package net.shibboleth.idp.saml.security.impl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObjectBaseTestCase;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.metadata.resolver.filter.impl.NodeProcessingMetadataFilter;
import org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.x509.PKIXValidationInformation;
import org.opensaml.security.x509.TrustedNamesCriterion;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/security/impl/MetadataPKIXValidationInformationResolverTest.class */
public class MetadataPKIXValidationInformationResolverTest extends XMLObjectBaseTestCase {
    private String protocolBlue = "PROTOCOL_BLUE";
    private String protocolGreen = "PROTOCOL_GREEN";
    private String fooEntityID = "http://foo.example.org/shibboleth";
    private String barEntityID = "http://bar.example.org/shibboleth";
    private CriteriaSet criteriaSet;

    @BeforeMethod
    protected void setUp() throws Exception {
        this.criteriaSet = new CriteriaSet();
    }

    @Test
    public void testEmpty() throws XMLParserException, ComponentInitializationException, ResolverException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("empty-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Assert.assertFalse(resolver.resolve(this.criteriaSet).iterator().hasNext(), "Iterator was not empty");
    }

    @Test
    public void testNames() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("names-entities-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Set resolveTrustedNames = resolver.resolveTrustedNames(this.criteriaSet);
        Assert.assertNotNull(resolveTrustedNames, "Set of resolved trusted names was null");
        Assert.assertFalse(resolveTrustedNames.isEmpty(), "Set of trusted names was empty");
        Assert.assertEquals(resolveTrustedNames.size(), 2, "Set of trusted names had incorrect size");
        Assert.assertTrue(resolveTrustedNames.contains("foo.example.org"), "Did't find expected name value");
        Assert.assertTrue(resolveTrustedNames.contains(this.fooEntityID), "Did't find expected name value");
        this.criteriaSet.clear();
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolGreen));
        Set resolveTrustedNames2 = resolver.resolveTrustedNames(this.criteriaSet);
        Assert.assertNotNull(resolveTrustedNames2, "Set of resolved trusted names was null");
        Assert.assertFalse(resolveTrustedNames2.isEmpty(), "Set of trusted names was empty");
        Assert.assertEquals(resolveTrustedNames2.size(), 3, "Set of trusted names had incorrect size");
        Assert.assertTrue(resolveTrustedNames2.contains("CN=foo.example.org,O=Internet2"), "Did't find expected name value");
        Assert.assertTrue(resolveTrustedNames2.contains("idp.example.org"), "Did't find expected name value");
        Assert.assertTrue(resolveTrustedNames2.contains(this.fooEntityID), "Did't find expected name value");
        this.criteriaSet.clear();
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.barEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Set resolveTrustedNames3 = resolver.resolveTrustedNames(this.criteriaSet);
        Assert.assertNotNull(resolveTrustedNames3, "Set of resolved trusted names was null");
        Assert.assertFalse(resolveTrustedNames3.isEmpty(), "Set of trusted names was empty");
        Assert.assertEquals(resolveTrustedNames3.size(), 1, "Set of trusted names had incorrect size");
        Assert.assertTrue(resolveTrustedNames3.contains(this.barEntityID), "Did't find expected name value");
        HashSet hashSet = new HashSet(Arrays.asList("foo", "bar"));
        this.criteriaSet.clear();
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        this.criteriaSet.add(new TrustedNamesCriterion(hashSet));
        Set resolveTrustedNames4 = resolver.resolveTrustedNames(this.criteriaSet);
        Assert.assertNotNull(resolveTrustedNames4, "Set of resolved trusted names was null");
        Assert.assertFalse(resolveTrustedNames4.isEmpty(), "Set of trusted names was empty");
        Assert.assertEquals(resolveTrustedNames4.size(), 4, "Set of trusted names had incorrect size");
        Assert.assertTrue(resolveTrustedNames4.contains("foo.example.org"), "Did't find expected name value");
        Assert.assertTrue(resolveTrustedNames4.contains(this.fooEntityID), "Did't find expected name value");
        Assert.assertTrue(resolveTrustedNames4.containsAll(hashSet), "Did't find expected name value");
    }

    @Test
    public void testNonExistentEntityID() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("oneset-entities-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion("http://doesnt.exist.example.org/shibboleth"));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Assert.assertFalse(resolver.resolve(this.criteriaSet).iterator().hasNext(), "Iterator was not empty");
    }

    @Test
    public void testOneSetOnEntitiesDescriptor() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("oneset-entities-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Iterator it = resolver.resolve(this.criteriaSet).iterator();
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation.getCertificates().size(), 3, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation.getVerificationDepth(), new Integer(5), "Incorrect VerifyDepth");
        Assert.assertFalse(it.hasNext(), "Iterator was not empty");
    }

    @Test
    public void testNoVerifyDepth() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("nodepth-entities-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Iterator it = resolver.resolve(this.criteriaSet).iterator();
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        Assert.assertEquals(((PKIXValidationInformation) it.next()).getVerificationDepth(), new Integer(1), "Incorrect VerifyDepth");
        Assert.assertFalse(it.hasNext(), "Iterator was not empty");
    }

