package net.shibboleth.idp.saml.saml2.profile.delegation.impl;

import com.google.common.base.Predicates;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.List;
import net.shibboleth.idp.profile.ActionTestingSupport;
import net.shibboleth.idp.profile.RequestContextBuilder;
import net.shibboleth.idp.profile.config.ProfileConfiguration;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.saml.saml2.profile.SAML2ActionTestingSupport;
import net.shibboleth.idp.saml.saml2.profile.config.BrowserSSOProfileConfiguration;
import net.shibboleth.idp.saml.saml2.profile.delegation.DelegationContext;
import net.shibboleth.idp.saml.saml2.profile.delegation.DelegationRequest;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.UninitializedComponentException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.messaging.context.AttributeConsumingServiceContext;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AttributeQuery;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.config.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/delegation/impl/PopulateDelegationContextTest.class */
public class PopulateDelegationContextTest extends OpenSAMLInitBaseTestCase {
    private AuthnRequest authnRequest;
    private Response response;
    private Assertion assertion;
    private BrowserSSOProfileConfiguration browserSSOProfileConfig;
    private List<ProfileConfiguration> profileConfigs;
    private SAMLPeerEntityContext samlPeerContext;
    private SAMLMetadataContext samlMetadataContext;
    private PopulateDelegationContext action;
    private MockServletContext servletContext;
    private MockHttpServletRequest servletRequest;
    private RequestContext rc;
    private ProfileRequestContext prc;
    private int numKeys = 3;
    private List<PublicKey> publicKeys = new ArrayList();

    public PopulateDelegationContextTest() throws NoSuchAlgorithmException, NoSuchProviderException {
        for (int i = 0; i < this.numKeys; i++) {
            this.publicKeys.add(KeySupport.generateKeyPair("RSA", 2048, (String) null).getPublic());
        }
    }

    @BeforeMethod
    protected void setUp() throws ComponentInitializationException {
        this.servletContext = new MockServletContext();
        this.servletContext.setContextPath("/idp");
        this.servletRequest = new MockHttpServletRequest(this.servletContext);
        this.servletRequest.setScheme("https");
        this.servletRequest.setServerName("idp.example.org");
        this.servletRequest.setServerPort(443);
        this.servletRequest.setRequestURI("/idp/profile/SAML2/Redirect/SSO");
        this.servletRequest.setContextPath("/idp");
        this.authnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        this.authnRequest.setIssuer(SAML2ActionTestingSupport.buildIssuer("http://sp.example.org"));
        this.response = SAML2ActionTestingSupport.buildResponse();
        this.response.setIssuer(SAML2ActionTestingSupport.buildIssuer("http://idp.example.org"));
        this.assertion = SAML2ActionTestingSupport.buildAssertion();
        this.assertion.setID("assertion");
        this.assertion.setIssuer(SAML2ActionTestingSupport.buildIssuer("http://idp.example.org"));
        this.assertion.setSubject(SAML2ActionTestingSupport.buildSubject("morpheus"));
        this.assertion.getAuthnStatements().add(SAML2ActionTestingSupport.buildAuthnStatement());
        this.assertion.getAttributeStatements().add(SAML2ActionTestingSupport.buildAttributeStatement());
        this.response.getAssertions().add(this.assertion);
        this.browserSSOProfileConfig = new BrowserSSOProfileConfiguration();
        this.profileConfigs = new ArrayList();
        this.profileConfigs.add(this.browserSSOProfileConfig);
        this.rc = new RequestContextBuilder().setServletContext(this.servletContext).setHttpRequest(this.servletRequest).setInboundMessage(this.authnRequest).setOutboundMessage(this.response).setRelyingPartyProfileConfigurations(this.profileConfigs).buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        this.samlPeerContext = subcontext.getSubcontext(SAMLPeerEntityContext.class, true);
        this.samlPeerContext.setEntityId("http://sp.example.org");
        this.samlPeerContext.setRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        subcontext.setRelyingPartyIdContextTree(this.samlPeerContext);
        this.samlMetadataContext = this.samlPeerContext.getSubcontext(SAMLMetadataContext.class, true);
        this.samlMetadataContext.setRoleDescriptor(buildSPSSODescriptor());
        MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver();
        metadataCredentialResolver.setKeyInfoCredentialResolver(DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
        metadataCredentialResolver.initialize();
        this.action = new PopulateDelegationContext();
        this.action.setCredentialResolver(metadataCredentialResolver);
    }

