package net.shibboleth.idp.authn.impl.tests;

import java.security.Principal;
import java.util.List;
import javax.security.auth.Subject;
import net.shibboleth.idp.admin.BasicAdministrativeFlowDescriptor;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.RequestedPrincipalContext;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.authn.impl.FinalizeAuthentication;
import net.shibboleth.idp.authn.impl.PopulateAuthenticationContext;
import net.shibboleth.idp.authn.principal.ProxyAuthenticationPrincipal;
import net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory;
import net.shibboleth.idp.authn.testing.TestPrincipal;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.saml2.profile.config.impl.BrowserSSOProfileConfiguration;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.FunctionSupport;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/tests/FinalizeAuthenticationTest.class */
public class FinalizeAuthenticationTest extends OpenSAMLInitBaseTestCase {
    protected RequestContext src;
    protected ProfileRequestContext prc;
    protected List<AuthenticationFlowDescriptor> authenticationFlows;
    private FinalizeAuthentication action;
    static final /* synthetic */ boolean $assertionsDisabled;

    protected void initializeMembers() throws ComponentInitializationException {
        this.src = new RequestContextBuilder().buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.src);
        this.prc.addSubcontext(new AuthenticationContext(), true);
        this.authenticationFlows = List.of(new AuthenticationFlowDescriptor(), new AuthenticationFlowDescriptor(), new AuthenticationFlowDescriptor());
        this.authenticationFlows.get(0).setId("test1");
        this.authenticationFlows.get(1).setId("test2");
        this.authenticationFlows.get(1).setPassiveAuthenticationSupported(true);
        this.authenticationFlows.get(2).setId("test3");
    }

    @BeforeMethod
    protected void setUp() throws ComponentInitializationException {
        initializeMembers();
        PopulateAuthenticationContext populateAuthenticationContext = new PopulateAuthenticationContext();
        if (!$assertionsDisabled && this.authenticationFlows == null) {
            throw new AssertionError();
        }
        populateAuthenticationContext.setAvailableFlows(this.authenticationFlows);
        populateAuthenticationContext.setPotentialFlowsLookupStrategy(FunctionSupport.constant(this.authenticationFlows));
        populateAuthenticationContext.initialize();
        populateAuthenticationContext.execute(this.src);
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setProfileConfig(new BrowserSSOProfileConfiguration());
        this.action = new FinalizeAuthentication();
        this.action.initialize();
    }

    @Test
    public void testNotSet() {
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidAuthenticationContext");
        Assert.assertNull(this.prc.getSubcontext(SubjectContext.class));
    }

    @Test
    public void testMismatch() {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setRequiredName("foo");
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        authenticationResult.getSubject().getPrincipals().add(new TestPrincipal("bar2"));
        subcontext.setAuthenticationResult(authenticationResult);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("bar");
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidSubject");
    }

    @Test
    public void testRequestUnsupported() {
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        authenticationResult.getSubject().getPrincipals().add(new TestPrincipal("bar2"));
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAuthenticationResult(authenticationResult);
        RequestedPrincipalContext requestedPrincipalContext = new RequestedPrincipalContext();
        requestedPrincipalContext.getPrincipalEvalPredicateFactoryRegistry().register(TestPrincipal.class, "florp", new ExactPrincipalEvalPredicateFactory());
        requestedPrincipalContext.setMatchingPrincipal(new TestPrincipal("bar1"));
        requestedPrincipalContext.setOperator("florp");
        requestedPrincipalContext.setRequestedPrincipals(CollectionSupport.singletonList(new TestPrincipal("bar1")));
        subcontext.addSubcontext(requestedPrincipalContext);
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
    }

    @Test
    public void testSwitchesPrincipal() {
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        authenticationResult.getSubject().getPrincipals().add(new TestPrincipal("bar2"));
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setAuthenticationResult(authenticationResult);
        RequestedPrincipalContext requestedPrincipalContext = new RequestedPrincipalContext();
        requestedPrincipalContext.getPrincipalEvalPredicateFactoryRegistry().register(TestPrincipal.class, "florp", new ExactPrincipalEvalPredicateFactory());
        requestedPrincipalContext.setMatchingPrincipal(new TestPrincipal("bar1"));
        requestedPrincipalContext.setOperator("florp");
        requestedPrincipalContext.setRequestedPrincipals(CollectionSupport.singletonList(new TestPrincipal("bar2")));
        subcontext.addSubcontext(requestedPrincipalContext);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        SubjectContext subcontext2 = this.prc.getSubcontext(SubjectContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext2.getPrincipalName(), "foo");
        Assert.assertEquals(subcontext2.getAuthenticationResults().size(), 1);
        Principal matchingPrincipal = requestedPrincipalContext.getMatchingPrincipal();
        if (!$assertionsDisabled && matchingPrincipal == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(matchingPrincipal.getName(), "bar2");
    }

    @Test
    public void testNothingActive() {
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidAuthenticationContext");
        Assert.assertNull(this.prc.getSubcontext(SubjectContext.class));
    }

