package net.shibboleth.idp.saml.saml2.profile.impl;

import com.google.common.base.Predicates;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.messaging.decoder.MessageDecoder;
import org.opensaml.profile.action.ProfileAction;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.testing.ActionTestingSupport;
import org.opensaml.profile.testing.RequestContextBuilder;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.assertion.ValidationProcessingData;
import org.opensaml.saml.common.assertion.ValidationResult;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.testing.SAML2ActionTestingSupport;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/impl/ProcessAssertionsForAuthenticationTest.class */
public class ProcessAssertionsForAuthenticationTest extends OpenSAMLInitBaseTestCase {
    private ProcessAssertionsForAuthentication action;
    private ProfileRequestContext prc;
    private ProfileRequestContext prcInner;
    private SAMLAuthnContext samlAuthnContext;
    private Response samlResponse;
    private MockHttpServletRequest httpRequest;
    private MockHttpServletResponse httpResponse;

    /* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/impl/ProcessAssertionsForAuthenticationTest$MockMessageDecoderFunction.class */
    private static class MockMessageDecoderFunction implements Function<String, MessageDecoder> {
        private MockMessageDecoderFunction() {
        }

        @Override // java.util.function.Function
        public MessageDecoder apply(String str) {
            return null;
        }
    }

    /* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/impl/ProcessAssertionsForAuthenticationTest$MockProfileAction.class */
    private static class MockProfileAction implements ProfileAction {
        private MockProfileAction() {
        }

        public boolean isInitialized() {
            return true;
        }

        public void initialize() throws ComponentInitializationException {
        }

        public void execute(ProfileRequestContext profileRequestContext) {
        }
    }

    @BeforeMethod
    public void beforeMethod() {
        this.httpRequest = new MockHttpServletRequest();
        this.httpResponse = new MockHttpServletResponse();
        this.action = new ProcessAssertionsForAuthentication();
        this.action.setHttpServletRequest(this.httpRequest);
        this.action.setHttpServletResponse(this.httpResponse);
        this.samlResponse = SAML2ActionTestingSupport.buildResponse();
        this.prcInner = new RequestContextBuilder().setInboundMessage(this.samlResponse).buildProfileRequestContext();
        this.prc = new RequestContextBuilder().buildProfileRequestContext();
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class, true);
        this.samlAuthnContext = new SAMLAuthnContext(new MockProfileAction(), new MockMessageDecoderFunction());
        subcontext.addSubcontext(this.samlAuthnContext);
        subcontext.addSubcontext(this.prcInner);
    }

    @Test
    public void testValid() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion.getAuthnStatements().get(0));
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test
    public void testInvalid() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.INVALID));
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.emptyList());
    }

    @Test
    public void testIndeterminate() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.INDETERMINATE));
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.emptyList());
    }

    @Test
    public void testMultipleValidNoSessionInstant() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion);
        Assertion buildAssertion2 = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion2);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion.getAuthnStatements().get(0));
        Assert.assertEquals(this.samlResponse.getAssertions(), List.of(buildAssertion, buildAssertion2));
    }

    @Test
    public void testMultipleValidMixedSessionInstant() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion);
        Assertion buildAssertion2 = buildAssertion(ValidationResult.VALID);
        ((AuthnStatement) buildAssertion2.getAuthnStatements().get(0)).setSessionNotOnOrAfter(Instant.now().plus((TemporalAmount) Duration.ofHours(2L)));
        this.samlResponse.getAssertions().add(buildAssertion2);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion2.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion2.getAuthnStatements().get(0));
        Assert.assertEquals(this.samlResponse.getAssertions(), List.of(buildAssertion, buildAssertion2));
    }

    @Test
    public void testMixedValidity() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.INVALID));
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion);
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.INDETERMINATE));
        Assertion buildAssertion2 = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion2);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion.getAuthnStatements().get(0));
        Assert.assertEquals(this.samlResponse.getAssertions(), List.of(buildAssertion, buildAssertion2));
    }

    @Test
    public void testMultipleValidBothSessionInstant() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        ((AuthnStatement) buildAssertion.getAuthnStatements().get(0)).setSessionNotOnOrAfter(Instant.now().plus((TemporalAmount) Duration.ofHours(1L)));
        this.samlResponse.getAssertions().add(buildAssertion);
        Assertion buildAssertion2 = buildAssertion(ValidationResult.VALID);
        ((AuthnStatement) buildAssertion2.getAuthnStatements().get(0)).setSessionNotOnOrAfter(Instant.now().plus((TemporalAmount) Duration.ofHours(2L)));
        this.samlResponse.getAssertions().add(buildAssertion2);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion.getAuthnStatements().get(0));
        Assert.assertEquals(this.samlResponse.getAssertions(), List.of(buildAssertion, buildAssertion2));
    }

