package net.shibboleth.idp.saml.saml2.profile.impl;

import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.idp.saml.saml2.profile.config.impl.BrowserSSOProfileConfiguration;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.shared.component.ComponentInitializationException;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.springframework.webflow.test.MockRequestContext;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/impl/EnforceDisallowedSSOFeaturesTest.class */
public class EnforceDisallowedSSOFeaturesTest extends OpenSAMLInitBaseTestCase {
    private MockRequestContext src;
    private ProfileRequestContext prc;
    private BrowserSSOProfileConfiguration profileConfig;
    private EnforceDisallowedSSOFeatures action;
    private SAMLObjectBuilder<NameIDPolicy> nidBuilder;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.nidBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().ensureBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
        this.src = new RequestContextBuilder().buildRequestContext();
        this.prc = (ProfileRequestContext) this.src.getConversationScope().get("opensamlProfileRequestContext");
        this.profileConfig = new BrowserSSOProfileConfiguration();
        this.prc.ensureSubcontext(RelyingPartyContext.class).setProfileConfig(this.profileConfig);
        this.action = new EnforceDisallowedSSOFeatures();
        this.action.initialize();
    }

    @Test
    public void testNoRequest() {
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidMessageContext");
    }

    @Test
    public void testGeneric() {
        MessageContext inboundMessageContext = this.prc.getInboundMessageContext();
        if (!$assertionsDisabled && inboundMessageContext == null) {
            throw new AssertionError();
        }
        inboundMessageContext.setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
    }

    @Test
    public void testForceAuthn() {
        MessageContext inboundMessageContext = this.prc.getInboundMessageContext();
        if (!$assertionsDisabled && inboundMessageContext == null) {
            throw new AssertionError();
        }
        inboundMessageContext.setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        AuthnRequest authnRequest = (AuthnRequest) inboundMessageContext.getMessage();
        if (!$assertionsDisabled && authnRequest == null) {
            throw new AssertionError();
        }
        authnRequest.setForceAuthn(true);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        this.profileConfig.setDisallowedFeatures(16);
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "AccessDenied");
        AuthnRequest authnRequest2 = (AuthnRequest) inboundMessageContext.getMessage();
        if (!$assertionsDisabled && authnRequest2 == null) {
            throw new AssertionError();
        }
        authnRequest2.setForceAuthn(false);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
    }

    @Test
    public void testFormat() {
        MessageContext inboundMessageContext = this.prc.getInboundMessageContext();
        if (!$assertionsDisabled && inboundMessageContext == null) {
            throw new AssertionError();
        }
        inboundMessageContext.setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        NameIDPolicy buildObject = this.nidBuilder.buildObject();
        buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        AuthnRequest authnRequest = (AuthnRequest) inboundMessageContext.getMessage();
        if (!$assertionsDisabled && authnRequest == null) {
            throw new AssertionError();
        }
        authnRequest.setNameIDPolicy(buildObject);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        this.profileConfig.setDisallowedFeatures(4);
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "AccessDenied");
        buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        buildObject.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        buildObject.setFormat((String) null);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
    }

    @Test
    public void testSPNameQualifier() {
        MessageContext inboundMessageContext = this.prc.getInboundMessageContext();
        if (!$assertionsDisabled && inboundMessageContext == null) {
            throw new AssertionError();
        }
        inboundMessageContext.setMessage(SAML2ActionTestingSupport.buildAuthnRequest());
        NameIDPolicy buildObject = this.nidBuilder.buildObject();
        buildObject.setSPNameQualifier("http://idp.example.org");
        AuthnRequest authnRequest = (AuthnRequest) inboundMessageContext.getMessage();
        if (!$assertionsDisabled && authnRequest == null) {
            throw new AssertionError();
        }
        authnRequest.setNameIDPolicy(buildObject);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        this.profileConfig.setDisallowedFeatures(8);
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "AccessDenied");
        buildObject.setSPNameQualifier((String) null);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
    }

    static {
        $assertionsDisabled = !EnforceDisallowedSSOFeaturesTest.class.desiredAssertionStatus();
    }
}
