package net.shibboleth.idp.saml.saml2.profile.impl;

import java.security.Principal;
import java.util.Collections;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.RequestedPrincipalContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.saml2.profile.SAML2ActionTestingSupport;
import net.shibboleth.idp.saml.saml2.profile.config.BrowserSSOProfileConfiguration;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnContextDeclRef;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.springframework.webflow.test.MockRequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/impl/ProcessRequestedAuthnContextTest.class */
public class ProcessRequestedAuthnContextTest extends OpenSAMLInitBaseTestCase {
    private MockRequestContext src;
    private ProfileRequestContext prc;
    private AuthenticationContext ac;
    private ProcessRequestedAuthnContext action;
    private SAMLObjectBuilder<RequestedAuthnContext> racBuilder;
    private SAMLObjectBuilder<AuthnContextClassRef> classBuilder;
    private SAMLObjectBuilder<AuthnContextDeclRef> declBuilder;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.racBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
        this.classBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
        this.declBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(AuthnContextDeclRef.DEFAULT_ELEMENT_NAME);
        this.src = new RequestContextBuilder().buildRequestContext();
        this.prc = (ProfileRequestContext) this.src.getConversationScope().get("opensamlProfileRequestContext");
        this.ac = this.prc.getSubcontext(AuthenticationContext.class, true);
        this.prc.getSubcontext(RelyingPartyContext.class, true).setProfileConfig(new BrowserSSOProfileConfiguration());
        this.action = new ProcessRequestedAuthnContext();
        this.action.initialize();
    }

    @Test
    public void testNoRequest() {
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidMessageContext");
    }

    @Test
    public void testNoRAC() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(this.ac.getSubcontext(RequestedPrincipalContext.class));
    }

    @Test
    public void testEmptyRef() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        buildObject.getAuthnContextClassRefs().add(this.classBuilder.buildObject());
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(this.ac.getSubcontext(RequestedPrincipalContext.class));
    }

    @Test
    public void testDisallowed() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        AuthnContextClassRef buildObject2 = this.classBuilder.buildObject();
        buildObject2.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:Password");
        buildObject.getAuthnContextClassRefs().add(buildObject2);
        this.prc.getSubcontext(RelyingPartyContext.class).getProfileConfig().setDisallowedFeatures(1);
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "AccessDenied");
        Assert.assertNull(this.ac.getSubcontext(RequestedPrincipalContext.class));
    }

    @Test
    public void testDisallowedButIgnored() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        AuthnContextClassRef buildObject2 = this.classBuilder.buildObject();
        buildObject2.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
        buildObject.getAuthnContextClassRefs().add(buildObject2);
        this.prc.getSubcontext(RelyingPartyContext.class).getProfileConfig().setDisallowedFeatures(1);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(this.ac.getSubcontext(RequestedPrincipalContext.class));
    }

    @Test
    public void testNoOperator() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        AuthnContextClassRef buildObject2 = this.classBuilder.buildObject();
        buildObject2.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
        buildObject.getAuthnContextClassRefs().add(buildObject2);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        RequestedPrincipalContext subcontext = this.ac.getSubcontext(RequestedPrincipalContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getOperator(), AuthnContextComparisonTypeEnumeration.EXACT.toString());
        Assert.assertEquals(subcontext.getRequestedPrincipals().size(), 1);
        Assert.assertEquals(((Principal) subcontext.getRequestedPrincipals().get(0)).getName(), "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
    }

    @Test
    public void testOperator() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        buildObject.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
        AuthnContextClassRef buildObject2 = this.classBuilder.buildObject();
        buildObject2.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
        buildObject.getAuthnContextClassRefs().add(buildObject2);
        AuthnContextClassRef buildObject3 = this.classBuilder.buildObject();
        buildObject3.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos");
        buildObject.getAuthnContextClassRefs().add(buildObject3);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        RequestedPrincipalContext subcontext = this.ac.getSubcontext(RequestedPrincipalContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getOperator(), AuthnContextComparisonTypeEnumeration.MINIMUM.toString());
        Assert.assertEquals(subcontext.getRequestedPrincipals().size(), 2);
    }

    @Test
    public void testDecls() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        buildObject.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
        AuthnContextDeclRef buildObject2 = this.declBuilder.buildObject();
        buildObject2.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
        buildObject.getAuthnContextDeclRefs().add(buildObject2);
        AuthnContextDeclRef buildObject3 = this.declBuilder.buildObject();
        buildObject3.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos");
        buildObject.getAuthnContextDeclRefs().add(buildObject3);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        RequestedPrincipalContext subcontext = this.ac.getSubcontext(RequestedPrincipalContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getOperator(), AuthnContextComparisonTypeEnumeration.MINIMUM.toString());
        Assert.assertEquals(subcontext.getRequestedPrincipals().size(), 2);
    }

    @Test
    public void testIgnore() {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        AuthnContextClassRef buildObject2 = this.classBuilder.buildObject();
        buildObject2.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
        buildObject.getAuthnContextClassRefs().add(buildObject2);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(this.ac.getSubcontext(RequestedPrincipalContext.class));
    }

    @Test
    public void testIgnore2() throws ComponentInitializationException {
        this.prc.getInboundMessageContext().setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        RequestedAuthnContext buildObject = this.racBuilder.buildObject();
        ((AuthnRequest) this.prc.getInboundMessageContext().getMessage()).setRequestedAuthnContext(buildObject);
        AuthnContextClassRef buildObject2 = this.classBuilder.buildObject();
        buildObject2.setURI("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
        buildObject.getAuthnContextClassRefs().add(buildObject2);
        this.action = new ProcessRequestedAuthnContext();
        this.action.setIgnoredContexts(Collections.singletonList("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"));
        this.action.initialize();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNull(this.ac.getSubcontext(RequestedPrincipalContext.class));
    }
}
