package net.shibboleth.idp.saml.saml2.profile.delegation.impl;

import com.google.common.base.Function;
import com.google.common.base.Predicates;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nullable;
import net.shibboleth.idp.profile.ActionTestingSupport;
import net.shibboleth.idp.profile.RequestContextBuilder;
import net.shibboleth.idp.profile.config.ProfileConfiguration;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.saml.idwsf.profile.config.SSOSProfileConfiguration;
import net.shibboleth.idp.saml.saml2.profile.SAML2ActionTestingSupport;
import net.shibboleth.idp.saml.saml2.profile.delegation.LibertySSOSContext;
import net.shibboleth.idp.saml.saml2.profile.delegation.impl.EvaluateDelegationPolicy;
import net.shibboleth.idp.saml.xmlobject.DelegationPolicy;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.ext.saml2delrestrict.Delegate;
import org.opensaml.saml.ext.saml2delrestrict.DelegationRestrictionType;
import org.opensaml.saml.saml2.core.Advice;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Condition;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Response;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/delegation/impl/EvaluateDelegationPolicyTest.class */
public class EvaluateDelegationPolicyTest extends OpenSAMLInitBaseTestCase {
    private EvaluateDelegationPolicy action;
    private RequestContext rc;
    private ProfileRequestContext prc;
    private SSOSProfileConfiguration ssosProfileConfig;
    private List<ProfileConfiguration> profileConfigs;
    private Assertion delegatedAssertion;
    private DelegationRestrictionType delegatedRestrictionsCondition;
    private DelegationPolicy delegationPolicy;
    private String[] delegates = {"http:/foo.example.org", "http://bar.example.org", "http://baz.exqmple.org"};
    private Long policyMaxChainLength = Long.valueOf(this.delegates.length + 1);

    /* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/delegation/impl/EvaluateDelegationPolicyTest$MockChainLengthStrategy.class */
    private static class MockChainLengthStrategy implements Function<ProfileRequestContext, Long> {
        private Long length;

        public MockChainLengthStrategy(Long l) {
            this.length = l;
        }

        @Nullable
        public Long apply(@Nullable ProfileRequestContext profileRequestContext) {
            return this.length;
        }
    }

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        Response buildResponse = SAML2ActionTestingSupport.buildResponse();
        buildResponse.getAssertions().add(SAML2ActionTestingSupport.buildAssertion());
        this.ssosProfileConfig = new SSOSProfileConfiguration();
        this.ssosProfileConfig.setDelegationPredicate(Predicates.alwaysTrue());
        this.profileConfigs = new ArrayList();
        this.profileConfigs.add(this.ssosProfileConfig);
        this.rc = new RequestContextBuilder().setInboundMessage(SAML2ActionTestingSupport.buildAuthnRequest()).setOutboundMessage(buildResponse).setRelyingPartyProfileConfigurations(this.profileConfigs).buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        this.delegatedAssertion = SAML2ActionTestingSupport.buildAssertion();
        this.delegatedRestrictionsCondition = XMLObjectSupport.getBuilder(DelegationRestrictionType.TYPE_NAME).buildObject(Condition.DEFAULT_ELEMENT_NAME, DelegationRestrictionType.TYPE_NAME);
        for (String str : this.delegates) {
            Delegate buildXMLObject = XMLObjectSupport.buildXMLObject(Delegate.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setNameID(SAML2ActionTestingSupport.buildNameID(str));
            this.delegatedRestrictionsCondition.getDelegates().add(buildXMLObject);
        }
        this.delegatedAssertion.setConditions(XMLObjectSupport.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME));
        this.delegatedAssertion.getConditions().getConditions().add(this.delegatedRestrictionsCondition);
        this.delegationPolicy = XMLObjectSupport.buildXMLObject(DelegationPolicy.DEFAULT_ELEMENT_NAME);
        this.delegationPolicy.setMaximumTokenDelegationChainLength(this.policyMaxChainLength);
        this.delegatedAssertion.setAdvice(XMLObjectSupport.buildXMLObject(Advice.DEFAULT_ELEMENT_NAME));
        this.delegatedAssertion.getAdvice().getChildren().add(this.delegationPolicy);
        this.prc.getSubcontext(LibertySSOSContext.class, true).setAttestedToken(this.delegatedAssertion);
        this.action = new EvaluateDelegationPolicy();
    }

