package net.shibboleth.idp.saml.attribute.resolver.impl;

import java.io.IOException;
import java.util.List;
import net.shibboleth.ext.spring.resource.ResourceHelper;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext;
import net.shibboleth.idp.attribute.resolver.context.AttributeResolverWorkContext;
import net.shibboleth.idp.saml.impl.TestSources;
import net.shibboleth.idp.saml.nameid.impl.CryptoTransientIdGenerationStrategy;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategy;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/attribute/resolver/impl/CryptoTransientIdAttributeDefinitionTest.class */
public class CryptoTransientIdAttributeDefinitionTest extends OpenSAMLInitBaseTestCase {
    private static final String ID = "CryptoTransientIdAttributeDefn";
    private static final long TIMEOUT = 500;
    private CryptoTransientIdGenerationStrategy strategy;
    private DataSealer dataSealer;

    @BeforeClass
    public void setupStrategyAndSealer() throws IOException, DataSealerException, ComponentInitializationException {
        ClassPathResource classPathResource = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.jks");
        Assert.assertTrue(classPathResource.exists());
        ClassPathResource classPathResource2 = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.kver");
        Assert.assertTrue(classPathResource2.exists());
        BasicKeystoreKeyStrategy basicKeystoreKeyStrategy = new BasicKeystoreKeyStrategy();
        basicKeystoreKeyStrategy.setKeyAlias("secret");
        basicKeystoreKeyStrategy.setKeyPassword("kpassword");
        basicKeystoreKeyStrategy.setKeystorePassword("password");
        basicKeystoreKeyStrategy.setKeystoreResource(ResourceHelper.of(classPathResource));
        basicKeystoreKeyStrategy.setKeyVersionResource(ResourceHelper.of(classPathResource2));
        basicKeystoreKeyStrategy.initialize();
        this.dataSealer = new DataSealer();
        this.dataSealer.setKeyStrategy(basicKeystoreKeyStrategy);
        this.dataSealer.initialize();
        this.strategy = new CryptoTransientIdGenerationStrategy();
        this.strategy.setDataSealer(this.dataSealer);
        this.strategy.setId("strategy");
        this.strategy.setIdLifetime(TIMEOUT);
        this.strategy.initialize();
    }

    @Test
    public void badVals() throws ComponentInitializationException {
        TransientIdAttributeDefinition newTransientIdAttributeDefinition = TransientIdAttributeDefinitionTest.newTransientIdAttributeDefinition(this.strategy);
        newTransientIdAttributeDefinition.setId(ID);
        newTransientIdAttributeDefinition.initialize();
        AttributeResolutionContext attributeResolutionContext = new AttributeResolutionContext();
        attributeResolutionContext.getSubcontext(AttributeResolverWorkContext.class, true);
        try {
            newTransientIdAttributeDefinition.resolve(attributeResolutionContext);
            Assert.fail("No SP");
        } catch (ResolutionException e) {
        }
        try {
            newTransientIdAttributeDefinition.resolve(TestSources.createResolutionContext(TestSources.PRINCIPAL_ID, TestSources.IDP_ENTITY_ID, null));
            Assert.fail("No SP");
        } catch (ResolutionException e2) {
        }
        try {
            newTransientIdAttributeDefinition.resolve(TestSources.createResolutionContext(null, TestSources.IDP_ENTITY_ID, TestSources.SP_ENTITY_ID));
            Assert.fail("No Principal");
        } catch (ResolutionException e3) {
        }
    }

    @Test
    public void encode() throws ComponentInitializationException, ResolutionException, DataSealerException, InterruptedException {
        TransientIdAttributeDefinition newTransientIdAttributeDefinition = TransientIdAttributeDefinitionTest.newTransientIdAttributeDefinition(this.strategy);
        newTransientIdAttributeDefinition.setId(ID);
        newTransientIdAttributeDefinition.initialize();
        List values = ((IdPAttribute) newTransientIdAttributeDefinition.resolve(TestSources.createResolutionContext(TestSources.PRINCIPAL_ID, TestSources.IDP_ENTITY_ID, TestSources.SP_ENTITY_ID))).getValues();
        Assert.assertEquals(values.size(), 1);
        String value = ((StringAttributeValue) values.get(0)).getValue();
        Assert.assertEquals(this.dataSealer.unwrap(value), "https://sp.example.org/sp!PETER_THE_PRINCIPAL");
        Thread.sleep(1000L);
        try {
            this.dataSealer.unwrap(value);
            Assert.fail("Timeout not set correctly");
        } catch (Exception e) {
        }
    }
}