    @Test(expectedExceptions = {UninitializedComponentException.class})
    public void testNotInitialized() throws Exception {
        this.action.execute(this.rc);
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testNoInboundMessageContext() throws Exception {
        this.prc.setInboundMessageContext((MessageContext) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidMessageContext");
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testNoInboundMessage() throws Exception {
        this.prc.getInboundMessageContext().setMessage((Object) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidMessageContext");
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testInboundMessageNotSAML2AuthnRequest() throws Exception {
        this.prc.getInboundMessageContext().setMessage(XMLObjectSupport.buildXMLObject(AttributeQuery.DEFAULT_ELEMENT_NAME));
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNoCredentialResolver() throws Exception {
        this.action = new PopulateDelegationContext();
        this.action.initialize();
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testNoRelyingPartyContext() throws Exception {
        this.prc.removeSubcontext(RelyingPartyContext.class);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testActivationCondition() throws Exception {
        this.action.setActivationCondition(Predicates.alwaysFalse());
        this.prc.clearSubcontexts();
        this.prc.setInboundMessageContext((MessageContext) null);
        this.prc.setOutboundMessageContext((MessageContext) null);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testNoMetadataContext() throws Exception {
        this.samlPeerContext.removeSubcontext(SAMLMetadataContext.class);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testNoRoleDescriptor() throws Exception {
        this.samlMetadataContext.setRoleDescriptor((RoleDescriptor) null);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testDelegationNotRequested() throws Exception {
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testRequestedViaMetadataNotRequiredNotAllowed() throws Exception {
        this.samlMetadataContext.getSubcontext(AttributeConsumingServiceContext.class, true).setAttributeConsumingService(buildDelegationRequestAttributeConsumingService(false));
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testRequestedViaMetadataRequiredNotAllowed() throws Exception {
        this.samlMetadataContext.getSubcontext(AttributeConsumingServiceContext.class, true).setAttributeConsumingService(buildDelegationRequestAttributeConsumingService(true));
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSecurityConfiguration");
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testRequestedViaMetadataNotRequiredAllowed() throws Exception {
        this.samlMetadataContext.getSubcontext(AttributeConsumingServiceContext.class, true).setAttributeConsumingService(buildDelegationRequestAttributeConsumingService(false));
        this.browserSSOProfileConfig.setAllowDelegation(Predicates.alwaysTrue());
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        DelegationContext subcontext = this.prc.getSubcontext(DelegationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.isIssuingDelegatedAssertion(), true);
        Assert.assertEquals(subcontext.getDelegationRequested(), DelegationRequest.REQUESTED_OPTIONAL);
        Assert.assertNotNull(subcontext.getSubjectConfirmationCredentials());
        Assert.assertFalse(subcontext.getSubjectConfirmationCredentials().isEmpty());
    }

    @Test
    public void testRequestedViaMetadataRequiredAllowed() throws Exception {
        this.samlMetadataContext.getSubcontext(AttributeConsumingServiceContext.class, true).setAttributeConsumingService(buildDelegationRequestAttributeConsumingService(true));
        this.browserSSOProfileConfig.setAllowDelegation(Predicates.alwaysTrue());
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        DelegationContext subcontext = this.prc.getSubcontext(DelegationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.isIssuingDelegatedAssertion(), true);
        Assert.assertEquals(subcontext.getDelegationRequested(), DelegationRequest.REQUESTED_REQUIRED);
        Assert.assertNotNull(subcontext.getSubjectConfirmationCredentials());
        Assert.assertFalse(subcontext.getSubjectConfirmationCredentials().isEmpty());
    }

