package net.shibboleth.idp.saml.saml2.profile.delegation.impl;

import com.google.common.base.Predicates;
import java.util.ArrayList;
import java.util.List;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.saml2.profile.SAML2ActionTestingSupport;
import net.shibboleth.idp.saml.saml2.profile.delegation.LibertySSOSContext;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.messaging.context.SAMLPresenterEntityContext;
import org.opensaml.saml.ext.saml2delrestrict.Delegate;
import org.opensaml.saml.ext.saml2delrestrict.DelegationRestrictionType;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Condition;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Response;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/delegation/impl/AddDelegationRestrictionToAssertionsTest.class */
public class AddDelegationRestrictionToAssertionsTest extends OpenSAMLInitBaseTestCase {
    private AddDelegationRestrictionToAssertions action;
    private RequestContext rc;
    private ProfileRequestContext prc;
    private Assertion delegatedAssertion;
    private String delegatedConfirmationMethod;
    private DelegationRestrictionType delegatedRestrictionsCondition;
    private String[] initialDelegates = {"http:/foo.example.org", "http://bar.example.org", "http://baz.exqmple.org"};
    private String presenterEntityID = "http://portal.example.org";

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        Response buildResponse = SAML2ActionTestingSupport.buildResponse();
        buildResponse.getAssertions().add(SAML2ActionTestingSupport.buildAssertion());
        this.rc = new RequestContextBuilder().setInboundMessage(SAML2ActionTestingSupport.buildAuthnRequest()).setOutboundMessage(buildResponse).buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        this.delegatedAssertion = SAML2ActionTestingSupport.buildAssertion();
        this.delegatedRestrictionsCondition = XMLObjectSupport.getBuilder(DelegationRestrictionType.TYPE_NAME).buildObject(Condition.DEFAULT_ELEMENT_NAME, DelegationRestrictionType.TYPE_NAME);
        for (String str : this.initialDelegates) {
            Delegate buildXMLObject = XMLObjectSupport.buildXMLObject(Delegate.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setNameID(SAML2ActionTestingSupport.buildNameID(str));
            this.delegatedRestrictionsCondition.getDelegates().add(buildXMLObject);
        }
        this.delegatedAssertion.setConditions(XMLObjectSupport.buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME));
        this.delegatedAssertion.getConditions().getConditions().add(this.delegatedRestrictionsCondition);
        this.delegatedConfirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key";
        this.prc.getSubcontext(LibertySSOSContext.class, true).setAttestedToken(this.delegatedAssertion);
        this.prc.getSubcontext(LibertySSOSContext.class, true).setAttestedSubjectConfirmationMethod(this.delegatedConfirmationMethod);
        this.prc.getInboundMessageContext().getSubcontext(SAMLPresenterEntityContext.class, true).setEntityId(this.presenterEntityID);
        this.action = new AddDelegationRestrictionToAssertions();
    }

    @Test
    public void testSuccessCloneExistingDelegates() throws ComponentInitializationException, MarshallingException {
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertEquals(((Response) this.prc.getOutboundMessageContext().getMessage()).getAssertions().size(), 1);
        Assertion assertion = (Assertion) ((Response) this.prc.getOutboundMessageContext().getMessage()).getAssertions().get(0);
        Assert.assertNotNull(assertion.getConditions());
        List<DelegationRestrictionType> delegationRestrictionConditions = getDelegationRestrictionConditions(assertion.getConditions());
        Assert.assertEquals(delegationRestrictionConditions.size(), 1);
        DelegationRestrictionType delegationRestrictionType = delegationRestrictionConditions.get(0);
        Assert.assertEquals(delegationRestrictionType.getDelegates().size(), this.initialDelegates.length + 1);
        Delegate delegate = (Delegate) delegationRestrictionType.getDelegates().get(this.initialDelegates.length);
        Assert.assertNotNull(delegate.getNameID());
        Assert.assertEquals(delegate.getNameID().getValue(), this.presenterEntityID);
        Assert.assertNotNull(delegate.getConfirmationMethod());
        Assert.assertEquals(delegate.getConfirmationMethod(), this.delegatedConfirmationMethod);
        Assert.assertNotNull(delegate.getDelegationInstant());
    }

    @Test
    public void testSuccessNoExistingDelegates() throws ComponentInitializationException, MarshallingException {
        this.delegatedAssertion.setConditions((Conditions) null);
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        Assert.assertEquals(((Response) this.prc.getOutboundMessageContext().getMessage()).getAssertions().size(), 1);
        Assertion assertion = (Assertion) ((Response) this.prc.getOutboundMessageContext().getMessage()).getAssertions().get(0);
        Assert.assertNotNull(assertion.getConditions());
        List<DelegationRestrictionType> delegationRestrictionConditions = getDelegationRestrictionConditions(assertion.getConditions());
        Assert.assertEquals(delegationRestrictionConditions.size(), 1);
        DelegationRestrictionType delegationRestrictionType = delegationRestrictionConditions.get(0);
        Assert.assertEquals(delegationRestrictionType.getDelegates().size(), 1);
        Delegate delegate = (Delegate) delegationRestrictionType.getDelegates().get(0);
        Assert.assertNotNull(delegate.getNameID());
        Assert.assertEquals(delegate.getNameID().getValue(), this.presenterEntityID);
        Assert.assertNotNull(delegate.getConfirmationMethod());
        Assert.assertEquals(delegate.getConfirmationMethod(), this.delegatedConfirmationMethod);
        Assert.assertNotNull(delegate.getDelegationInstant());
    }

    @Test
    public void testActivationCondition() throws ComponentInitializationException {
        this.prc.removeSubcontext(LibertySSOSContext.class);
        this.action.setActivationCondition(Predicates.alwaysFalse());
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }

    @Test
    public void testNoAssertionsToModify() throws ComponentInitializationException {
        ((Response) this.prc.getOutboundMessageContext().getMessage()).getAssertions().clear();
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }

    @Test
    public void testNoResponse() throws ComponentInitializationException {
        this.prc.getOutboundMessageContext().setMessage((Object) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidMessageContext");
    }

    @Test
    public void testNoLibertyContext() throws ComponentInitializationException {
        this.prc.removeSubcontext(LibertySSOSContext.class);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
    }

    @Test
    public void testNoDelegatedAssertion() throws ComponentInitializationException {
        this.prc.getSubcontext(LibertySSOSContext.class).setAttestedToken((Assertion) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
    }

    @Test
    public void testNoDelegatedConfirmationMethod() throws ComponentInitializationException {
        this.prc.getSubcontext(LibertySSOSContext.class).setAttestedSubjectConfirmationMethod((String) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
    }

    @Test
    public void testNoPresenter() throws ComponentInitializationException {
        this.prc.getInboundMessageContext().removeSubcontext(SAMLPresenterEntityContext.class);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
    }

    @Test
    public void testNoPresenterEntityID() throws ComponentInitializationException {
        this.prc.getInboundMessageContext().getSubcontext(SAMLPresenterEntityContext.class).setEntityId((String) null);
        this.action.initialize();
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidProfileContext");
    }

    private List<DelegationRestrictionType> getDelegationRestrictionConditions(Conditions conditions) {
        ArrayList arrayList = new ArrayList();
        for (DelegationRestrictionType delegationRestrictionType : conditions.getConditions()) {
            if (DelegationRestrictionType.TYPE_NAME.equals(delegationRestrictionType.getSchemaType()) && (delegationRestrictionType instanceof DelegationRestrictionType)) {
                arrayList.add(delegationRestrictionType);
            }
        }
        return arrayList;
    }
}
