http/test.js")));
        resourceScript.setLogPrefix("HTTPConnector:");
        resourceScript.setAcceptStatuses(Collections.singleton(200));
        resourceScript.setAcceptTypes(Collections.singleton("application/json"));
        this.connector.setMappingStrategy(resourceScript);
        TestCache testCache = new TestCache();
        this.connector.setResultsCache(testCache);
        this.connector.initialize();
        AttributeResolutionContext createResolutionContext = TestSources.createResolutionContext("PETER_THE_PRINCIPAL", "https://idp.example.org/idp", "https://sp.example.org/sp");
        Assert.assertTrue(testCache.size() == 0);
        this.connector.resolve(createResolutionContext);
        Assert.assertTrue(testCache.size() == 0);
    }

    public static TrustEngine<? super X509Credential> buildPKIXTrustEngine(String str, String str2, boolean z) throws URISyntaxException, CertificateException, IOException {
        BasicPKIXValidationInformation basicPKIXValidationInformation = new BasicPKIXValidationInformation(Collections.singletonList(X509Support.decodeCertificate(ByteStreams.toByteArray(FileBackedHTTPMetadataResolver.class.getResourceAsStream("/net/shibboleth/idp/attribute/resolver/impl/dc/http/" + str)))), (Collection) null, 5);
        return new PKIXX509CredentialTrustEngine(new StaticPKIXValidationInformationResolver(Collections.singletonList(basicPKIXValidationInformation), str2 != null ? Collections.singleton(str2) : Collections.emptySet()), new CertPathPKIXTrustEvaluator(), z ? new BasicX509CredentialNameEvaluator() : null);
    }

    public static TrustEngine<? super X509Credential> buildExplicitKeyTrustEngine(String str) throws URISyntaxException, CertificateException, IOException {
        return new ExplicitKeyTrustEngine(new StaticCredentialResolver(new BasicX509Credential(X509Support.decodeCertificate(ByteStreams.toByteArray(FileBackedHTTPMetadataResolver.class.getResourceAsStream("/net/shibboleth/idp/attribute/resolver/impl/dc/http/" + str))))));
    }

    public static LayeredConnectionSocketFactory buildSocketFactory() {
        return buildSocketFactory(true);
    }

    public static LayeredConnectionSocketFactory buildSocketFactory(boolean z) {
        return SecurityEnhancedHttpClientSupport.buildTLSSocketFactory(z, false);
    }
}
