package org.opensaml.saml.metadata.resolver.impl;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import net.shibboleth.utilities.java.support.codec.StringDigester;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.test.repository.RepositorySupport;
import net.shibboleth.utilities.java.support.velocity.VelocityEngine;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.saml.criterion.ArtifactCriterion;
import org.opensaml.saml.metadata.resolver.impl.TemplateRequestURLBuilder;
import org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactType0004;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/FunctionDrivenDynamicHTTPMetadataResolverTest.class */
public class FunctionDrivenDynamicHTTPMetadataResolverTest extends XMLObjectBaseTestCase {
    private FunctionDrivenDynamicHTTPMetadataResolver resolver;
    private HttpClientBuilder httpClientBuilder;

    @BeforeMethod
    public void setUp() {
        this.httpClientBuilder = new HttpClientBuilder();
    }

    @AfterMethod
    public void tearDown() {
        if (this.resolver != null) {
            this.resolver.destroy();
        }
    }

    @Test
    public void testTemplateFromRepoDefaultContentTypes() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml", false), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test(enabled = false)
    public void testTemplateFromRepoWithExplicitContentType() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml", false), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        this.resolver.setSupportedContentTypes(Arrays.asList("application/samlmetadata+xml", "application/xml", "text/xml", "TEXT/PLAIN"));
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test(enabled = false)
    public void testTemplateFromRepoUnsupportedContentType() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        this.resolver.initialize();
        Assert.assertNull(this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }

    @Test
    public void testTemplateNonexistentDomain() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), "http://bogus.example.org/metadata?entityID=${entityID}", TemplateRequestURLBuilder.EncodingStyle.form);
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        this.resolver.initialize();
        Assert.assertNull(this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }

    @Test
    public void testTemplateNonexistentPath() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), "http://test.shibboleth.net/unittests/metadata?entityID=${entityID}", TemplateRequestURLBuilder.EncodingStyle.form);
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        this.resolver.initialize();
        Assert.assertNull(this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }

    @Test
    public void testWellKnownLocation() throws Exception {
        HTTPEntityIDRequestURLBuilder hTTPEntityIDRequestURLBuilder = new HTTPEntityIDRequestURLBuilder();
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(hTTPEntityIDRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("test.shibboleth.net.crt"));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://test.shibboleth.net/shibboleth")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://test.shibboleth.net/shibboleth");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testMDQ() throws Exception {
        MetadataQueryProtocolRequestURLBuilder metadataQueryProtocolRequestURLBuilder = new MetadataQueryProtocolRequestURLBuilder("https://mdq.incommon.org");
        this.httpClientBuilder.setConnectionDisregardTLSCertificate(true);
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(metadataQueryProtocolRequestURLBuilder);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("urn:mace:incommon:osu.edu")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "urn:mace:incommon:osu.edu");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testMDQViaArtifact() throws Exception {
        MetadataQueryProtocolRequestURLBuilder metadataQueryProtocolRequestURLBuilder = new MetadataQueryProtocolRequestURLBuilder("https://mdq.incommon.org", Collections.singletonList(new SAMLArtifactURLBuilder()));
        this.httpClientBuilder.setConnectionDisregardTLSCertificate(true);
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(metadataQueryProtocolRequestURLBuilder);
        this.resolver.initialize();
        byte[] digest = MessageDigest.getInstance("SHA-1").digest("urn:mace:incommon:osu.edu".getBytes("UTF-8"));
        byte[] bArr = new byte[20];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new ArtifactCriterion(new SAML2ArtifactType0004(new byte[]{0, 0}, digest, bArr))}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "urn:mace:incommon:osu.edu");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testTrustEngineSocketFactoryNoHTTPSNoTrustEngine() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml", false), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testTrustEngineSocketFactoryNoHTTPSWithTrustEngine() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml", false), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("repo-entity.crt"));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testHTTPSNoTrustEngine() throws Exception {
        try {
            System.setProperty("javax.net.ssl.trustStore", getClass().getResource("repo.truststore.jks").getFile());
            System.setProperty("javax.net.ssl.trustStorePassword", "shibboleth");
            TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
            this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory(false));
            this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
            this.resolver.setId("myDynamicResolver");
            this.resolver.setParserPool(parserPool);
            this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
            this.resolver.initialize();
            EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
            Assert.assertNotNull(resolveSingle);
            Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
            Assert.assertNull(resolveSingle.getDOM());
            System.setProperty("javax.net.ssl.trustStore", "");
            System.setProperty("javax.net.ssl.trustStorePassword", "");
        } catch (Throwable th) {
            System.setProperty("javax.net.ssl.trustStore", "");
            System.setProperty("javax.net.ssl.trustStorePassword", "");
            throw th;
        }
    }

    @Test
    public void testHTTPSTrustEngineExplicitKey() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("repo-entity.crt"));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testHTTPSTrustEngineInvalidKey() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("badKey.crt"));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        Assert.assertNull(this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }

    @Test
    public void testHTTPSTrustEngineValidPKIX() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("repo-rootCA.crt", null, false));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testHTTPSTrustEngineValidPKIXExplicitName() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("repo-rootCA.crt", "test.shibboleth.net", true));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        EntityDescriptor resolveSingle = this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
        Assert.assertNull(resolveSingle.getDOM());
    }

    @Test
    public void testHTTPSTrustEngineInvalidPKIX() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("badCA.crt", null, false));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        Assert.assertNull(this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }

    @Test
    public void testHTTPSTrustEngineValidPKIXInvalidName() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("repo-rootCA.crt", "foobar.shibboleth.net", true));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        Assert.assertNull(this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }

    @Test
    public void testHTTPSTrustEngineWrongSocketFactory() throws Exception {
        TemplateRequestURLBuilder templateRequestURLBuilder = new TemplateRequestURLBuilder(VelocityEngine.newVelocityEngine(), RepositorySupport.buildHTTPSResourceURL("java-opensaml", "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml"), TemplateRequestURLBuilder.EncodingStyle.path, new StringDigester("SHA-1", StringDigester.OutputFormat.HEX_LOWER));
        this.resolver = new FunctionDrivenDynamicHTTPMetadataResolver(this.httpClientBuilder.buildClient());
        this.resolver.setId("myDynamicResolver");
        this.resolver.setParserPool(parserPool);
        this.resolver.setRequestURLBuilder(templateRequestURLBuilder);
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("repo-entity.crt"));
        this.resolver.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.resolver.initialize();
        Assert.assertNull(this.resolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }
}