    @Test
    public void testDefaultChainLengthStrategy() throws ComponentInitializationException {
        this.action.initialize();
        this.action.execute(this.rc);
        EvaluateDelegationPolicy evaluateDelegationPolicy = this.action;
        evaluateDelegationPolicy.getClass();
        Assert.assertEquals(new EvaluateDelegationPolicy.PolicyMaxChainLengthStrategy(evaluateDelegationPolicy).apply(this.prc), this.policyMaxChainLength);
    }

    @Test
    public void testDefaultChainLengthStrategyNoAssertion() throws ComponentInitializationException {
        this.prc.removeSubcontext(LibertySSOSContext.class);
        this.action.initialize();
        this.action.execute(this.rc);
        EvaluateDelegationPolicy evaluateDelegationPolicy = this.action;
        evaluateDelegationPolicy.getClass();
        Assert.assertNull(new EvaluateDelegationPolicy.PolicyMaxChainLengthStrategy(evaluateDelegationPolicy).apply(this.prc));
    }

    @Test
    public void testDefaultChainLengthStrategyNoPolicy() throws ComponentInitializationException {
        this.prc.getSubcontext(LibertySSOSContext.class).getAttestedToken().setAdvice((Advice) null);
        this.action.initialize();
        this.action.execute(this.rc);
        EvaluateDelegationPolicy evaluateDelegationPolicy = this.action;
        evaluateDelegationPolicy.getClass();
        Assert.assertNull(new EvaluateDelegationPolicy.PolicyMaxChainLengthStrategy(evaluateDelegationPolicy).apply(this.prc));
    }

    @Test
    public void testSuccessNoInboundChain() throws ComponentInitializationException {
        this.delegatedAssertion.setConditions((Conditions) null);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }

    @Test
    public void testSuccessChainShorterThanPolicy() throws ComponentInitializationException {
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }

    @Test
    public void testSuccessNoChainDefaultChainPolicy() throws ComponentInitializationException {
        this.delegatedAssertion.setConditions((Conditions) null);
        this.action.setPolicyMaxChainLengthStrategy(new MockChainLengthStrategy(null));
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }

    @Test
    public void testChainLongerThanPolicy() throws ComponentInitializationException {
        this.action.setPolicyMaxChainLengthStrategy(new MockChainLengthStrategy(Long.valueOf(this.delegates.length - 1)));
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSecurityConfiguration");
    }

    @Test
    public void testChainEqualToPolicy() throws ComponentInitializationException {
        this.action.setPolicyMaxChainLengthStrategy(new MockChainLengthStrategy(Long.valueOf(this.delegates.length)));
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSecurityConfiguration");
    }

    @Test
    public void testPredicateDisallows() throws ComponentInitializationException {
        this.ssosProfileConfig.setDelegationPredicate(Predicates.alwaysFalse());
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSecurityConfiguration");
    }

    @Test
    public void testNoDelegatedAssertion() throws ComponentInitializationException {
        this.action.setAssertionTokenStrategy(new Function<ProfileRequestContext, Assertion>() { // from class: net.shibboleth.idp.saml.saml2.profile.delegation.impl.EvaluateDelegationPolicyTest.1
            @Nullable
            public Assertion apply(@Nullable ProfileRequestContext profileRequestContext) {
                return null;
            }
        });
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "NoCredentials");
    }

    @Test
    public void testNoRelyingPartyContext() throws ComponentInitializationException {
        this.prc.removeSubcontext(RelyingPartyContext.class);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
    }

    @Test
    public void testNoProfileConfig() throws ComponentInitializationException {
        this.prc.getSubcontext(RelyingPartyContext.class).setProfileConfig((ProfileConfiguration) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
    }
}
