package net.shibboleth.idp.profile.spring.relyingparty.metadata;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import java.util.function.Predicate;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.test.repository.RepositorySupport;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.persist.FilesystemLoadSaveManager;
import org.opensaml.core.xml.persist.XMLObjectLoadSaveManager;
import org.opensaml.saml.criterion.ArtifactCriterion;
import org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.FunctionDrivenDynamicHTTPMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.HTTPEntityIDRequestURLBuilder;
import org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactType0004;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.springframework.context.ApplicationContext;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/profile/spring/relyingparty/metadata/DynamicHTTPMetadataProviderParserTest.class */
public class DynamicHTTPMetadataProviderParserTest extends AbstractMetadataParserTest {
    private static final String PROP_MDURL = "metadataURL";
    private static final String REPO_IDP = "java-shib-metadata";
    private static final String REPO_OPENSAML = "java-opensaml";
    private static final String TEMPLATE_URL = "opensaml-saml-impl/src/test/resources/org/opensaml/saml/metadata/resolver/impl/${entityID}.xml";

    @Test
    public void testDefaults() throws Exception {
        FunctionDrivenDynamicHTTPMetadataResolver functionDrivenDynamicHTTPMetadataResolver = (FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicDefaults.xml", "beans.xml");
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isInitialized());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isFailFastInitialization());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isRequireValidMetadata());
        Assert.assertNull(functionDrivenDynamicHTTPMetadataResolver.getMetadataFilter());
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getParserPool());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.getIndexes().isEmpty());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getNegativeLookupCacheDuration(), Duration.ofMinutes(10L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getRefreshDelayFactor().floatValue(), 0.75f);
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getMinCacheDuration(), Duration.ofMinutes(10L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getMaxCacheDuration(), Duration.ofHours(8L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getMaxIdleEntityData(), Duration.ofHours(8L));
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isRemoveIdleEntityData());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getCleanupTaskInterval(), Duration.ofMinutes(30L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getExpirationWarningThreshold(), Duration.ZERO);
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getSupportedContentTypes(), Arrays.asList("application/samlmetadata+xml", "application/xml", "text/xml"));
        Assert.assertFalse(functionDrivenDynamicHTTPMetadataResolver.isPersistentCachingEnabled());
        Assert.assertNull(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheManager());
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheKeyGenerator());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheKeyGenerator() instanceof AbstractDynamicMetadataResolver.DefaultCacheKeyGenerator);
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getInitializationFromCachePredicate());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.getInitializationFromCachePredicate().test(null));
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isInitializeFromPersistentCacheInBackground());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getBackgroundInitializationFromCacheDelay(), Duration.ofSeconds(2L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getRequestURLBuilder().getClass(), HTTPEntityIDRequestURLBuilder.class);
    }

    @Test
    public void testIndexes() throws Exception {
        FunctionDrivenDynamicHTTPMetadataResolver functionDrivenDynamicHTTPMetadataResolver = (FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicIndexes.xml", "beans.xml");
        Assert.assertFalse(functionDrivenDynamicHTTPMetadataResolver.getIndexes().isEmpty());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getIndexes().size(), 3);
    }

    @Test
    public void testClientSecurityParamsParams() throws Exception {
        getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicClientSecurityParams.xml", "beans.xml", "httpClient.xml");
    }

    @Test
    public void testTimeoutParams() throws Exception {
        getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicTimeouts.xml", "beans.xml", "httpClient.xml");
    }

    @Test
    public void testMaxConnectionsParams() throws Exception {
        getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicMaxConnections.xml", "beans.xml", "httpClient.xml");
    }

    @Test
    public void testPersistentCacheParamsViaDirectory() throws Exception {
        ApplicationContext applicationContext = getApplicationContext("dynamicResolverContext", "dynamicPersistentCacheDirectory.xml", "beans.xml", "httpClient.xml");
        FunctionDrivenDynamicHTTPMetadataResolver functionDrivenDynamicHTTPMetadataResolver = (FunctionDrivenDynamicHTTPMetadataResolver) FunctionDrivenDynamicHTTPMetadataResolver.class.cast(((MetadataProviderContainer) applicationContext.getBean("dynamicPersistentCacheParamsDirectory", MetadataProviderContainer.class)).getEmbeddedResolver());
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver);
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isInitialized());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isPersistentCachingEnabled());
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheManager());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheManager() instanceof FilesystemLoadSaveManager);
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheKeyGenerator());
        Assert.assertSame(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheKeyGenerator(), applicationContext.getBean("digester.SHA1HexLower", Function.class));
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getInitializationFromCachePredicate());
        Assert.assertSame(functionDrivenDynamicHTTPMetadataResolver.getInitializationFromCachePredicate(), applicationContext.getBean("predicate.AlwaysFalse", Predicate.class));
        Assert.assertFalse(functionDrivenDynamicHTTPMetadataResolver.isInitializeFromPersistentCacheInBackground());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getBackgroundInitializationFromCacheDelay(), Duration.ofSeconds(30L));
    }

