package net.shibboleth.idp.saml.saml2.profile.delegation.impl;

import com.google.common.base.Predicates;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.function.Function;
import net.shibboleth.idp.profile.config.ProfileConfiguration;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.saml2.profile.SAML2ActionTestingSupport;
import net.shibboleth.idp.saml.saml2.profile.config.BrowserSSOProfileConfiguration;
import net.shibboleth.idp.saml.saml2.profile.delegation.DelegationContext;
import net.shibboleth.idp.saml.saml2.profile.delegation.DelegationRequest;
import net.shibboleth.idp.saml.saml2.profile.delegation.impl.DecorateDelegatedAssertion;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.UninitializedComponentException;
import net.shibboleth.utilities.java.support.logic.FunctionSupport;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.openliberty.xmltooling.disco.MetadataAbstract;
import org.openliberty.xmltooling.disco.ProviderID;
import org.openliberty.xmltooling.disco.SecurityContext;
import org.openliberty.xmltooling.disco.SecurityMechID;
import org.openliberty.xmltooling.disco.ServiceType;
import org.openliberty.xmltooling.security.Token;
import org.openliberty.xmltooling.soapbinding.Framework;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.KeyInfoConfirmationDataType;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.soap.wsaddressing.EndpointReference;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockServletContext;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.w3c.dom.Element;
import org.xmlunit.builder.DiffBuilder;
import org.xmlunit.diff.Diff;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/delegation/impl/DecorateDelegatedAssertionTest.class */
public class DecorateDelegatedAssertionTest extends OpenSAMLInitBaseTestCase {
    private AuthnRequest authnRequest;
    private Response response;
    private Assertion assertion;
    private Element origAssertionDOM;
    private BrowserSSOProfileConfiguration browserSSOProfileConfig;
    private List<ProfileConfiguration> profileConfigs;
    private List<Credential> credentials;
    private DecorateDelegatedAssertion action;
    private MockServletContext servletContext;
    private MockHttpServletRequest servletRequest;
    private RequestContext rc;
    private ProfileRequestContext prc;
    private DelegationContext delegationContext;
    private boolean print = false;
    private String ssosURL = "https://idp.example.org:8443/idp/profile/IDWSF/SSOS";
    private int numKeys = 3;
    private List<PublicKey> publicKeys = new ArrayList();

    public DecorateDelegatedAssertionTest() throws NoSuchAlgorithmException, NoSuchProviderException {
        for (int i = 0; i < this.numKeys; i++) {
            this.publicKeys.add(KeySupport.generateKeyPair("RSA", 2048, (String) null).getPublic());
        }
        this.credentials = new ArrayList();
        Iterator<PublicKey> it = this.publicKeys.iterator();
        while (it.hasNext()) {
            this.credentials.add(CredentialSupport.getSimpleCredential(it.next(), (PrivateKey) null));
        }
    }

    @BeforeMethod
    protected void setUp() throws ComponentInitializationException, MarshallingException {
        this.servletContext = new MockServletContext();
        this.servletContext.setContextPath("/idp");
        this.servletRequest = new MockHttpServletRequest(this.servletContext);
        this.servletRequest.setScheme("https");
        this.servletRequest.setServerName("idp.example.org");
        this.servletRequest.setServerPort(443);
        this.servletRequest.setRequestURI("/idp/profile/SAML2/Redirect/SSO");
        this.servletRequest.setContextPath("/idp");
        this.authnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        this.authnRequest.setIssuer(SAML2ActionTestingSupport.buildIssuer("http://sp.example.org"));
        this.response = SAML2ActionTestingSupport.buildResponse();
        this.response.setIssuer(SAML2ActionTestingSupport.buildIssuer("http://idp.example.org"));
        this.assertion = SAML2ActionTestingSupport.buildAssertion();
        this.assertion.setID("assertion");
        this.assertion.setIssuer(SAML2ActionTestingSupport.buildIssuer("http://idp.example.org"));
        this.assertion.setSubject(SAML2ActionTestingSupport.buildSubject("morpheus"));
        this.assertion.getAuthnStatements().add(SAML2ActionTestingSupport.buildAuthnStatement());
        this.assertion.getAttributeStatements().add(SAML2ActionTestingSupport.buildAttributeStatement());
        this.response.getAssertions().add(this.assertion);
        this.browserSSOProfileConfig = new BrowserSSOProfileConfiguration();
        this.profileConfigs = new ArrayList();
        this.profileConfigs.add(this.browserSSOProfileConfig);
        this.rc = new RequestContextBuilder().setServletContext(this.servletContext).setHttpRequest(this.servletRequest).setInboundMessage(this.authnRequest).setOutboundMessage(this.response).setRelyingPartyProfileConfigurations(this.profileConfigs).buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        SAMLPeerEntityContext subcontext2 = subcontext.getSubcontext(SAMLPeerEntityContext.class, true);
        subcontext2.setEntityId("http://sp.example.org");
        subcontext2.setRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        subcontext.setRelyingPartyIdContextTree(subcontext2);
        this.action = new DecorateDelegatedAssertion();
        this.action.setHttpServletRequest(this.servletRequest);
        this.action.setLibertySSOSEndpointURL(this.ssosURL);
        this.action.setKeyInfoGeneratorManager(DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager());
        this.delegationContext = this.prc.getSubcontext(DelegationContext.class, true);
        this.delegationContext.setIssuingDelegatedAssertion(true);
        this.delegationContext.setDelegationRequested(DelegationRequest.REQUESTED_REQUIRED);
        this.delegationContext.setSubjectConfirmationCredentials(this.credentials);
        this.origAssertionDOM = XMLObjectSupport.marshall(this.assertion);
        this.assertion.releaseDOM();
        this.assertion.releaseChildrenDOM(true);
    }