    @Test
    public void testRequestedViaConditionsNotAllowed() throws Exception {
        this.authnRequest.setConditions(buildDelegationRequestConditions());
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSecurityConfiguration");
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testRequestedViaConditionsAllowed() throws Exception {
        this.authnRequest.setConditions(buildDelegationRequestConditions());
        this.browserSSOProfileConfig.setAllowDelegation(Predicates.alwaysTrue());
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        DelegationContext subcontext = this.prc.getSubcontext(DelegationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.isIssuingDelegatedAssertion(), true);
        Assert.assertEquals(subcontext.getDelegationRequested(), DelegationRequest.REQUESTED_REQUIRED);
        Assert.assertNotNull(subcontext.getSubjectConfirmationCredentials());
        Assert.assertFalse(subcontext.getSubjectConfirmationCredentials().isEmpty());
    }

    @Test
    public void testRequestedViaConditionsAllowedViaLegacyBoolean() throws Exception {
        this.authnRequest.setConditions(buildDelegationRequestConditions());
        this.browserSSOProfileConfig.setAllowingDelegation(true);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        DelegationContext subcontext = this.prc.getSubcontext(DelegationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.isIssuingDelegatedAssertion(), true);
        Assert.assertEquals(subcontext.getDelegationRequested(), DelegationRequest.REQUESTED_REQUIRED);
        Assert.assertNotNull(subcontext.getSubjectConfirmationCredentials());
        Assert.assertFalse(subcontext.getSubjectConfirmationCredentials().isEmpty());
    }

    @Test
    public void testRequiredNoKeyDescriptors() throws Exception {
        this.samlMetadataContext.getRoleDescriptor().getKeyDescriptors().clear();
        this.authnRequest.setConditions(buildDelegationRequestConditions());
        this.browserSSOProfileConfig.setAllowDelegation(Predicates.alwaysTrue());
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "MessageProcessingError");
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    @Test
    public void testNotRequiredNoKeyDescriptors() throws Exception {
        this.samlMetadataContext.getRoleDescriptor().getKeyDescriptors().clear();
        this.samlMetadataContext.getSubcontext(AttributeConsumingServiceContext.class, true).setAttributeConsumingService(buildDelegationRequestAttributeConsumingService(false));
        this.browserSSOProfileConfig.setAllowDelegation(Predicates.alwaysTrue());
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNull(this.prc.getSubcontext(DelegationContext.class));
    }

    private Conditions buildDelegationRequestConditions() {
        Audience buildXMLObject = XMLObjectSupport.buildXMLObject(Audience.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setAudienceURI(this.prc.getSubcontext(RelyingPartyContext.class).getConfiguration().getResponderId());
        AudienceRestriction buildXMLObject2 = XMLObjectSupport.buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.getAudiences().add(buildXMLObject);
        Conditions buildXMLObject3 = XMLObjectSupport.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
        buildXMLObject3.getAudienceRestrictions().add(buildXMLObject2);
        return buildXMLObject3;
    }

    private AttributeConsumingService buildDelegationRequestAttributeConsumingService(boolean z) {
        RequestedAttribute buildXMLObject = XMLObjectSupport.buildXMLObject(RequestedAttribute.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setName("urn:liberty:ssos:2006-08");
        buildXMLObject.setIsRequired(Boolean.valueOf(z));
        AttributeConsumingService buildXMLObject2 = XMLObjectSupport.buildXMLObject(AttributeConsumingService.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.getRequestAttributes().add(buildXMLObject);
        return buildXMLObject2;
    }

    private SPSSODescriptor buildSPSSODescriptor() {
        SPSSODescriptor buildXMLObject = XMLObjectSupport.buildXMLObject(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        for (PublicKey publicKey : this.publicKeys) {
            KeyInfo buildXMLObject2 = XMLObjectSupport.buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            KeyInfoSupport.addPublicKey(buildXMLObject2, publicKey);
            KeyDescriptor buildXMLObject3 = XMLObjectSupport.buildXMLObject(KeyDescriptor.DEFAULT_ELEMENT_NAME);
            buildXMLObject3.setUse(UsageType.SIGNING);
            buildXMLObject3.setKeyInfo(buildXMLObject2);
            buildXMLObject.getKeyDescriptors().add(buildXMLObject3);
        }
        EntityDescriptor buildXMLObject4 = XMLObjectSupport.buildXMLObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        buildXMLObject4.setEntityID("http://sp.example.org");
        buildXMLObject4.getRoleDescriptors().add(buildXMLObject);
        return buildXMLObject;
    }
}
