package org.opensaml.saml.saml2.wssecurity.messaging.impl;

import java.net.URISyntaxException;
import java.security.KeyException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.primitive.NonnullSupplier;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.assertion.AssertionValidationException;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.assertion.ValidationResult;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.saml2.assertion.SAML20AssertionValidator;
import org.opensaml.saml.saml2.assertion.tests.BaseAssertionValidationTest;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.testing.SAML2ActionTestingSupport;
import org.opensaml.saml.saml2.wssecurity.SAML20AssertionToken;
import org.opensaml.security.SecurityException;
import org.opensaml.soap.messaging.context.SOAP11Context;
import org.opensaml.soap.soap11.Body;
import org.opensaml.soap.soap11.Envelope;
import org.opensaml.soap.soap11.Fault;
import org.opensaml.soap.soap11.FaultCode;
import org.opensaml.soap.soap11.Header;
import org.opensaml.soap.util.SOAPSupport;
import org.opensaml.soap.wssecurity.Security;
import org.opensaml.soap.wssecurity.WSSecurityConstants;
import org.opensaml.soap.wssecurity.messaging.Token;
import org.opensaml.soap.wssecurity.messaging.WSSecurityContext;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignaturePrevalidator;
import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
import org.springframework.mock.web.MockHttpServletRequest;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/wssecurity/messaging/impl/WSSecuritySAML20AssertionTokenSecurityHandlerTest.class */
public class WSSecuritySAML20AssertionTokenSecurityHandlerTest extends XMLObjectBaseTestCase {
    private WSSecuritySAML20AssertionTokenSecurityHandler handler;
    private MessageContext messageContext;
    private MockHttpServletRequest httpServletRequest;
    private Assertion assertion;
    private SubjectConfirmation subjectConfirmation;
    private String issuerEntityID = BaseAssertionValidationTest.ISSUER;
    private String rpEntityID = "https://rp.example.com";
    private String remoteAddr = "10.1.2.3";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opensaml/saml/saml2/wssecurity/messaging/impl/WSSecuritySAML20AssertionTokenSecurityHandlerTest$MockAssertionValidator.class */
    public static class MockAssertionValidator extends SAML20AssertionValidator {
        private ValidationResult validationResult;
        private boolean isThrowException;
        private SubjectConfirmation confirmedSubjectConfirmation;

        public MockAssertionValidator(ValidationResult validationResult, SubjectConfirmation subjectConfirmation, boolean z) {
            super((Collection) null, (Collection) null, (Collection) null, (SignatureTrustEngine) null, (SignaturePrevalidator) null);
            this.validationResult = validationResult;
            this.confirmedSubjectConfirmation = subjectConfirmation;
            this.isThrowException = z;
        }

        @Nonnull
        public ValidationResult validate(@Nonnull Assertion assertion, @Nonnull ValidationContext validationContext) throws AssertionValidationException {
            if (this.isThrowException) {
                throw new AssertionValidationException();
            }
            if (this.confirmedSubjectConfirmation != null) {
                validationContext.getDynamicParameters().put("saml2.ConfirmedSubjectConfirmation", this.confirmedSubjectConfirmation);
            }
            return this.validationResult;
        }
    }

    @BeforeMethod
    protected void setUp() throws CertificateException, URISyntaxException, KeyException, SecurityException, MarshallingException, SignatureException {
        this.assertion = buildAssertion();
        this.messageContext = buildMessageContext();
        this.httpServletRequest = buildHttpServletRequest();
        this.handler = new WSSecuritySAML20AssertionTokenSecurityHandler();
        this.handler.setHttpServletRequestSupplier(new NonnullSupplier<HttpServletRequest>() { // from class: org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandlerTest.1
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public HttpServletRequest m38get() {
                return WSSecuritySAML20AssertionTokenSecurityHandlerTest.this.httpServletRequest;
            }
        });
    }

    @Test
    public void testDefaultsValid() throws ComponentInitializationException, MessageHandlerException {
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.VALID, this.subjectConfirmation, false));
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
        WSSecurityContext subcontext = this.messageContext.getSubcontext(WSSecurityContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getTokens().size(), 1);
        Assert.assertTrue(subcontext.getTokens().get(0) instanceof SAML20AssertionToken);
        SAML20AssertionToken sAML20AssertionToken = (SAML20AssertionToken) subcontext.getTokens().get(0);
        Assert.assertSame(sAML20AssertionToken.getWrappedToken(), this.assertion);
        Assert.assertEquals(sAML20AssertionToken.getValidationStatus(), Token.ValidationStatus.VALID);
        Assert.assertSame(sAML20AssertionToken.getSubjectConfirmation(), this.subjectConfirmation);
    }