    @Test
    public void testOneActive() {
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        authenticationResult.getSubject().getPrincipals().add(new ProxyAuthenticationPrincipal(CollectionSupport.singletonList("http://idp.example.org")));
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setActiveResults(CollectionSupport.arrayAsList(new AuthenticationResult[]{authenticationResult}));
        subcontext.setAuthenticationResult(authenticationResult);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        SubjectContext subcontext2 = this.prc.getSubcontext(SubjectContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext2.getPrincipalName(), "foo");
        Assert.assertEquals(subcontext2.getAuthenticationResults().size(), 1);
        this.prc.removeSubcontext(SubjectContext.class);
        subcontext.ensureSubcontext(RequestedPrincipalContext.class);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        SubjectContext subcontext3 = this.prc.getSubcontext(SubjectContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext3.getPrincipalName(), "foo");
        Assert.assertEquals(subcontext3.getAuthenticationResults().size(), 1);
    }

    @Test
    public void testMultipleActive() {
        AuthenticationResult authenticationResult = new AuthenticationResult("test1", new Subject());
        AuthenticationResult authenticationResult2 = new AuthenticationResult("test2", new Subject());
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setActiveResults(CollectionSupport.arrayAsList(new AuthenticationResult[]{authenticationResult}));
        subcontext.setAuthenticationResult(authenticationResult2);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        SubjectContext subcontext2 = this.prc.getSubcontext(SubjectContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext2.getPrincipalName(), "foo");
        Assert.assertEquals(subcontext2.getAuthenticationResults().size(), 2);
    }

    @Test
    public void testZeroProxyCount() {
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal(CollectionSupport.singletonList("http://idp.example.org"));
        proxyAuthenticationPrincipal.setProxyCount(0);
        authenticationResult.getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setActiveResults(CollectionSupport.arrayAsList(new AuthenticationResult[]{authenticationResult}));
        subcontext.setAuthenticationResult(authenticationResult);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
        Assert.assertNull(this.prc.getSubcontext(SubjectContext.class));
    }

    @Test
    public void testZeroProxyCountAdminFlow() {
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal(CollectionSupport.singletonList("http://idp.example.org"));
        proxyAuthenticationPrincipal.setProxyCount(0);
        authenticationResult.getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setActiveResults(CollectionSupport.arrayAsList(new AuthenticationResult[]{authenticationResult}));
        subcontext.setAuthenticationResult(authenticationResult);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        RelyingPartyContext subcontext2 = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        subcontext2.setProfileConfig(new BasicAdministrativeFlowDescriptor("admin/test"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        SubjectContext subcontext3 = this.prc.getSubcontext(SubjectContext.class);
        if (!$assertionsDisabled && subcontext3 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext3.getPrincipalName(), "foo");
        Assert.assertEquals(subcontext3.getAuthenticationResults().size(), 1);
    }

    @Test
    public void testZeroProxyCountNoRP() {
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal(CollectionSupport.singletonList("http://idp.example.org"));
        proxyAuthenticationPrincipal.setProxyCount(0);
        authenticationResult.getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setActiveResults(CollectionSupport.arrayAsList(new AuthenticationResult[]{authenticationResult}));
        subcontext.setAuthenticationResult(authenticationResult);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        this.prc.removeSubcontext(RelyingPartyContext.class);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        SubjectContext subcontext2 = this.prc.getSubcontext(SubjectContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext2.getPrincipalName(), "foo");
        Assert.assertEquals(subcontext2.getAuthenticationResults().size(), 1);
    }

    @Test
    public void testValidProxyAudience() {
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal(CollectionSupport.singletonList("http://idp.example.org"));
        proxyAuthenticationPrincipal.setProxyCount(10);
        proxyAuthenticationPrincipal.getAudiences().add("http://sp.example.org");
        authenticationResult.getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setActiveResults(CollectionSupport.arrayAsList(new AuthenticationResult[]{authenticationResult}));
        subcontext.setAuthenticationResult(authenticationResult);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        SubjectContext subcontext2 = this.prc.getSubcontext(SubjectContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(subcontext2.getPrincipalName(), "foo");
        Assert.assertEquals(subcontext2.getAuthenticationResults().size(), 1);
    }

    @Test
    public void testInvalidProxyAudience() {
        AuthenticationResult authenticationResult = new AuthenticationResult("test2", new Subject());
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal(CollectionSupport.singletonList("http://idp.example.org"));
        proxyAuthenticationPrincipal.setProxyCount(10);
        proxyAuthenticationPrincipal.getAudiences().add("http://idp.example.org");
        authenticationResult.getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setActiveResults(CollectionSupport.arrayAsList(new AuthenticationResult[]{authenticationResult}));
        subcontext.setAuthenticationResult(authenticationResult);
        this.prc.ensureSubcontext(SubjectCanonicalizationContext.class).setPrincipalName("foo");
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "RequestUnsupported");
        Assert.assertNull(this.prc.getSubcontext(SubjectContext.class));
    }

    static {
        $assertionsDisabled = !FinalizeAuthenticationTest.class.desiredAssertionStatus();
    }
}
