package net.shibboleth.idp.saml.saml2.profile.impl;

import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.RequestedPrincipalContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.ResponderIdLookupFunction;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.relyingparty.RelyingPartyConfiguration;
import net.shibboleth.idp.saml.authn.principal.AuthenticationMethodPrincipal;
import net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal;
import net.shibboleth.idp.saml.saml2.profile.SAML2ActionTestingSupport;
import net.shibboleth.idp.saml.saml2.profile.config.BrowserSSOProfileConfiguration;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.messaging.context.navigate.ParentContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.Scoping;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/impl/AddAuthnRequestTest.class */
public class AddAuthnRequestTest extends OpenSAMLInitBaseTestCase {
    private RequestContext rc;
    private AuthenticationContext ac;
    private ProfileRequestContext prc1;
    private ProfileRequestContext prc2;
    private RelyingPartyContext rpc;
    private AddAuthnRequest action;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.rc = new RequestContextBuilder().buildRequestContext();
        this.prc1 = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        this.ac = this.prc1.getSubcontext(AuthenticationContext.class, true);
        this.prc2 = this.ac.getSubcontext(ProfileRequestContext.class, true);
        this.prc2.setOutboundMessageContext(new MessageContext());
        this.rpc = this.prc2.getSubcontext(RelyingPartyContext.class, true);
        this.rpc.setRelyingPartyId("http://sp.example.org");
        RelyingPartyConfiguration relyingPartyConfiguration = new RelyingPartyConfiguration();
        relyingPartyConfiguration.setId("mock");
        relyingPartyConfiguration.setResponderId("http://idp.example.org");
        relyingPartyConfiguration.setDetailedErrors(true);
        relyingPartyConfiguration.initialize();
        this.rpc.setConfiguration(relyingPartyConfiguration);
        this.rpc.setProfileConfig(new BrowserSSOProfileConfiguration());
        this.action = new AddAuthnRequest();
        this.action.setProfileContextLookupStrategy(new ChildContextLookup(ProfileRequestContext.class).compose(new ChildContextLookup(AuthenticationContext.class).compose(new WebflowRequestContextProfileRequestContextLookup())));
        this.action.setAuthenticationContextLookupStrategy(new ParentContextLookup(AuthenticationContext.class));
        this.action.setIssuerLookupStrategy(new ResponderIdLookupFunction());
        this.action.initialize();
    }

    @Test
    public void testNoRelyingPartyContext() {
        this.prc2.removeSubcontext(RelyingPartyContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileConfiguration");
    }

    @Test
    public void testNoMessageContext() {
        this.prc2.setOutboundMessageContext((MessageContext) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidMessageContext");
    }

    @Test
    public void testExistingMessage() {
        this.prc2.getOutboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidMessageContext");
    }

    @Test
    public void testSimple() {
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        AuthnRequest authnRequest = (AuthnRequest) this.prc2.getOutboundMessageContext().getMessage();
        Assert.assertEquals(authnRequest.getIssuer().getValue(), "http://idp.example.org");
        Assert.assertFalse(authnRequest.isForceAuthn().booleanValue());
        Assert.assertFalse(authnRequest.isPassive().booleanValue());
        NameIDPolicy nameIDPolicy = authnRequest.getNameIDPolicy();
        Assert.assertNotNull(nameIDPolicy);
        Assert.assertNull(nameIDPolicy.getFormat());
        Assert.assertTrue(nameIDPolicy.getAllowCreate().booleanValue());
        Assert.assertNull(authnRequest.getRequestedAuthnContext());
    }

    @Test
    public void testFlags() {
        this.ac.setIsPassive(true);
        this.ac.setForceAuthn(true);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        AuthnRequest authnRequest = (AuthnRequest) this.prc2.getOutboundMessageContext().getMessage();
        Assert.assertEquals(authnRequest.getIssuer().getValue(), "http://idp.example.org");
        Assert.assertTrue(authnRequest.isForceAuthn().booleanValue());
        Assert.assertTrue(authnRequest.isPassive().booleanValue());
        this.prc2.getOutboundMessageContext().setMessage((Object) null);
        this.rpc.getProfileConfig().setForceAuthn(false);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertFalse(((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).isForceAuthn().booleanValue());
    }

    @Test
    public void testNameIDFormat() {
        this.rpc.getProfileConfig().setNameIDFormatPrecedence(Arrays.asList("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        NameIDPolicy nameIDPolicy = ((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).getNameIDPolicy();
        Assert.assertNotNull(nameIDPolicy);
        Assert.assertEquals(nameIDPolicy.getFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        Assert.assertTrue(nameIDPolicy.getAllowCreate().booleanValue());
    }