    @Test
    public void testDefaultsInvalid() throws ComponentInitializationException {
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.INVALID, null, false));
        this.handler.initialize();
        try {
            this.handler.invoke(this.messageContext);
            Assert.fail("Assertion validation should have failed");
        } catch (MessageHandlerException e) {
            Fault fault = this.messageContext.getSubcontext(SOAP11Context.class, true).getFault();
            Assert.assertNotNull(fault);
            Assert.assertEquals(fault.getCode().getValue(), WSSecurityConstants.SOAP_FAULT_INVALID_SECURITY_TOKEN);
        }
    }

    @Test
    public void testDefaultsIndeterminate() throws ComponentInitializationException {
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.INDETERMINATE, null, false));
        this.handler.initialize();
        try {
            this.handler.invoke(this.messageContext);
            Assert.fail("Assertion validation should have failed");
        } catch (MessageHandlerException e) {
            Fault fault = this.messageContext.getSubcontext(SOAP11Context.class, true).getFault();
            Assert.assertNotNull(fault);
            Assert.assertEquals(fault.getCode().getValue(), WSSecurityConstants.SOAP_FAULT_INVALID_SECURITY_TOKEN);
        }
    }

    @Test
    public void testValidViaLookup() throws ComponentInitializationException, MessageHandlerException {
        this.handler.setAssertionValidator((SAML20AssertionValidator) null);
        this.handler.setAssertionValidatorLookup(new Function<Pair<MessageContext, Assertion>, SAML20AssertionValidator>() { // from class: org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandlerTest.2
            @Override // java.util.function.Function
            @Nullable
            public SAML20AssertionValidator apply(@Nullable Pair<MessageContext, Assertion> pair) {
                return new MockAssertionValidator(ValidationResult.VALID, WSSecuritySAML20AssertionTokenSecurityHandlerTest.this.subjectConfirmation, false);
            }
        });
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
        WSSecurityContext subcontext = this.messageContext.getSubcontext(WSSecurityContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getTokens().size(), 1);
        Assert.assertTrue(subcontext.getTokens().get(0) instanceof SAML20AssertionToken);
        SAML20AssertionToken sAML20AssertionToken = (SAML20AssertionToken) subcontext.getTokens().get(0);
        Assert.assertSame(sAML20AssertionToken.getWrappedToken(), this.assertion);
        Assert.assertEquals(sAML20AssertionToken.getValidationStatus(), Token.ValidationStatus.VALID);
        Assert.assertSame(sAML20AssertionToken.getSubjectConfirmation(), this.subjectConfirmation);
    }

    @Test
    public void testInvalidNotFatal() throws ComponentInitializationException, MessageHandlerException {
        this.handler.setInvalidFatal(false);
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.INVALID, null, false));
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
        WSSecurityContext subcontext = this.messageContext.getSubcontext(WSSecurityContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getTokens().size(), 1);
        Assert.assertTrue(subcontext.getTokens().get(0) instanceof SAML20AssertionToken);
        SAML20AssertionToken sAML20AssertionToken = (SAML20AssertionToken) subcontext.getTokens().get(0);
        Assert.assertSame(sAML20AssertionToken.getWrappedToken(), this.assertion);
        Assert.assertEquals(sAML20AssertionToken.getValidationStatus(), Token.ValidationStatus.INVALID);
        Assert.assertSame(sAML20AssertionToken.getSubjectConfirmation(), (Object) null);
    }

    @Test
    public void testIndeterminateNotFatal() throws ComponentInitializationException, MessageHandlerException {
        this.handler.setInvalidFatal(false);
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.INDETERMINATE, null, false));
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
        WSSecurityContext subcontext = this.messageContext.getSubcontext(WSSecurityContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getTokens().size(), 1);
        Assert.assertTrue(subcontext.getTokens().get(0) instanceof SAML20AssertionToken);
        SAML20AssertionToken sAML20AssertionToken = (SAML20AssertionToken) subcontext.getTokens().get(0);
        Assert.assertSame(sAML20AssertionToken.getWrappedToken(), this.assertion);
        Assert.assertEquals(sAML20AssertionToken.getValidationStatus(), Token.ValidationStatus.INDETERMINATE);
        Assert.assertSame(sAML20AssertionToken.getSubjectConfirmation(), (Object) null);
    }

    @Test
    public void testException() throws ComponentInitializationException {
        this.handler.setAssertionValidator(new MockAssertionValidator(null, null, true));
        this.handler.initialize();
        try {
            this.handler.invoke(this.messageContext);
            Assert.fail("Assertion validation should have failed");
        } catch (MessageHandlerException e) {
            Fault fault = this.messageContext.getSubcontext(SOAP11Context.class, true).getFault();
            Assert.assertNotNull(fault);
            Assert.assertEquals(fault.getCode().getValue(), FaultCode.SERVER);
        }
    }

    @Test
    public void testNonSOAP() throws ComponentInitializationException, MessageHandlerException {
        this.messageContext.removeSubcontext(SOAP11Context.class);
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.VALID, this.subjectConfirmation, false));
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
        Assert.assertNull(this.messageContext.getSubcontext(WSSecurityContext.class));
    }

