package net.shibboleth.idp.saml.nameid.impl;

import java.time.Duration;
import java.util.Collections;
import javax.security.auth.Subject;
import net.shibboleth.ext.spring.resource.ResourceHelper;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.authn.principal.NameIdentifierPrincipal;
import net.shibboleth.idp.saml.impl.testing.TestSources;
import net.shibboleth.idp.saml.nameid.NameIDCanonicalizationFlowDescriptor;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.impl.BasicKeystoreKeyStrategy;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.testing.ActionTestingSupport;
import org.opensaml.saml.saml1.core.NameIdentifier;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/nameid/impl/CryptoTransientNameIdentifierDecoderTest.class */
public class CryptoTransientNameIdentifierDecoderTest extends OpenSAMLInitBaseTestCase {
    private static final Duration TIMEOUT = Duration.ofSeconds(5);
    private DataSealer dataSealer;
    private CryptoTransientNameIdentifierDecoder decoder;

    @BeforeClass
    public void setupDataSealer() throws Exception {
        ClassPathResource classPathResource = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.jks");
        Assert.assertTrue(classPathResource.exists());
        ClassPathResource classPathResource2 = new ClassPathResource("/net/shibboleth/idp/saml/impl/attribute/resolver/SealerKeyStore.kver");
        Assert.assertTrue(classPathResource2.exists());
        BasicKeystoreKeyStrategy basicKeystoreKeyStrategy = new BasicKeystoreKeyStrategy();
        basicKeystoreKeyStrategy.setKeyAlias("secret");
        basicKeystoreKeyStrategy.setKeyPassword("kpassword");
        basicKeystoreKeyStrategy.setKeystorePassword("password");
        basicKeystoreKeyStrategy.setKeystoreResource(ResourceHelper.of(classPathResource));
        basicKeystoreKeyStrategy.setKeyVersionResource(ResourceHelper.of(classPathResource2));
        basicKeystoreKeyStrategy.initialize();
        this.dataSealer = new DataSealer();
        this.dataSealer.setKeyStrategy(basicKeystoreKeyStrategy);
        this.dataSealer.initialize();
        this.decoder = new CryptoTransientNameIdentifierDecoder();
        this.decoder.setDataSealer(this.dataSealer);
        this.decoder.setId("Decoder");
        this.decoder.initialize();
    }

    @Test
    public void decode() throws Exception {
        CryptoTransientIdGenerationStrategy cryptoTransientIdGenerationStrategy = new CryptoTransientIdGenerationStrategy();
        cryptoTransientIdGenerationStrategy.setDataSealer(this.dataSealer);
        cryptoTransientIdGenerationStrategy.setId("strategy");
        cryptoTransientIdGenerationStrategy.setIdLifetime(TIMEOUT);
        cryptoTransientIdGenerationStrategy.initialize();
        TransientSAML1NameIdentifierGenerator transientSAML1NameIdentifierGenerator = new TransientSAML1NameIdentifierGenerator();
        transientSAML1NameIdentifierGenerator.setId("id");
        transientSAML1NameIdentifierGenerator.setTransientIdGenerator(cryptoTransientIdGenerationStrategy);
        transientSAML1NameIdentifierGenerator.initialize();
        ProfileRequestContext buildProfileRequestContext = new RequestContextBuilder().setInboundMessageIssuer(TestSources.SP_ENTITY_ID).buildProfileRequestContext();
        buildProfileRequestContext.getSubcontext(SubjectContext.class, true).setPrincipalName(TestSources.PRINCIPAL_ID);
        NameIdentifier generate = transientSAML1NameIdentifierGenerator.generate(buildProfileRequestContext, transientSAML1NameIdentifierGenerator.getFormat());
        NameIDCanonicalizationFlowDescriptor nameIDCanonicalizationFlowDescriptor = new NameIDCanonicalizationFlowDescriptor();
        nameIDCanonicalizationFlowDescriptor.setId("C14NDesc");
        nameIDCanonicalizationFlowDescriptor.setFormats(Collections.singleton(transientSAML1NameIdentifierGenerator.getFormat()));
        nameIDCanonicalizationFlowDescriptor.initialize();
        NameIdentifierCanonicalization nameIdentifierCanonicalization = new NameIdentifierCanonicalization();
        nameIdentifierCanonicalization.setDecoder(this.decoder);
        nameIdentifierCanonicalization.initialize();
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        SubjectCanonicalizationContext subcontext = profileRequestContext.getSubcontext(SubjectCanonicalizationContext.class, true);
        Subject subject = new Subject();
        subject.getPrincipals().add(new NameIdentifierPrincipal(generate));
        subcontext.setSubject(subject);
        subcontext.setAttemptedFlow(nameIDCanonicalizationFlowDescriptor);
        subcontext.setRequesterId(TestSources.SP_ENTITY_ID);
        subcontext.setResponderId(TestSources.IDP_ENTITY_ID);
        nameIdentifierCanonicalization.execute(profileRequestContext);
        ActionTestingSupport.assertProceedEvent(profileRequestContext);
        Assert.assertEquals(subcontext.getPrincipalName(), TestSources.PRINCIPAL_ID);
    }
}