    @BeforeMethod(dependsOnMethods = {"setUp"})
    protected void printBefore() {
        if (this.print) {
            System.out.println(prettyPrint(this.authnRequest));
            System.out.println(prettyPrint(this.response));
        }
    }

    @AfterMethod
    protected void printAfter() {
        if (this.print) {
            System.out.println(prettyPrint(this.response));
        }
    }

    @Test(expectedExceptions = {UninitializedComponentException.class})
    public void testNotInitialized() throws Exception {
        this.action.execute(this.rc);
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNoConfiguredEndpointNoStrategy() throws Exception {
        this.action = new DecorateDelegatedAssertion();
        this.action.setLibertySSOSEndpointURL((String) null);
        this.action.setLibertySSOSEndpointURLLookupStrategy((Function) null);
        this.action.setKeyInfoGeneratorManager(DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager());
        this.action.initialize();
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNoKeyInfoManager() throws Exception {
        this.action = new DecorateDelegatedAssertion();
        this.action.setLibertySSOSEndpointURL(this.ssosURL);
        this.action.initialize();
    }

    @Test
    public void testNoRelyingPartyContext() throws Exception {
        this.prc.removeSubcontext(RelyingPartyContext.class);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
        testUndecoratedAssertion();
    }

    @Test
    public void testNoAssertions() throws Exception {
        this.response.getAssertions().clear();
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        testUndecoratedAssertion();
    }

    @Test
    public void testActivationCondition() throws Exception {
        this.action.setActivationCondition(Predicates.alwaysFalse());
        this.delegationContext.setSubjectConfirmationCredentials((List) null);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        testUndecoratedAssertion();
    }

    @Test
    public void testNoDelegationContext() throws Exception {
        this.prc.removeSubcontext(DelegationContext.class);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        testUndecoratedAssertion();
    }

    @Test
    public void testDelegationNotActive() throws Exception {
        this.delegationContext.setIssuingDelegatedAssertion(false);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        testUndecoratedAssertion();
    }

    @Test
    public void testDelegationActive() throws Exception {
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        testDecoratedAssertion();
    }

    @Test
    public void testDelegationActiveNoCredentials() throws Exception {
        this.delegationContext.setSubjectConfirmationCredentials((List) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
        testUndecoratedAssertion();
    }

    @Test
    public void testEndpointViaDefaultStrategy() throws Exception {
        this.action.setLibertySSOSEndpointURL((String) null);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        testDecoratedAssertion();
    }

    @Test
    public void testEndpointStrategyProducesNull() throws Exception {
        this.action.setLibertySSOSEndpointURL((String) null);
        this.action.setLibertySSOSEndpointURLLookupStrategy(FunctionSupport.constant((Object) null));
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
        testUndecoratedAssertion();
    }

    @Test
    public void testDefaultEndpointStrategy() {
        Assert.assertEquals(this.servletRequest.getRequestURL().toString(), "https://idp.example.org/idp/profile/SAML2/Redirect/SSO");
        Assert.assertEquals(new DecorateDelegatedAssertion.LibertySSOSEndpointURLStrategy().apply(new Pair(this.prc, this.servletRequest)), this.ssosURL);
    }

    private String prettyPrint(XMLObject xMLObject) {
        try {
            return SerializeSupport.prettyPrintXML(XMLObjectSupport.marshall(xMLObject));
        } catch (MarshallingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private void testUndecoratedAssertion() throws MarshallingException {
        Element marshall = XMLObjectSupport.marshall(this.assertion);
        this.assertion.releaseDOM();
        this.assertion.releaseChildrenDOM(true);
        Assert.assertNotSame(this.origAssertionDOM.getOwnerDocument(), marshall.getOwnerDocument());
        Diff build = DiffBuilder.compare(this.origAssertionDOM).withTest(marshall).checkForIdentical().build();
        Assert.assertFalse(build.hasDifferences(), build.toString());
    }

