package net.shibboleth.idp.saml.profile.impl;

import com.google.common.base.Predicates;
import java.time.Instant;
import java.util.Set;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.impl.testing.TestSources;
import net.shibboleth.idp.saml.saml2.profile.config.BrowserSSOProfileConfiguration;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.logic.FunctionSupport;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.testing.SAML2ActionTestingSupport;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/profile/impl/InitializeAuthenticationContextTest.class */
public class InitializeAuthenticationContextTest extends OpenSAMLInitBaseTestCase {
    private InitializeAuthenticationContext action;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.action = new InitializeAuthenticationContext();
        this.action.setProxyCountLookupStrategy(FunctionSupport.constant(1));
        this.action.initialize();
    }

    @Test
    public void testNoInboundMessageContext() throws ComponentInitializationException {
        RequestContext buildRequestContext = new RequestContextBuilder().buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        apply.setInboundMessageContext((MessageContext) null);
        ActionTestingSupport.assertProceedEvent(this.action.execute(buildRequestContext));
        AuthenticationContext subcontext = apply.getSubcontext(AuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertFalse(subcontext.isForceAuthn());
        Assert.assertFalse(subcontext.isPassive());
        Assert.assertEquals(subcontext.getProxyCount(), 1);
    }

    @Test
    public void testNoInboundMessage() throws ComponentInitializationException {
        RequestContext buildRequestContext = new RequestContextBuilder().setInboundMessage((Object) null).buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        ActionTestingSupport.assertProceedEvent(this.action.execute(buildRequestContext));
        AuthenticationContext subcontext = apply.getSubcontext(AuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertFalse(subcontext.isForceAuthn());
        Assert.assertFalse(subcontext.isPassive());
        Assert.assertEquals(subcontext.getProxyCount(), 1);
    }

    @Test
    public void testSAML1AuthnRequest() throws ComponentInitializationException {
        RequestContext buildRequestContext = new RequestContextBuilder().setInboundMessage(new IdPInitiatedSSORequest(TestSources.SP_ENTITY_ID, (String) null, (String) null, (Instant) null)).buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        ActionTestingSupport.assertProceedEvent(this.action.execute(buildRequestContext));
        AuthenticationContext subcontext = apply.getSubcontext(AuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertFalse(subcontext.isForceAuthn());
        Assert.assertFalse(subcontext.isPassive());
        Assert.assertEquals(subcontext.getProxyCount(), 1);
    }

    @Test
    public void testCreateAuthenticationContext() throws ComponentInitializationException {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        buildAuthnRequest.setIsPassive(true);
        buildAuthnRequest.setForceAuthn(true);
        RequestContext buildRequestContext = new RequestContextBuilder().setInboundMessage(buildAuthnRequest).buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        ActionTestingSupport.assertProceedEvent(this.action.execute(buildRequestContext));
        AuthenticationContext subcontext = apply.getSubcontext(AuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertTrue(subcontext.isForceAuthn());
        Assert.assertTrue(subcontext.isPassive());
        Assert.assertEquals(subcontext.getProxyCount(), 1);
    }

    @Test
    public void testScopingIgnored() throws ComponentInitializationException {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        buildAuthnRequest.setIsPassive(true);
        buildAuthnRequest.setForceAuthn(true);
        RequestContext buildRequestContext = new RequestContextBuilder().setInboundMessage(buildAuthnRequest).buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        ((AuthnRequest) apply.getInboundMessageContext().getMessage()).setScoping(SAML2ActionTestingSupport.buildScoping(0, (Set) null));
        this.action = new InitializeAuthenticationContext();
        this.action.setProxyCountLookupStrategy(FunctionSupport.constant(1));
        this.action.setIgnoreScopingPredicate(Predicates.alwaysTrue());
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(buildRequestContext));
        AuthenticationContext subcontext = apply.getSubcontext(AuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertTrue(subcontext.isForceAuthn());
        Assert.assertTrue(subcontext.isPassive());
        Assert.assertEquals(subcontext.getProxyCount(), 1);
    }

    @Test
    public void testScopingDisallowed() throws ComponentInitializationException {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        buildAuthnRequest.setIsPassive(true);
        buildAuthnRequest.setForceAuthn(true);
        RequestContext buildRequestContext = new RequestContextBuilder().setInboundMessage(buildAuthnRequest).buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        ((AuthnRequest) apply.getInboundMessageContext().getMessage()).setScoping(SAML2ActionTestingSupport.buildScoping(0, (Set) null));
        BrowserSSOProfileConfiguration browserSSOProfileConfiguration = new BrowserSSOProfileConfiguration();
        browserSSOProfileConfiguration.setDisallowedFeatures(2);
        apply.getSubcontext(RelyingPartyContext.class, true).setProfileConfig(browserSSOProfileConfiguration);
        ActionTestingSupport.assertEvent(this.action.execute(buildRequestContext), "AccessDenied");
        Assert.assertNull(apply.getSubcontext(AuthenticationContext.class));
    }

    @Test
    public void testProxyCount() throws ComponentInitializationException {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        buildAuthnRequest.setIsPassive(true);
        buildAuthnRequest.setForceAuthn(true);
        RequestContext buildRequestContext = new RequestContextBuilder().setInboundMessage(buildAuthnRequest).buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        ((AuthnRequest) apply.getInboundMessageContext().getMessage()).setScoping(SAML2ActionTestingSupport.buildScoping(0, (Set) null));
        ActionTestingSupport.assertProceedEvent(this.action.execute(buildRequestContext));
        Assert.assertEquals(apply.getSubcontext(AuthenticationContext.class).getProxyCount(), 0);
    }

    @Test
    public void testProxyList() throws ComponentInitializationException {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        buildAuthnRequest.setIsPassive(true);
        buildAuthnRequest.setForceAuthn(true);
        RequestContext buildRequestContext = new RequestContextBuilder().setInboundMessage(buildAuthnRequest).buildRequestContext();
        ProfileRequestContext apply = new WebflowRequestContextProfileRequestContextLookup().apply(buildRequestContext);
        ((AuthnRequest) apply.getInboundMessageContext().getMessage()).setScoping(SAML2ActionTestingSupport.buildScoping(0, Set.of("foo", "bar")));
        ActionTestingSupport.assertProceedEvent(this.action.execute(buildRequestContext));
        AuthenticationContext subcontext = apply.getSubcontext(AuthenticationContext.class);
        Assert.assertEquals(subcontext.getProxyCount(), 0);
        Assert.assertEquals(subcontext.getProxiableAuthorities(), Set.of("foo", "bar"));
    }
}
