package net.shibboleth.idp.saml.nameid.impl;

import javax.sql.DataSource;
import net.shibboleth.idp.attribute.IdPAttribute;
import net.shibboleth.idp.attribute.PairwiseId;
import net.shibboleth.idp.attribute.StringAttributeValue;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.attribute.impl.ComputedPairwiseIdStore;
import net.shibboleth.idp.attribute.impl.JDBCPairwiseIdStore;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.saml2.profile.config.impl.BrowserSSOProfileConfiguration;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.testing.DatabaseTestingSupport;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.testing.SAML2ActionTestingSupport;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/nameid/impl/PersistentSAML2NameIDGeneratorTest.class */
public class PersistentSAML2NameIDGeneratorTest extends OpenSAMLInitBaseTestCase {
    private static final String RESULT = "Vl6z6K70iLc4AuBoNeb59Dj1rGw=";
    private static final byte[] salt;
    public static final String INIT_FILE = "/net/shibboleth/idp/saml/impl/nameid/StoredIdStore.sql";
    public static final String DELETE_FILE = "/net/shibboleth/idp/saml/impl/nameid/DeleteStore.sql";
    private DataSource testSource;
    private ProfileRequestContext prc;
    private PersistentSAML2NameIDGenerator generator;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.testSource = DatabaseTestingSupport.GetMockDataSource(INIT_FILE, "StoredIDDataConnectorStore");
        this.prc = new RequestContextBuilder().setInboundMessageIssuer("https://sp.example.org/sp").setOutboundMessageIssuer("https://idp.example.org/idp").setRelyingPartyProfileConfigurations(CollectionSupport.singletonList(new BrowserSSOProfileConfiguration())).buildProfileRequestContext();
        this.generator = new PersistentSAML2NameIDGenerator();
        this.generator.setId("test");
        this.generator.setOmitQualifiers(false);
    }

    @AfterMethod
    public void tearDown() {
        DatabaseTestingSupport.InitializeDataSource(DELETE_FILE, this.testSource);
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testInvalidConfig() throws ComponentInitializationException {
        ComputedPairwiseIdStore computedPairwiseIdStore = new ComputedPairwiseIdStore();
        computedPairwiseIdStore.setSalt(salt);
        computedPairwiseIdStore.initialize();
        this.generator.initialize();
        this.generator.setPersistentIdStore(computedPairwiseIdStore);
        this.generator.initialize();
    }

    @Test
    public void testNoResponderId() throws Exception {
        this.generator.setPersistentIdStore(new ComputedPairwiseIdStore());
        this.generator.setAttributeSourceIds(CollectionSupport.singletonList("SOURCE"));
        this.generator.initialize();
        Assert.assertNull(this.generator.generate(new ProfileRequestContext(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
    }

    @Test
    public void testNoRequesterId() throws Exception {
        this.generator.setPersistentIdStore(new ComputedPairwiseIdStore());
        this.generator.setAttributeSourceIds(CollectionSupport.singletonList("SOURCE"));
        this.generator.initialize();
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.setRelyingPartyId((String) null);
        Assert.assertNull(this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
    }

    @Test
    public void testNoSubject() throws Exception {
        this.generator.setPersistentIdStore(new ComputedPairwiseIdStore());
        this.generator.setAttributeSourceIds(CollectionSupport.singletonList("SOURCE"));
        this.generator.initialize();
        Assert.assertNull(this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
    }

    @Test
    public void testNoSource() throws Exception {
        this.generator.setPersistentIdStore(new ComputedPairwiseIdStore());
        this.generator.setAttributeSourceIds(CollectionSupport.singletonList("SOURCE"));
        this.generator.initialize();
        this.prc.ensureSubcontext(SubjectContext.class).setPrincipalName("foo");
        Assert.assertNull(this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.ensureSubcontext(AttributeContext.class).setUnfilteredIdPAttributes(CollectionSupport.singleton(new IdPAttribute("SOURCE")));
        Assert.assertNull(this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
    }

    @Test
    public void testComputedId() throws Exception {
        ComputedPairwiseIdStore computedPairwiseIdStore = new ComputedPairwiseIdStore();
        computedPairwiseIdStore.setSalt(salt);
        computedPairwiseIdStore.initialize();
        this.generator.setPersistentIdStore(computedPairwiseIdStore);
        this.generator.setAttributeSourceIds(CollectionSupport.singletonList("SOURCE"));
        this.generator.initialize();
        this.prc.ensureSubcontext(SubjectContext.class).setPrincipalName("foo");
        Assert.assertNull(this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
        IdPAttribute idPAttribute = new IdPAttribute("SOURCE");
        idPAttribute.setValues(CollectionSupport.singletonList(new StringAttributeValue("at1-Data")));
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.ensureSubcontext(AttributeContext.class).setUnfilteredIdPAttributes(CollectionSupport.singleton(idPAttribute));
        NameID generate = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(generate.getValue(), RESULT);
        Assert.assertEquals(generate.getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        Assert.assertEquals(generate.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate.getSPNameQualifier(), "https://sp.example.org/sp");
    }

    @Test
    public void testStoredId() throws Exception {
        this.generator.setDataSource(this.testSource);
        testStoredIdLogic();
    }