    @Test
    public void testScopingNoCount() {
        this.ac.getProxiableAuthorities().add("foo");
        this.ac.getProxiableAuthorities().add("bar");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        Scoping scoping = ((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).getScoping();
        Assert.assertNotNull(scoping);
        Assert.assertNull(scoping.getProxyCount());
        Assert.assertNotNull(scoping.getIDPList());
        Assert.assertEquals((Set) scoping.getIDPList().getIDPEntrys().stream().map((v0) -> {
            return v0.getProviderID();
        }).filter(str -> {
            return str != null;
        }).collect(Collectors.toUnmodifiableSet()), this.ac.getProxiableAuthorities());
    }

    @Test
    public void testScopingCount1() {
        this.ac.setProxyCount(1);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        Scoping scoping = ((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).getScoping();
        Assert.assertNotNull(scoping);
        Assert.assertNull(scoping.getIDPList());
        Assert.assertEquals(scoping.getProxyCount(), 0);
    }

    @Test
    public void testScopingCount5() {
        this.ac.setProxyCount(5);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        Scoping scoping = ((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).getScoping();
        Assert.assertNotNull(scoping);
        Assert.assertNull(scoping.getIDPList());
        Assert.assertEquals(scoping.getProxyCount(), 4);
    }

    @Test
    public void testScopingCount0() {
        this.ac.setProxyCount(0);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        Scoping scoping = ((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).getScoping();
        Assert.assertNotNull(scoping);
        Assert.assertNull(scoping.getIDPList());
        Assert.assertEquals(scoping.getProxyCount(), 0);
    }

    @Test
    public void testAuthnContext() {
        RequestedPrincipalContext subcontext = this.ac.getSubcontext(RequestedPrincipalContext.class, true);
        subcontext.setOperator("exact");
        subcontext.setRequestedPrincipals(Arrays.asList(new AuthnContextClassRefPrincipal("urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"), new AuthenticationMethodPrincipal("urn:ietf:rfc:1510"), new AuthnContextClassRefPrincipal("urn:oasis:names:tc:SAML:2.0:ac:classes:X509")));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertNotNull(this.prc2.getOutboundMessageContext().getMessage());
        Assert.assertTrue(this.prc2.getOutboundMessageContext().getMessage() instanceof AuthnRequest);
        RequestedAuthnContext requestedAuthnContext = ((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).getRequestedAuthnContext();
        Assert.assertNotNull(requestedAuthnContext);
        Assert.assertEquals(requestedAuthnContext.getComparison(), AuthnContextComparisonTypeEnumeration.EXACT);
        Assert.assertEquals(requestedAuthnContext.getAuthnContextClassRefs().size(), 2);
        Assert.assertEquals(((AuthnContextClassRef) requestedAuthnContext.getAuthnContextClassRefs().get(0)).getURI(), "urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos");
        Assert.assertEquals(((AuthnContextClassRef) requestedAuthnContext.getAuthnContextClassRefs().get(1)).getURI(), "urn:oasis:names:tc:SAML:2.0:ac:classes:X509");
        this.rpc.getProfileConfig().setAuthnContextComparison(AuthnContextComparisonTypeEnumeration.EXACT);
        this.rpc.getProfileConfig().setDefaultAuthenticationMethods(Arrays.asList(new AuthnContextClassRefPrincipal("urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos"), new AuthnContextClassRefPrincipal("urn:oasis:names:tc:SAML:2.0:ac:classes:X509")));
        this.prc2.getOutboundMessageContext().setMessage((Object) null);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        RequestedAuthnContext requestedAuthnContext2 = ((AuthnRequest) this.prc2.getOutboundMessageContext().getMessage()).getRequestedAuthnContext();
        Assert.assertNotNull(requestedAuthnContext2);
        Assert.assertEquals(requestedAuthnContext2.getComparison(), AuthnContextComparisonTypeEnumeration.EXACT);
        Assert.assertEquals(requestedAuthnContext2.getAuthnContextClassRefs().size(), 2);
        Assert.assertEquals(((AuthnContextClassRef) requestedAuthnContext2.getAuthnContextClassRefs().get(0)).getURI(), "urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos");
        Assert.assertEquals(((AuthnContextClassRef) requestedAuthnContext2.getAuthnContextClassRefs().get(1)).getURI(), "urn:oasis:names:tc:SAML:2.0:ac:classes:X509");
    }
}