    @Test
    public void testOneSetOnEntitiesDescriptor3KeyInfo() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("oneset-3keyinfo-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Iterator it = resolver.resolve(this.criteriaSet).iterator();
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation.getCertificates().size(), 7, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation.getCRLs().size(), 2, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation.getVerificationDepth(), new Integer(5), "Incorrect VerifyDepth");
        Assert.assertFalse(it.hasNext(), "Iterator was not empty");
    }

    @Test
    public void testOneSetOnEntityDescriptor() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("oneset-entity-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Iterator it = resolver.resolve(this.criteriaSet).iterator();
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation.getCertificates().size(), 3, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation.getVerificationDepth(), new Integer(5), "Incorrect VerifyDepth");
        Assert.assertFalse(it.hasNext(), "Iterator was not empty");
        this.criteriaSet.clear();
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.barEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Assert.assertFalse(resolver.resolve(this.criteriaSet).iterator().hasNext(), "Iterator was not empty");
    }

    @Test
    public void testTwoSetOnEntitiesAndEntityDescriptor() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("twoset-entity-entities-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Iterator it = resolver.resolve(this.criteriaSet).iterator();
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation.getCertificates().size(), 1, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation.getVerificationDepth(), new Integer(3), "Incorrect VerifyDepth");
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation2 = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation2.getCertificates().size(), 6, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation2.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation2.getVerificationDepth(), new Integer(5), "Incorrect VerifyDepth");
        Assert.assertFalse(it.hasNext(), "Iterator was not empty");
    }

    @Test
    public void testTwoSetOn2Authorities() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("twoset-2authorities-entities-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Iterator it = resolver.resolve(this.criteriaSet).iterator();
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation.getCertificates().size(), 3, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation.getVerificationDepth(), new Integer(5), "Incorrect VerifyDepth");
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation2 = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation2.getCertificates().size(), 1, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation2.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation2.getVerificationDepth(), new Integer(3), "Incorrect VerifyDepth");
        Assert.assertFalse(it.hasNext(), "Iterator was not empty");
    }

    @Test
    public void testThreeSetOn3Authorities() throws ResolverException, XMLParserException, ComponentInitializationException {
        MetadataPKIXValidationInformationResolver resolver = getResolver("threeset-entity-entities-entities-metadata-pkix.xml");
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        this.criteriaSet.add(new EntityIdCriterion(this.fooEntityID));
        this.criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBlue));
        Iterator it = resolver.resolve(this.criteriaSet).iterator();
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation.getCertificates().size(), 1, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation.getVerificationDepth(), new Integer(3), "Incorrect VerifyDepth");
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation2 = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation2.getCertificates().size(), 3, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation2.getCRLs().size(), 0, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation2.getVerificationDepth(), new Integer(5), "Incorrect VerifyDepth");
        Assert.assertTrue(it.hasNext(), "Iterator was empty");
        PKIXValidationInformation pKIXValidationInformation3 = (PKIXValidationInformation) it.next();
        Assert.assertEquals(pKIXValidationInformation3.getCertificates().size(), 4, "Incorrect number of certificates");
        Assert.assertEquals(pKIXValidationInformation3.getCRLs().size(), 1, "Incorrect number of CRL's");
        Assert.assertEquals(pKIXValidationInformation3.getVerificationDepth(), new Integer(5), "Incorrect VerifyDepth");
        Assert.assertFalse(it.hasNext(), "Iterator was not empty");
    }

    private MetadataPKIXValidationInformationResolver getResolver(String str) throws XMLParserException, ComponentInitializationException {
        DOMMetadataResolver dOMMetadataResolver = new DOMMetadataResolver(parserPool.parse(MetadataPKIXValidationInformationResolverTest.class.getResourceAsStream("/net/shibboleth/idp/saml/impl/security/" + str)).getDocumentElement());
        ArrayList arrayList = new ArrayList();
        arrayList.add(new KeyAuthorityNodeProcessor());
        NodeProcessingMetadataFilter nodeProcessingMetadataFilter = new NodeProcessingMetadataFilter();
        nodeProcessingMetadataFilter.setNodeProcessors(arrayList);
        nodeProcessingMetadataFilter.initialize();
        dOMMetadataResolver.setMetadataFilter(nodeProcessingMetadataFilter);
        dOMMetadataResolver.setId("Test");
        dOMMetadataResolver.initialize();
        PredicateRoleDescriptorResolver predicateRoleDescriptorResolver = new PredicateRoleDescriptorResolver(dOMMetadataResolver);
        predicateRoleDescriptorResolver.initialize();
        MetadataPKIXValidationInformationResolver metadataPKIXValidationInformationResolver = new MetadataPKIXValidationInformationResolver(predicateRoleDescriptorResolver);
        metadataPKIXValidationInformationResolver.initialize();
        return metadataPKIXValidationInformationResolver;
    }
}