    @Test
    public void testComputedAndStoredId() throws Exception {
        ComputedPairwiseIdStore computedPairwiseIdStore = new ComputedPairwiseIdStore();
        computedPairwiseIdStore.setSalt(salt);
        computedPairwiseIdStore.initialize();
        JDBCPairwiseIdStore jDBCPairwiseIdStore = new JDBCPairwiseIdStore();
        jDBCPairwiseIdStore.setDataSource(this.testSource);
        jDBCPairwiseIdStore.setInitialValueStore(computedPairwiseIdStore);
        jDBCPairwiseIdStore.initialize();
        this.generator.setPersistentIdStore(jDBCPairwiseIdStore);
        testComputedAndStoredIdLogic();
        PairwiseId pairwiseId = new PairwiseId();
        pairwiseId.setIssuerEntityID("https://idp.example.org/idp");
        pairwiseId.setRecipientEntityID("https://sp.example.org/sp");
        pairwiseId.setPairwiseId(RESULT);
        jDBCPairwiseIdStore.deactivate(pairwiseId);
        NameID generate = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate == null) {
            throw new AssertionError();
        }
        Assert.assertNotEquals(generate.getValue(), RESULT);
        Assert.assertEquals(generate.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate.getSPNameQualifier(), "https://sp.example.org/sp");
    }

    private void testStoredIdLogic() throws Exception {
        this.generator.setAttributeSourceIds(CollectionSupport.singletonList("SOURCE"));
        this.generator.initialize();
        this.prc.ensureSubcontext(SubjectContext.class).setPrincipalName("foo");
        Assert.assertNull(this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
        IdPAttribute idPAttribute = new IdPAttribute("SOURCE");
        idPAttribute.setValues(CollectionSupport.singletonList(new StringAttributeValue("at1-Data")));
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.ensureSubcontext(AttributeContext.class).setUnfilteredIdPAttributes(CollectionSupport.singleton(idPAttribute));
        NameID generate = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate == null) {
            throw new AssertionError();
        }
        Assert.assertNotNull(generate.getValue());
        Assert.assertEquals(generate.getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        Assert.assertEquals(generate.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate.getSPNameQualifier(), "https://sp.example.org/sp");
        String value = generate.getValue();
        NameID generate2 = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(generate2.getValue(), value);
        Assert.assertEquals(generate2.getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        Assert.assertEquals(generate2.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate2.getSPNameQualifier(), "https://sp.example.org/sp");
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        NameIDPolicy buildXMLObject = XMLObjectSupport.buildXMLObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
        buildAuthnRequest.setNameIDPolicy(buildXMLObject);
        buildXMLObject.setSPNameQualifier("https://affiliation.org");
        MessageContext inboundMessageContext = this.prc.getInboundMessageContext();
        if (!$assertionsDisabled && inboundMessageContext == null) {
            throw new AssertionError();
        }
        inboundMessageContext.setMessage(buildAuthnRequest);
        NameID generate3 = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate3 == null) {
            throw new AssertionError();
        }
        Assert.assertNotNull(generate3.getValue());
        Assert.assertEquals(generate3.getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        Assert.assertEquals(generate3.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate3.getSPNameQualifier(), "https://affiliation.org");
        String value2 = generate3.getValue();
        NameID generate4 = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate4 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(generate4.getValue(), value2);
        Assert.assertEquals(generate4.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate4.getSPNameQualifier(), "https://affiliation.org");
        MessageContext inboundMessageContext2 = this.prc.getInboundMessageContext();
        if (!$assertionsDisabled && inboundMessageContext2 == null) {
            throw new AssertionError();
        }
        inboundMessageContext2.setMessage((Object) null);
        RelyingPartyContext subcontext2 = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext2 == null) {
            throw new AssertionError();
        }
        BrowserSSOProfileConfiguration profileConfig = subcontext2.getProfileConfig();
        if (!$assertionsDisabled && profileConfig == null) {
            throw new AssertionError();
        }
        profileConfig.setSPNameQualifier("https://affiliation.org");
        NameID generate5 = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate5 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(generate5.getValue(), value2);
        Assert.assertEquals(generate5.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate5.getSPNameQualifier(), "https://affiliation.org");
    }

    private void testComputedAndStoredIdLogic() throws Exception {
        this.generator.setAttributeSourceIds(CollectionSupport.singletonList("SOURCE"));
        this.generator.initialize();
        this.prc.ensureSubcontext(SubjectContext.class).setPrincipalName("foo");
        Assert.assertNull(this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
        IdPAttribute idPAttribute = new IdPAttribute("SOURCE");
        idPAttribute.setValues(CollectionSupport.singletonList(new StringAttributeValue("at1-Data")));
        RelyingPartyContext subcontext = this.prc.getSubcontext(RelyingPartyContext.class);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.ensureSubcontext(AttributeContext.class).setUnfilteredIdPAttributes(CollectionSupport.singleton(idPAttribute));
        NameID generate = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(generate.getValue(), RESULT);
        Assert.assertEquals(generate.getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        Assert.assertEquals(generate.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate.getSPNameQualifier(), "https://sp.example.org/sp");
        NameID generate2 = this.generator.generate(this.prc, "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (!$assertionsDisabled && generate2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(generate2.getValue(), RESULT);
        Assert.assertEquals(generate2.getNameQualifier(), "https://idp.example.org/idp");
        Assert.assertEquals(generate2.getSPNameQualifier(), "https://sp.example.org/sp");
    }

    static {
        $assertionsDisabled = !PersistentSAML2NameIDGeneratorTest.class.desiredAssertionStatus();
        salt = new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
    }
}
