package net.shibboleth.idp.saml.nameid.impl;

import java.io.IOException;
import java.time.Duration;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.impl.BasicKeystoreKeyStrategy;
import net.shibboleth.utilities.java.support.test.resource.TestResourceConverter;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/nameid/impl/CryptoTransientSAML1NameIdentifierGeneratorTest.class */
public class CryptoTransientSAML1NameIdentifierGeneratorTest extends OpenSAMLInitBaseTestCase {
    private static final Duration TIMEOUT = Duration.ofMillis(500);
    private DataSealer sealer;
    private CryptoTransientIdGenerationStrategy transientGenerator;
    private TransientSAML1NameIdentifierGenerator generator;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException, IOException {
        ClassPathResource classPathResource = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.jks");
        Assert.assertTrue(classPathResource.exists());
        ClassPathResource classPathResource2 = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.kver");
        Assert.assertTrue(classPathResource2.exists());
        BasicKeystoreKeyStrategy basicKeystoreKeyStrategy = new BasicKeystoreKeyStrategy();
        basicKeystoreKeyStrategy.setKeyAlias("secret");
        basicKeystoreKeyStrategy.setKeyPassword("kpassword");
        basicKeystoreKeyStrategy.setKeystorePassword("password");
        basicKeystoreKeyStrategy.setKeystoreResource(TestResourceConverter.of(classPathResource));
        basicKeystoreKeyStrategy.setKeyVersionResource(TestResourceConverter.of(classPathResource2));
        basicKeystoreKeyStrategy.initialize();
        this.sealer = new DataSealer();
        this.sealer.setKeyStrategy(basicKeystoreKeyStrategy);
        this.sealer.initialize();
        this.transientGenerator = new CryptoTransientIdGenerationStrategy();
        this.transientGenerator.setId("test");
        this.transientGenerator.setDataSealer(this.sealer);
        this.transientGenerator.setIdLifetime(TIMEOUT);
        this.transientGenerator.initialize();
        this.generator = new TransientSAML1NameIdentifierGenerator();
        this.generator.setId("test");
        this.generator.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        this.generator.setTransientIdGenerator(this.transientGenerator);
        this.generator.initialize();
    }

    @AfterMethod
    public void tearDown() {
        this.generator.destroy();
        this.transientGenerator.destroy();
        this.sealer.destroy();
    }

    @Test
    public void testNoPrincipal() throws Exception {
        Assert.assertNull(this.generator.generate(new RequestContextBuilder().buildProfileRequestContext(), this.generator.getFormat()));
    }

    @Test
    public void testNoRelyingParty() throws Exception {
        ProfileRequestContext buildProfileRequestContext = new RequestContextBuilder().buildProfileRequestContext();
        buildProfileRequestContext.getSubcontext(RelyingPartyContext.class).setRelyingPartyId((String) null);
        buildProfileRequestContext.getSubcontext(SubjectContext.class, true).setPrincipalName("jdoe");
        Assert.assertNull(this.generator.generate(buildProfileRequestContext, this.generator.getFormat()));
    }

    @Test
    public void testTransient() throws Exception {
        ProfileRequestContext buildProfileRequestContext = new RequestContextBuilder().buildProfileRequestContext();
        RelyingPartyContext subcontext = buildProfileRequestContext.getSubcontext(RelyingPartyContext.class);
        buildProfileRequestContext.getSubcontext(SubjectContext.class, true).setPrincipalName("jdoe");
        NameIdentifier generate = this.generator.generate(buildProfileRequestContext, this.generator.getFormat());
        Assert.assertNotNull(generate);
        Assert.assertEquals(generate.getFormat(), this.generator.getFormat());
        Assert.assertEquals(generate.getNameQualifier(), subcontext.getConfiguration().getResponderId(buildProfileRequestContext));
        String value = generate.getValue();
        Assert.assertEquals(this.sealer.unwrap(value), subcontext.getRelyingPartyId() + "!jdoe");
        Thread.sleep(TIMEOUT.multipliedBy(2L).toMillis());
        try {
            this.sealer.unwrap(value);
            Assert.fail("Timeout not set correctly");
        } catch (Exception e) {
        }
    }
}
