package net.shibboleth.idp.saml.saml2.profile.delegation.impl;

import com.google.common.base.Predicates;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.profile.ActionTestingSupport;
import net.shibboleth.idp.profile.RequestContextBuilder;
import net.shibboleth.idp.profile.config.ProfileConfiguration;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.saml.authn.principal.NameIDPrincipal;
import net.shibboleth.idp.saml.idwsf.profile.config.SSOSProfileConfiguration;
import net.shibboleth.idp.saml.saml2.profile.SAML2ActionTestingSupport;
import net.shibboleth.idp.saml.saml2.profile.delegation.LibertySSOSContext;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.messaging.context.SAMLPresenterEntityContext;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/delegation/impl/ProcessDelegatedAssertionTest.class */
public class ProcessDelegatedAssertionTest extends OpenSAMLInitBaseTestCase {
    private ProcessDelegatedAssertion action;
    private RequestContext rc;
    private ProfileRequestContext prc;
    private SSOSProfileConfiguration ssosProfileConfig;
    private List<ProfileConfiguration> profileConfigs;
    private Assertion delegatedAssertion;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        Response buildResponse = SAML2ActionTestingSupport.buildResponse();
        buildResponse.getAssertions().add(SAML2ActionTestingSupport.buildAssertion());
        this.ssosProfileConfig = new SSOSProfileConfiguration();
        this.ssosProfileConfig.setDelegationPredicate(Predicates.alwaysTrue());
        this.profileConfigs = new ArrayList();
        this.profileConfigs.add(this.ssosProfileConfig);
        this.rc = new RequestContextBuilder().setInboundMessage(SAML2ActionTestingSupport.buildAuthnRequest()).setOutboundMessage(buildResponse).setRelyingPartyProfileConfigurations(this.profileConfigs).buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        this.delegatedAssertion = SAML2ActionTestingSupport.buildAssertion();
        this.delegatedAssertion.setSubject(SAML2ActionTestingSupport.buildSubject("morpheus"));
        this.prc.getSubcontext(LibertySSOSContext.class, true).setAttestedToken(this.delegatedAssertion);
        this.action = new ProcessDelegatedAssertion();
    }

    @Test
    public void testSuccessWithSPNameQualifer() throws ComponentInitializationException {
        this.delegatedAssertion.getSubject().getNameID().setSPNameQualifier("https://portal.example.edu/saml");
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        SubjectCanonicalizationContext subcontext = this.prc.getSubcontext(SubjectCanonicalizationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertNotNull(subcontext.getSubject());
        Set principals = subcontext.getSubject().getPrincipals(NameIDPrincipal.class);
        Assert.assertNotNull(principals);
        Assert.assertEquals(principals.size(), 1);
        Assert.assertSame(((NameIDPrincipal) principals.iterator().next()).getNameID(), this.delegatedAssertion.getSubject().getNameID());
        Assert.assertEquals(subcontext.getRequesterId(), "https://portal.example.edu/saml");
        Assert.assertEquals(subcontext.getResponderId(), "http://idp.example.org");
    }

    @Test
    public void testSuccessWithSAMLPresenter() throws ComponentInitializationException {
        this.prc.getInboundMessageContext().getSubcontext(SAMLPresenterEntityContext.class, true).setEntityId("https://portal.example.edu/saml");
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        SubjectCanonicalizationContext subcontext = this.prc.getSubcontext(SubjectCanonicalizationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertNotNull(subcontext.getSubject());
        Set principals = subcontext.getSubject().getPrincipals(NameIDPrincipal.class);
        Assert.assertNotNull(principals);
        Assert.assertEquals(principals.size(), 1);
        Assert.assertSame(((NameIDPrincipal) principals.iterator().next()).getNameID(), this.delegatedAssertion.getSubject().getNameID());
        Assert.assertEquals(subcontext.getRequesterId(), "https://portal.example.edu/saml");
        Assert.assertEquals(subcontext.getResponderId(), "http://idp.example.org");
    }

    @Test
    public void testSuccessNoC14NRequester() throws ComponentInitializationException {
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        SubjectCanonicalizationContext subcontext = this.prc.getSubcontext(SubjectCanonicalizationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertNotNull(subcontext.getSubject());
        Set principals = subcontext.getSubject().getPrincipals(NameIDPrincipal.class);
        Assert.assertNotNull(principals);
        Assert.assertEquals(principals.size(), 1);
        Assert.assertSame(((NameIDPrincipal) principals.iterator().next()).getNameID(), this.delegatedAssertion.getSubject().getNameID());
        Assert.assertNull(subcontext.getRequesterId());
        Assert.assertEquals(subcontext.getResponderId(), "http://idp.example.org");
    }

    @Test
    public void testNoAssertion() throws ComponentInitializationException {
        this.prc.removeSubcontext(LibertySSOSContext.class);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "NoCredentials");
        Assert.assertNull(this.prc.getSubcontext(SubjectCanonicalizationContext.class));
    }

    @Test
    public void testNoSubject() throws ComponentInitializationException {
        this.prc.getSubcontext(LibertySSOSContext.class).getAttestedToken().setSubject((Subject) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSubject");
        Assert.assertNull(this.prc.getSubcontext(SubjectCanonicalizationContext.class));
    }

    @Test
    public void testNoNameID() throws ComponentInitializationException {
        this.prc.getSubcontext(LibertySSOSContext.class).getAttestedToken().getSubject().setNameID((NameID) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSubject");
        Assert.assertNull(this.prc.getSubcontext(SubjectCanonicalizationContext.class));
    }
}
