package net.shibboleth.idp.saml.attribute.principalconnector.impl;

import java.util.Collection;
import java.util.HashSet;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
import net.shibboleth.idp.attribute.resolver.ResolutionException;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.saml.authn.principal.NameIDPrincipal;
import net.shibboleth.idp.saml.authn.principal.NameIdentifierPrincipal;
import net.shibboleth.idp.saml.nameid.NameDecoderException;
import net.shibboleth.idp.saml.nameid.NameIDDecoder;
import net.shibboleth.idp.saml.nameid.NameIdentifierDecoder;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.opensaml.saml.saml2.core.NameID;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/attribute/principalconnector/impl/PrinicpalConnectorCanonicalizerTest.class */
public class PrinicpalConnectorCanonicalizerTest extends OpenSAMLInitBaseTestCase {
    private SAMLObjectBuilder<NameID> nameIDBuilder;
    private SAMLObjectBuilder<NameIdentifier> nameIdentifierBuilder;
    private TestCanonicalizer testCanon;

    /* loaded from: input_file:net/shibboleth/idp/saml/attribute/principalconnector/impl/PrinicpalConnectorCanonicalizerTest$MyDecoder.class */
    public static class MyDecoder implements NameIdentifierDecoder, NameIDDecoder {
        private final String prefix;

        public MyDecoder(String str) {
            this.prefix = str;
        }

        @Nonnull
        public String decode(@Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext, @Nonnull NameIdentifier nameIdentifier) throws NameDecoderException {
            return this.prefix + nameIdentifier.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId();
        }

        @Nonnull
        public String decode(@Nonnull SubjectCanonicalizationContext subjectCanonicalizationContext, @Nonnull NameID nameID) throws NameDecoderException {
            return nameID.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId() + this.prefix;
        }
    }

    /* loaded from: input_file:net/shibboleth/idp/saml/attribute/principalconnector/impl/PrinicpalConnectorCanonicalizerTest$TestCanonicalizer.class */
    public static class TestCanonicalizer extends PrinicpalConnectorCanonicalizer {
        public TestCanonicalizer(Collection<PrincipalConnector> collection) {
            setConnectors(collection);
        }

        protected String canonicalize(NameIdentifier nameIdentifier, SubjectCanonicalizationContext subjectCanonicalizationContext) throws ResolutionException {
            return "nameIdentifier";
        }

        public String doCanonicalize(NameIdentifier nameIdentifier, SubjectCanonicalizationContext subjectCanonicalizationContext) throws ResolutionException {
            return super.canonicalize(nameIdentifier, subjectCanonicalizationContext);
        }

        protected String canonicalize(NameID nameID, SubjectCanonicalizationContext subjectCanonicalizationContext) throws ResolutionException {
            return "nameID";
        }

        public String doCanonicalize(NameID nameID, SubjectCanonicalizationContext subjectCanonicalizationContext) throws ResolutionException {
            return super.canonicalize(nameID, subjectCanonicalizationContext);
        }
    }

    @BeforeClass
    public void setup() {
        this.nameIDBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(NameID.DEFAULT_ELEMENT_NAME);
        this.nameIdentifierBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(NameIdentifier.DEFAULT_ELEMENT_NAME);
        HashSet hashSet = new HashSet(3);
        MyDecoder myDecoder = new MyDecoder("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos");
        hashSet.add(PrincipalConnectorTest.newPrincipalConnector(myDecoder, myDecoder, "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"));
        MyDecoder myDecoder2 = new MyDecoder("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        hashSet.add(PrincipalConnectorTest.newPrincipalConnector(myDecoder2, myDecoder2, "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
        this.testCanon = new TestCanonicalizer(hashSet);
    }

    @Test
    public void testCanonicalize() throws ResolutionException {
        Subject subject = new Subject();
        SubjectCanonicalizationContext subjectCanonicalizationContext = new SubjectCanonicalizationContext();
        subjectCanonicalizationContext.setSubject(subject);
        Assert.assertNull(this.testCanon.canonicalize(subjectCanonicalizationContext));
        subject.getPrincipals().add(new UsernamePrincipal("user"));
        subjectCanonicalizationContext.setSubject(subject);
        Assert.assertNull(this.testCanon.canonicalize(subjectCanonicalizationContext));
        subjectCanonicalizationContext.setRequesterId("Requester");
        subjectCanonicalizationContext.setResponderId("Responder");
        subject.getPrincipals().clear();
        subject.getPrincipals().add(new NameIdentifierPrincipal(this.nameIdentifierBuilder.buildObject()));
        Assert.assertEquals(this.testCanon.canonicalize(subjectCanonicalizationContext), "nameIdentifier");
        NameIdentifier buildObject = this.nameIdentifierBuilder.buildObject();
        buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName");
        subject.getPrincipals().add(new NameIdentifierPrincipal(buildObject));
        Assert.assertNull(this.testCanon.canonicalize(subjectCanonicalizationContext), "too many NameIdentifiers");
        subject.getPrincipals().add(new NameIDPrincipal(this.nameIDBuilder.buildObject()));
        Assert.assertEquals(this.testCanon.canonicalize(subjectCanonicalizationContext), "nameID");
        NameID buildObject2 = this.nameIDBuilder.buildObject();
        buildObject2.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        subject.getPrincipals().add(new NameIDPrincipal(buildObject2));
        Assert.assertNull(this.testCanon.canonicalize(subjectCanonicalizationContext), "Too many NameIDs");
    }