    private void testDecoratedAssertion() throws MarshallingException {
        Element marshall = XMLObjectSupport.marshall(this.assertion);
        this.assertion.releaseDOM();
        this.assertion.releaseChildrenDOM(true);
        Assert.assertNotSame(this.origAssertionDOM.getOwnerDocument(), marshall.getOwnerDocument());
        Diff build = DiffBuilder.compare(this.origAssertionDOM).withTest(marshall).checkForIdentical().build();
        Assert.assertTrue(build.hasDifferences(), build.toString());
        Assert.assertNotNull(this.assertion.getSubject().getSubjectConfirmations());
        Assert.assertEquals(this.assertion.getSubject().getSubjectConfirmations().size(), 1);
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) this.assertion.getSubject().getSubjectConfirmations().get(0);
        Assert.assertEquals(subjectConfirmation.getMethod(), "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        Assert.assertNotNull(subjectConfirmation.getNameID());
        Assert.assertEquals(subjectConfirmation.getNameID().getValue(), "http://sp.example.org");
        Assert.assertTrue(subjectConfirmation.getSubjectConfirmationData() instanceof KeyInfoConfirmationDataType);
        KeyInfoConfirmationDataType subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
        Assert.assertEquals(subjectConfirmationData.getKeyInfos().size(), this.numKeys);
        Assert.assertEquals(((KeyInfo) subjectConfirmationData.getKeyInfos().get(0)).getKeyValues().size(), 1);
        Assert.assertNotNull(this.assertion.getConditions());
        Assert.assertEquals(this.assertion.getConditions().getAudienceRestrictions().size(), 1);
        Assert.assertTrue(((AudienceRestriction) this.assertion.getConditions().getAudienceRestrictions().get(0)).getAudiences().size() > 0);
        boolean z = false;
        Iterator it = ((AudienceRestriction) this.assertion.getConditions().getAudienceRestrictions().get(0)).getAudiences().iterator();
        while (it.hasNext()) {
            if (Objects.equals(((Audience) it.next()).getURI(), "http://idp.example.org")) {
                z = true;
            }
        }
        Assert.assertTrue(z);
        Assert.assertEquals(this.assertion.getAttributeStatements().size(), 1);
        Attribute attribute = null;
        Iterator it2 = ((AttributeStatement) this.assertion.getAttributeStatements().get(0)).getAttributes().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            Attribute attribute2 = (Attribute) it2.next();
            if (Objects.equals(attribute2.getName(), "urn:liberty:ssos:2006-08")) {
                attribute = attribute2;
                break;
            }
        }
        Assert.assertNotNull(attribute);
        Assert.assertEquals(attribute.getAttributeValues().size(), 1);
        Assert.assertTrue(attribute.getAttributeValues().get(0) instanceof XSAny);
        XSAny xSAny = (XSAny) attribute.getAttributeValues().get(0);
        Assert.assertEquals(xSAny.getUnknownXMLObjects(EndpointReference.ELEMENT_NAME).size(), 1);
        EndpointReference endpointReference = (EndpointReference) xSAny.getUnknownXMLObjects(EndpointReference.ELEMENT_NAME).get(0);
        Assert.assertNotNull(endpointReference.getAddress());
        Assert.assertEquals(endpointReference.getAddress().getURI(), this.ssosURL);
        Assert.assertNotNull(endpointReference.getMetadata());
        Assert.assertEquals(endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_ABSTRACT_ELEMENT_NAME).size(), 1);
        Assert.assertEquals(((MetadataAbstract) endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_ABSTRACT_ELEMENT_NAME).get(0)).getValue(), "ID-WSF Single Sign-On Service");
        Assert.assertEquals(endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_SERVICE_TYPE_ELEMENT_NAME).size(), 1);
        Assert.assertEquals(((ServiceType) endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_SERVICE_TYPE_ELEMENT_NAME).get(0)).getValue(), "urn:liberty:ssos:2006-08");
        Assert.assertEquals(endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_PROVIDERID_ELEMENT_NAME).size(), 1);
        Assert.assertEquals(((ProviderID) endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_PROVIDERID_ELEMENT_NAME).get(0)).getValue(), "http://idp.example.org");
        Assert.assertEquals(endpointReference.getMetadata().getUnknownXMLObjects(Framework.DEFAULT_ELEMENT_NAME).size(), 1);
        Assert.assertEquals(((Framework) endpointReference.getMetadata().getUnknownXMLObjects(Framework.DEFAULT_ELEMENT_NAME).get(0)).getVersion(), "2.0");
        Assert.assertEquals(endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_SECURITY_CONTEXT_ELEMENT_NAME).size(), 1);
        SecurityContext securityContext = (SecurityContext) endpointReference.getMetadata().getUnknownXMLObjects(LibertyConstants.DISCO_SECURITY_CONTEXT_ELEMENT_NAME).get(0);
        Assert.assertEquals(securityContext.getSecurityMechIDs().size(), 1);
        Assert.assertEquals(((SecurityMechID) securityContext.getSecurityMechIDs().get(0)).getValue(), "urn:liberty:security:2005-02:ClientTLS:peerSAMLV2");
        Assert.assertEquals(securityContext.getTokens().size(), 1);
        Assert.assertEquals(((Token) securityContext.getTokens().get(0)).getRef(), "#assertion");
        Assert.assertEquals(((Token) securityContext.getTokens().get(0)).getUsage(), "urn:liberty:security:tokenusage:2006-08:SecurityToken");
    }
}