    @Test
    public void testMultipleAuthnStatementsNoSessionInstant() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        buildAssertion.getAuthnStatements().add(SAML2ActionTestingSupport.buildAuthnStatement());
        this.samlResponse.getAssertions().add(buildAssertion);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion.getAuthnStatements().get(0));
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test
    public void testMultipleAuthnStatementsMixedSessionInstant() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        buildAssertion.getAuthnStatements().add(SAML2ActionTestingSupport.buildAuthnStatement());
        ((AuthnStatement) buildAssertion.getAuthnStatements().get(1)).setSessionNotOnOrAfter(Instant.now().plus((TemporalAmount) Duration.ofHours(2L)));
        this.samlResponse.getAssertions().add(buildAssertion);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion.getAuthnStatements().get(1));
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test
    public void testMultipleAuthnStatementsBothSessionInstant() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        ((AuthnStatement) buildAssertion.getAuthnStatements().get(0)).setSessionNotOnOrAfter(Instant.now().plus((TemporalAmount) Duration.ofHours(1L)));
        buildAssertion.getAuthnStatements().add(SAML2ActionTestingSupport.buildAuthnStatement());
        ((AuthnStatement) buildAssertion.getAuthnStatements().get(1)).setSessionNotOnOrAfter(Instant.now().plus((TemporalAmount) Duration.ofHours(2L)));
        this.samlResponse.getAssertions().add(buildAssertion);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertSame(this.samlAuthnContext.getSubject(), buildAssertion.getSubject());
        Assert.assertSame(this.samlAuthnContext.getAuthnStatement(), buildAssertion.getAuthnStatements().get(0));
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test
    public void testNoResponse() throws ComponentInitializationException {
        this.prcInner.getInboundMessageContext().setMessage((Object) null);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.emptyList());
    }

    @Test
    public void testNoAssertions() throws ComponentInitializationException {
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.emptyList());
    }

    @Test
    public void testNoSAMLAuthnContext() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion);
        this.prc.getSubcontext(AuthenticationContext.class).removeSubcontext(SAMLAuthnContext.class);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test
    public void testAssertionNotValidated() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(null));
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.emptyList());
    }

    @Test
    public void testNoAuthnStatement() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        buildAssertion.getAuthnStatements().clear();
        this.samlResponse.getAssertions().add(buildAssertion);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test
    public void testNoConfirmedSubject() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        ((ValidationProcessingData) buildAssertion.getObjectMetadata().get(ValidationProcessingData.class).get(0)).getContext().getDynamicParameters().remove("saml2.ConfirmedSubjectConfirmation");
        this.samlResponse.getAssertions().add(buildAssertion);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidCredentials");
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test
    public void testActionInactive() throws ComponentInitializationException {
        Assertion buildAssertion = buildAssertion(ValidationResult.VALID);
        this.samlResponse.getAssertions().add(buildAssertion);
        this.action.setActivationCondition(Predicates.alwaysFalse());
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertNull(this.samlAuthnContext.getSubject());
        Assert.assertNull(this.samlAuthnContext.getAuthnStatement());
        Assert.assertEquals(this.samlResponse.getAssertions(), Collections.singletonList(buildAssertion));
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNullAuthnAssertionStrategy() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.VALID));
        this.action.setAuthnAssertionSelectionStrategy((Function) null);
        this.action.initialize();
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNullAuthnStatementStrategy() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.VALID));
        this.action.setAuthnStatementSelectionStrategy((Function) null);
        this.action.initialize();
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNullResponseResolver() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.VALID));
        this.action.setResponseResolver((Function) null);
        this.action.initialize();
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNullSAMLAuthnContextStrategy() throws ComponentInitializationException {
        this.samlResponse.getAssertions().add(buildAssertion(ValidationResult.VALID));
        this.action.setSAMLAuthnContextLookupStrategy((Function) null);
        this.action.initialize();
    }

    private Assertion buildAssertion(ValidationResult validationResult) {
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) XMLObjectSupport.buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        Subject buildSubject = SAML2ActionTestingSupport.buildSubject("testUser");
        buildSubject.getSubjectConfirmations().add(subjectConfirmation);
        Assertion buildAssertion = SAML2ActionTestingSupport.buildAssertion();
        buildAssertion.setSubject(buildSubject);
        buildAssertion.getAuthnStatements().add(SAML2ActionTestingSupport.buildAuthnStatement());
        if (validationResult != null) {
            buildAssertion.getObjectMetadata().put(new ValidationProcessingData(buildValidationContext(subjectConfirmation), validationResult));
        }
        return buildAssertion;
    }

    private ValidationContext buildValidationContext(SubjectConfirmation subjectConfirmation) {
        ValidationContext validationContext = new ValidationContext();
        validationContext.getDynamicParameters().put("saml2.ConfirmedSubjectConfirmation", subjectConfirmation);
        return validationContext;
    }
}
