package net.shibboleth.idp.saml.nameid.impl;

import java.io.IOException;
import java.util.Collections;
import java.util.List;
import javax.security.auth.Subject;
import net.shibboleth.ext.spring.resource.ResourceHelper;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.authn.SubjectCanonicalizationException;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.saml.attribute.resolver.impl.TransientIdAttributeDefinition;
import net.shibboleth.idp.saml.attribute.resolver.impl.TransientIdAttributeDefinitionTest;
import net.shibboleth.idp.saml.authn.principal.NameIDPrincipal;
import net.shibboleth.idp.saml.impl.TestSources;
import net.shibboleth.idp.saml.nameid.NameDecoderException;
import net.shibboleth.idp.saml.nameid.NameIDCanonicalizationFlowDescriptor;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategy;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.profile.action.ActionTestingSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.NameID;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/nameid/impl/CryptoTransientNameIDDecoderTest.class */
public class CryptoTransientNameIDDecoderTest extends OpenSAMLInitBaseTestCase {
    private static final long TIMEOUT = 50000;
    private static final String PRINCIPAL = "ThePrincipal";
    private static final String ISSUER = "https://idp.example.org/issuer";
    private static final String RECIPIENT = "https://sp.example.org/recipient";
    private DataSealer dataSealer;
    private CryptoTransientNameIDDecoder decoder;

    @BeforeClass
    public void setupDataSealer() throws IOException, DataSealerException, ComponentInitializationException {
        ClassPathResource classPathResource = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.jks");
        Assert.assertTrue(classPathResource.exists());
        ClassPathResource classPathResource2 = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.kver");
        Assert.assertTrue(classPathResource2.exists());
        BasicKeystoreKeyStrategy basicKeystoreKeyStrategy = new BasicKeystoreKeyStrategy();
        basicKeystoreKeyStrategy.setKeyAlias("secret");
        basicKeystoreKeyStrategy.setKeyPassword("kpassword");
        basicKeystoreKeyStrategy.setKeystorePassword("password");
        basicKeystoreKeyStrategy.setKeystoreResource(ResourceHelper.of(classPathResource));
        basicKeystoreKeyStrategy.setKeyVersionResource(ResourceHelper.of(classPathResource2));
        basicKeystoreKeyStrategy.initialize();
        this.dataSealer = new DataSealer();
        this.dataSealer.setKeyStrategy(basicKeystoreKeyStrategy);
        this.dataSealer.initialize();
        this.decoder = new CryptoTransientNameIDDecoder();
        this.decoder.setDataSealer(this.dataSealer);
        this.decoder.setId("Decoder");
        this.decoder.initialize();
    }

    private String code(String str, String str2, long j) throws DataSealerException {
        return this.dataSealer.wrap(str2 + "!" + str, System.currentTimeMillis() + j);
    }

    private String code(String str, String str2, String str3) throws DataSealerException {
        return code(str, str3, TIMEOUT);
    }

    @Test
    public void testSucess() throws Exception {
        Assert.assertEquals(this.decoder.decode(code(PRINCIPAL, ISSUER, RECIPIENT), RECIPIENT), PRINCIPAL);
    }

    @Test(expectedExceptions = {NameDecoderException.class})
    public void timeout() throws SubjectCanonicalizationException, DataSealerException, NameDecoderException {
        this.decoder.decode(code(PRINCIPAL, RECIPIENT, -10L), RECIPIENT);
    }

    @Test(expectedExceptions = {NameDecoderException.class})
    public void baddata() throws DataSealerException, NameDecoderException {
        this.decoder.decode(code(PRINCIPAL, ISSUER, RECIPIENT).toUpperCase(), RECIPIENT);
    }

    @Test
    public void baddata2() throws DataSealerException, NameDecoderException {
        Assert.assertNull(this.decoder.decode(this.dataSealer.wrap(ISSUER + "!" + RECIPIENT + "+" + PRINCIPAL, System.currentTimeMillis() + TIMEOUT), RECIPIENT));
    }

    @Test
    public void badSP() throws DataSealerException, NameDecoderException {
        Assert.assertNull(this.decoder.decode(code(PRINCIPAL, ISSUER, RECIPIENT), "myhttps://sp.example.org/recipient"));
    }

    @Test
    public void decode() throws ComponentInitializationException, ResolutionException, DataSealerException, InterruptedException {
        CryptoTransientIdGenerationStrategy cryptoTransientIdGenerationStrategy = new CryptoTransientIdGenerationStrategy();
        cryptoTransientIdGenerationStrategy.setDataSealer(this.dataSealer);
        cryptoTransientIdGenerationStrategy.setId("strategy");
        cryptoTransientIdGenerationStrategy.setIdLifetime(TIMEOUT);
        cryptoTransientIdGenerationStrategy.initialize();
        TransientIdAttributeDefinition newTransientIdAttributeDefinition = TransientIdAttributeDefinitionTest.newTransientIdAttributeDefinition(cryptoTransientIdGenerationStrategy);
        newTransientIdAttributeDefinition.setId("defn");
        newTransientIdAttributeDefinition.initialize();
        List values = ((IdPAttribute) newTransientIdAttributeDefinition.resolve(TestSources.createResolutionContext(TestSources.PRINCIPAL_ID, TestSources.IDP_ENTITY_ID, TestSources.SP_ENTITY_ID))).getValues();
        Assert.assertEquals(values.size(), 1);
        String value = ((StringAttributeValue) values.get(0)).getValue();
        NameID buildObject = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(NameID.DEFAULT_ELEMENT_NAME).buildObject();
        buildObject.setFormat("https://example.org/");
        buildObject.setNameQualifier(TestSources.IDP_ENTITY_ID);
        buildObject.setSPNameQualifier(TestSources.SP_ENTITY_ID);
        buildObject.setValue(value);
        NameIDCanonicalizationFlowDescriptor nameIDCanonicalizationFlowDescriptor = new NameIDCanonicalizationFlowDescriptor();
        nameIDCanonicalizationFlowDescriptor.setId("C14NDesc");
        nameIDCanonicalizationFlowDescriptor.setFormats(Collections.singleton("https://example.org/"));
        nameIDCanonicalizationFlowDescriptor.initialize();
        NameIDCanonicalization nameIDCanonicalization = new NameIDCanonicalization();
        nameIDCanonicalization.setDecoder(this.decoder);
        nameIDCanonicalization.initialize();
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        SubjectCanonicalizationContext subcontext = profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class, true);
        Subject subject = new Subject();
        subject.getPrincipals().add(new NameIDPrincipal(buildObject));
        subcontext.setSubject(subject);
        subcontext.setAttemptedFlow(nameIDCanonicalizationFlowDescriptor);
        subcontext.setRequesterId(TestSources.SP_ENTITY_ID);
        subcontext.setResponderId(TestSources.IDP_ENTITY_ID);
        nameIDCanonicalization.execute(profileRequestContext);
        ActionTestingSupport.assertProceedEvent(profileRequestContext);
        Assert.assertEquals(subcontext.getPrincipalName(), TestSources.PRINCIPAL_ID);
    }
}