    @Test
    public void testSAML1() throws ResolutionException {
        Subject subject = new Subject();
        SubjectCanonicalizationContext subjectCanonicalizationContext = new SubjectCanonicalizationContext();
        NameIdentifier buildObject = this.nameIdentifierBuilder.buildObject();
        buildObject.setValue("val");
        subject.getPrincipals().add(new NameIdentifierPrincipal(buildObject));
        subjectCanonicalizationContext.setSubject(subject);
        subjectCanonicalizationContext.setRequesterId("S1Requester");
        subjectCanonicalizationContext.setResponderId("S1Responder");
        Assert.assertEquals(this.testCanon.doCanonicalize(buildObject, subjectCanonicalizationContext), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + buildObject.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId());
        subject.getPrincipals().clear();
        NameIdentifier buildObject2 = this.nameIdentifierBuilder.buildObject();
        buildObject2.setValue("val2");
        buildObject2.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        subject.getPrincipals().add(new NameIdentifierPrincipal(buildObject2));
        Assert.assertEquals(this.testCanon.doCanonicalize(buildObject2, subjectCanonicalizationContext), "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + buildObject2.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId());
        subject.getPrincipals().clear();
        NameIdentifier buildObject3 = this.nameIdentifierBuilder.buildObject();
        buildObject3.setValue("val3");
        buildObject3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName");
        subject.getPrincipals().add(new NameIdentifierPrincipal(buildObject3));
        Assert.assertNull(this.testCanon.doCanonicalize(buildObject3, subjectCanonicalizationContext));
        subject.getPrincipals().clear();
        NameIdentifier buildObject4 = this.nameIdentifierBuilder.buildObject();
        buildObject4.setValue("val4");
        buildObject4.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos");
        subject.getPrincipals().add(new NameIdentifierPrincipal(buildObject4));
        Assert.assertEquals(this.testCanon.doCanonicalize(buildObject4, subjectCanonicalizationContext), "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos" + buildObject4.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId());
    }

    @Test
    public void testSAML2() throws ResolutionException {
        Subject subject = new Subject();
        SubjectCanonicalizationContext subjectCanonicalizationContext = new SubjectCanonicalizationContext();
        NameID buildObject = this.nameIDBuilder.buildObject();
        buildObject.setValue("NID1");
        subject.getPrincipals().add(new NameIDPrincipal(buildObject));
        subjectCanonicalizationContext.setSubject(subject);
        subjectCanonicalizationContext.setRequesterId("SAML2Requester");
        subjectCanonicalizationContext.setResponderId("SAML2Responder");
        Assert.assertEquals(this.testCanon.doCanonicalize(buildObject, subjectCanonicalizationContext), buildObject.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId() + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        subject.getPrincipals().clear();
        NameID buildObject2 = this.nameIDBuilder.buildObject();
        buildObject2.setValue("NID2");
        buildObject2.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        subject.getPrincipals().add(new NameIDPrincipal(buildObject2));
        Assert.assertEquals(this.testCanon.doCanonicalize(buildObject2, subjectCanonicalizationContext), buildObject2.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId() + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        subject.getPrincipals().clear();
        NameID buildObject3 = this.nameIDBuilder.buildObject();
        buildObject3.setValue("NID3");
        buildObject3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName");
        subject.getPrincipals().add(new NameIDPrincipal(buildObject3));
        Assert.assertNull(this.testCanon.doCanonicalize(buildObject3, subjectCanonicalizationContext));
        subject.getPrincipals().clear();
        NameID buildObject4 = this.nameIDBuilder.buildObject();
        buildObject4.setValue("NID4");
        buildObject4.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos");
        subject.getPrincipals().add(new NameIDPrincipal(buildObject4));
        Assert.assertEquals(this.testCanon.doCanonicalize(buildObject4, subjectCanonicalizationContext), buildObject4.getValue() + subjectCanonicalizationContext.getRequesterId() + subjectCanonicalizationContext.getResponderId() + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos");
    }
}