    @Test
    public void testNoAssertions() throws ComponentInitializationException, MessageHandlerException {
        this.messageContext.getSubcontext(SOAP11Context.class).getEnvelope().getHeader().getUnknownXMLObjects().clear();
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.VALID, this.subjectConfirmation, false));
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
        Assert.assertNull(this.messageContext.getSubcontext(WSSecurityContext.class));
    }

    @Test
    public void testNoHeader() throws ComponentInitializationException, MessageHandlerException {
        this.messageContext.getSubcontext(SOAP11Context.class).getEnvelope().setHeader((Header) null);
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.VALID, this.subjectConfirmation, false));
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
        Assert.assertNull(this.messageContext.getSubcontext(WSSecurityContext.class));
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testNoValidatorOrLookup() throws ComponentInitializationException, MessageHandlerException {
        this.handler.setAssertionValidator((SAML20AssertionValidator) null);
        this.handler.setAssertionValidatorLookup((Function) null);
        this.handler.initialize();
    }

    @Test(expectedExceptions = {MessageHandlerException.class})
    public void testNoValidatorAndFailedLookup() throws ComponentInitializationException, MessageHandlerException {
        this.handler.setAssertionValidator((SAML20AssertionValidator) null);
        this.handler.setAssertionValidatorLookup(new Function<Pair<MessageContext, Assertion>, SAML20AssertionValidator>() { // from class: org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandlerTest.3
            @Override // java.util.function.Function
            @Nullable
            public SAML20AssertionValidator apply(@Nullable Pair<MessageContext, Assertion> pair) {
                return null;
            }
        });
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
    }

    @Test(expectedExceptions = {MessageHandlerException.class})
    public void testBadValidationContextBuilder() throws ComponentInitializationException, MessageHandlerException {
        this.handler.setValidationContextBuilder(new Function<SAML20AssertionTokenValidationInput, ValidationContext>() { // from class: org.opensaml.saml.saml2.wssecurity.messaging.impl.WSSecuritySAML20AssertionTokenSecurityHandlerTest.4
            @Override // java.util.function.Function
            @Nullable
            public ValidationContext apply(@Nullable SAML20AssertionTokenValidationInput sAML20AssertionTokenValidationInput) {
                return null;
            }
        });
        this.handler.setAssertionValidator(new MockAssertionValidator(ValidationResult.VALID, this.subjectConfirmation, false));
        this.handler.initialize();
        this.handler.invoke(this.messageContext);
    }

    private MessageContext buildMessageContext() {
        MessageContext messageContext = new MessageContext();
        messageContext.getSubcontext(SAMLSelfEntityContext.class, true).setEntityId(this.rpEntityID);
        XMLObject buildXMLObject = buildXMLObject(simpleXMLObjectQName);
        messageContext.setMessage(buildXMLObject);
        if (this.assertion == null) {
            throw new RuntimeException("Assertion wasn't built");
        }
        Envelope buildXMLObject2 = buildXMLObject(Envelope.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setBody(buildXMLObject(Body.DEFAULT_ELEMENT_NAME));
        buildXMLObject2.getBody().getUnknownXMLObjects().add(buildXMLObject);
        buildXMLObject2.setHeader(buildXMLObject(Header.DEFAULT_ELEMENT_NAME));
        Security buildXMLObject3 = buildXMLObject(Security.ELEMENT_NAME);
        SOAPSupport.addSOAP11MustUnderstandAttribute(buildXMLObject3, true);
        buildXMLObject3.getUnknownXMLObjects().add(this.assertion);
        buildXMLObject2.getHeader().getUnknownXMLObjects().add(buildXMLObject3);
        messageContext.getSubcontext(SOAP11Context.class, true).setEnvelope(buildXMLObject2);
        return messageContext;
    }

    private MockHttpServletRequest buildHttpServletRequest() throws URISyntaxException, CertificateException {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setScheme("https");
        mockHttpServletRequest.setServerName("rp.example.com");
        mockHttpServletRequest.setServerPort(443);
        mockHttpServletRequest.setRequestURI("/wss/saml");
        mockHttpServletRequest.setRemoteAddr(this.remoteAddr);
        return mockHttpServletRequest;
    }

    private Assertion buildAssertion() throws SecurityException, MarshallingException, SignatureException {
        Assertion buildAssertion = SAML2ActionTestingSupport.buildAssertion();
        buildAssertion.setIssuer(SAML2ActionTestingSupport.buildIssuer(this.issuerEntityID));
        buildAssertion.setSubject(SAML2ActionTestingSupport.buildSubject("barney"));
        this.subjectConfirmation = buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        this.subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        buildAssertion.getSubject().getSubjectConfirmations().add(this.subjectConfirmation);
        buildAssertion.getAuthnStatements().add(SAML2ActionTestingSupport.buildAuthnStatement());
        return buildAssertion;
    }
}
