package net.shibboleth.idp.saml.nameid.impl;

import java.util.Arrays;
import java.util.List;
import javax.annotation.Nullable;
import javax.security.auth.Subject;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.saml.authn.principal.NameIdentifierPrincipal;
import net.shibboleth.idp.saml.nameid.NameIDCanonicalizationFlowDescriptor;
import net.shibboleth.idp.saml.nameid.NameIdentifierDecoder;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.profile.action.ActionTestingSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/nameid/impl/NameIdentifierCanonicalizationTest.class */
public class NameIdentifierCanonicalizationTest extends OpenSAMLInitBaseTestCase {
    private ProfileRequestContext prc;
    private NameIDCanonicalizationFlowDescriptor flowDescriptor;
    private NameIdentifierCanonicalization action;
    private SAMLObjectBuilder<NameIdentifier> builder;
    private static final String REQUESTER = "TestRequest";
    private static final String RESPONDER = "TestResp";
    private static final String VALUE_PREFIX = "TestPrefix";
    private static final List<String> formats = Arrays.asList("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", null);

    @BeforeClass
    public void initialize() {
        this.builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(NameIdentifier.DEFAULT_ELEMENT_NAME);
    }

    @BeforeMethod
    public void setUp() throws Exception {
        this.prc = new ProfileRequestContext();
        this.flowDescriptor = new NameIDCanonicalizationFlowDescriptor();
        this.flowDescriptor.setId("C14NDesc");
        this.flowDescriptor.setFormats(formats);
        this.flowDescriptor.initialize();
        this.action = new NameIdentifierCanonicalization();
        this.action.setDecoder(new NameIdentifierDecoder() { // from class: net.shibboleth.idp.saml.nameid.impl.NameIdentifierCanonicalizationTest.1
            public String decode(SubjectCanonicalizationContext subjectCanonicalizationContext, NameIdentifier nameIdentifier) {
                if (NameIdentifierCanonicalizationTest.RESPONDER.equals(subjectCanonicalizationContext.getResponderId()) && NameIdentifierCanonicalizationTest.REQUESTER.equals(subjectCanonicalizationContext.getRequesterId())) {
                    return NameIdentifierCanonicalizationTest.VALUE_PREFIX + nameIdentifier.getValue();
                }
                return null;
            }
        });
        this.action.initialize();
    }

    private void setSubContext(@Nullable Subject subject, @Nullable String str, @Nullable String str2) {
        SubjectCanonicalizationContext subcontext = this.prc.getSubcontext(SubjectCanonicalizationContext.class, true);
        if (subject != null) {
            subcontext.setSubject(subject);
        }
        if (str2 != null) {
            subcontext.setRequesterId(str2);
        }
        if (str != null) {
            subcontext.setResponderId(str);
        }
        subcontext.setAttemptedFlow(this.flowDescriptor);
    }

    private NameIdentifier nameId(String str, String str2, String str3) {
        NameIdentifier buildObject = this.builder.buildObject();
        buildObject.setValue(str);
        buildObject.setFormat(str2);
        buildObject.setNameQualifier(str3);
        return buildObject;
    }

    private NameIdentifier nameId(String str, String str2) {
        return nameId(str, str2, RESPONDER);
    }

    @Test
    public void testNoContext() {
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidSubjectCanonicalizationContext");
    }

    @Test
    public void testNoPrincipal() {
        setSubContext(new Subject(), null, null);
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidSubject");
        Assert.assertNotNull(this.prc.getSubcontext(SubjectCanonicalizationContext.class, false).getException());
    }

    @Test
    public void testMultiPrincipals() {
        Subject subject = new Subject();
        subject.getPrincipals().add(new NameIdentifierPrincipal(nameId("value", "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName")));
        subject.getPrincipals().add(new NameIdentifierPrincipal(nameId("value2", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName")));
        setSubContext(subject, null, null);
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidSubject");
        Assert.assertNotNull(this.prc.getSubcontext(SubjectCanonicalizationContext.class, false).getException());
    }

    @Test
    public void testWrongFormat() {
        Subject subject = new Subject();
        subject.getPrincipals().add(new NameIdentifierPrincipal(nameId("value", "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName")));
        setSubContext(subject, RESPONDER, REQUESTER);
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidSubject");
        Assert.assertNotNull(this.prc.getSubcontext(SubjectCanonicalizationContext.class, false).getException());
    }

    @Test
    public void testWrongRequester() {
        Subject subject = new Subject();
        subject.getPrincipals().add(new NameIdentifierPrincipal(nameId("value", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")));
        setSubContext(subject, RESPONDER, RESPONDER);
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidSubject");
    }

    @Test
    public void testWrongResponderNameId() {
        Subject subject = new Subject();
        subject.getPrincipals().add(new NameIdentifierPrincipal(nameId("value", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")));
        setSubContext(subject, REQUESTER, REQUESTER);
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidSubject");
    }

    @Test
    public void testWrongResponder() {
        Subject subject = new Subject();
        subject.getPrincipals().add(new NameIdentifierPrincipal(nameId("value", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", REQUESTER)));
        setSubContext(subject, REQUESTER, REQUESTER);
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidSubject");
    }

    @Test
    public void testSuccess() {
        Subject subject = new Subject();
        subject.getPrincipals().add(new UsernamePrincipal("foo@osu.edu"));
        subject.getPrincipals().add(new NameIdentifierPrincipal(nameId("works", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress")));
        setSubContext(subject, RESPONDER, REQUESTER);
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertEquals(this.prc.getSubcontext(SubjectCanonicalizationContext.class, false).getPrincipalName(), "TestPrefixworks");
    }
}
