package net.shibboleth.idp.saml.profile.impl;

import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.profile.context.navigate.RelyingPartyIdLookupFunction;
import net.shibboleth.idp.profile.context.navigate.ResponderIdLookupFunction;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.authn.principal.NameIDPrincipal;
import net.shibboleth.idp.saml.authn.principal.NameIdentifierPrincipal;
import net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.profile.logic.DefaultNameIDPolicyPredicate;
import org.opensaml.saml.saml1.core.Request;
import org.opensaml.saml.saml1.testing.SAML1ActionTestingSupport;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.testing.SAML2ActionTestingSupport;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/profile/impl/ExtractSubjectFromRequestTest.class */
public class ExtractSubjectFromRequestTest extends XMLObjectBaseTestCase {
    private RequestContext rc;
    private ProfileRequestContext prc;
    private ExtractSubjectFromRequest action;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.rc = new RequestContextBuilder().buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        DefaultNameIDPolicyPredicate defaultNameIDPolicyPredicate = new DefaultNameIDPolicyPredicate();
        defaultNameIDPolicyPredicate.setRequesterIdLookupStrategy(new RelyingPartyIdLookupFunction());
        defaultNameIDPolicyPredicate.setResponderIdLookupStrategy(new ResponderIdLookupFunction());
        defaultNameIDPolicyPredicate.setObjectLookupStrategy(new ExtractSubjectFromRequest.SubjectNameLookupFunction());
        defaultNameIDPolicyPredicate.initialize();
        this.action = new ExtractSubjectFromRequest();
        this.action.setNameIDPolicyPredicate(defaultNameIDPolicyPredicate);
        this.action.initialize();
    }

    @Test
    public void testNoInboundContext() {
        this.prc.setInboundMessageContext((MessageContext) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "NoSubject");
    }

    @Test
    public void testNoMessage() {
        this.prc.getInboundMessageContext().setMessage((Object) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "NoSubject");
    }

    @Test
    public void testNoSubject() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "NoSubject");
    }

    @Test
    public void testSAML2Subject() {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        buildAuthnRequest.setSubject(SAML2ActionTestingSupport.buildSubject("foo"));
        this.prc.getInboundMessageContext().setMessage(buildAuthnRequest);
        buildAuthnRequest.getSubject().getNameID().setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        buildAuthnRequest.getSubject().getNameID().setNameQualifier("foo");
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSubject");
        buildAuthnRequest.getSubject().getNameID().setNameQualifier("http://idp.example.org");
        buildAuthnRequest.getSubject().getNameID().setSPNameQualifier("foo");
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSubject");
        buildAuthnRequest.getSubject().getNameID().setSPNameQualifier("http://sp.example.org");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        SubjectCanonicalizationContext subcontext = this.prc.getSubcontext(SubjectCanonicalizationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getSubject().getPrincipals(NameIDPrincipal.class).size(), 1);
        Assert.assertEquals(((NameIDPrincipal) subcontext.getSubject().getPrincipals(NameIDPrincipal.class).iterator().next()).getNameID().getValue(), "foo");
    }

    @Test
    public void testSAML1Subject() {
        Request buildAttributeQueryRequest = SAML1ActionTestingSupport.buildAttributeQueryRequest(SAML1ActionTestingSupport.buildSubject("foo"));
        this.prc.getInboundMessageContext().setMessage(buildAttributeQueryRequest);
        buildAttributeQueryRequest.getAttributeQuery().getSubject().getNameIdentifier().setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        buildAttributeQueryRequest.getAttributeQuery().getSubject().getNameIdentifier().setNameQualifier("foo");
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidSubject");
        buildAttributeQueryRequest.getAttributeQuery().getSubject().getNameIdentifier().setNameQualifier("http://idp.example.org");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        SubjectCanonicalizationContext subcontext = this.prc.getSubcontext(SubjectCanonicalizationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getSubject().getPrincipals(NameIdentifierPrincipal.class).size(), 1);
        Assert.assertEquals(((NameIdentifierPrincipal) subcontext.getSubject().getPrincipals(NameIdentifierPrincipal.class).iterator().next()).getNameIdentifier().getValue(), "foo");
    }
}