    @Test
    public void testPersistentCacheParamsViaManagerBeanRef() throws Exception {
        ApplicationContext applicationContext = getApplicationContext("dynamicResolverContext", "dynamicPersistentCacheBean.xml", "beans.xml", "httpClient.xml");
        FunctionDrivenDynamicHTTPMetadataResolver functionDrivenDynamicHTTPMetadataResolver = (FunctionDrivenDynamicHTTPMetadataResolver) FunctionDrivenDynamicHTTPMetadataResolver.class.cast(((MetadataProviderContainer) applicationContext.getBean("dynamicPersistentCacheParamsBean", MetadataProviderContainer.class)).getEmbeddedResolver());
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver);
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isInitialized());
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isPersistentCachingEnabled());
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheManager());
        Assert.assertSame(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheManager(), applicationContext.getBean("metadata.persistentCacheManager", XMLObjectLoadSaveManager.class));
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheKeyGenerator());
        Assert.assertSame(functionDrivenDynamicHTTPMetadataResolver.getPersistentCacheKeyGenerator(), applicationContext.getBean("digester.SHA1HexLower", Function.class));
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getInitializationFromCachePredicate());
        Assert.assertSame(functionDrivenDynamicHTTPMetadataResolver.getInitializationFromCachePredicate(), applicationContext.getBean("predicate.AlwaysFalse", Predicate.class));
        Assert.assertFalse(functionDrivenDynamicHTTPMetadataResolver.isInitializeFromPersistentCacheInBackground());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getBackgroundInitializationFromCacheDelay(), Duration.ofSeconds(30L));
    }

    @Test
    public void testBasicParams() throws Exception {
        FunctionDrivenDynamicHTTPMetadataResolver functionDrivenDynamicHTTPMetadataResolver = (FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicBasicParams.xml", "beans.xml", "httpClient.xml");
        Assert.assertTrue(functionDrivenDynamicHTTPMetadataResolver.isInitialized());
        Assert.assertFalse(functionDrivenDynamicHTTPMetadataResolver.isFailFastInitialization());
        Assert.assertFalse(functionDrivenDynamicHTTPMetadataResolver.isRequireValidMetadata());
        Assert.assertNull(functionDrivenDynamicHTTPMetadataResolver.getMetadataFilter());
        Assert.assertNotNull(functionDrivenDynamicHTTPMetadataResolver.getParserPool());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getNegativeLookupCacheDuration(), Duration.ofMinutes(5L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getRefreshDelayFactor().floatValue(), 0.5f);
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getMinCacheDuration(), Duration.ofMinutes(5L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getMaxCacheDuration(), Duration.ofHours(4L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getMaxIdleEntityData(), Duration.ofHours(2L));
        Assert.assertFalse(functionDrivenDynamicHTTPMetadataResolver.isRemoveIdleEntityData());
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getCleanupTaskInterval(), Duration.ofMinutes(20L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getExpirationWarningThreshold(), Duration.ofHours(3L));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getSupportedContentTypes(), Collections.singletonList("text/xml"));
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getRequestURLBuilder().getClass(), HTTPEntityIDRequestURLBuilder.class);
    }

    @Test
    public void testWellKnown() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicWellKnown.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://test.shibboleth.net/shibboleth")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://test.shibboleth.net/shibboleth");
    }

    @Test
    public void testTemplate() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPResourceURL(REPO_OPENSAML, TEMPLATE_URL, false)), "dynamicTemplate.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testMDQ() throws Exception {
        FunctionDrivenDynamicHTTPMetadataResolver functionDrivenDynamicHTTPMetadataResolver = (FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicMetadataQueryProtocol.xml", "beans.xml");
        Assert.assertEquals(functionDrivenDynamicHTTPMetadataResolver.getSupportedContentTypes(), Collections.singletonList("application/samlmetadata+xml"));
        EntityDescriptor resolveSingle = functionDrivenDynamicHTTPMetadataResolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("urn:mace:incommon:osu.edu")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "urn:mace:incommon:osu.edu");
    }

    @Test
    public void testMDQWithContentTypeOverride() throws Exception {
        Assert.assertEquals(((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicMetadataQueryProtocolWithContentTypeOverride.xml", "beans.xml")).getSupportedContentTypes(), List.of("application/xml", "test/foo"));
    }

    @Test
    public void testMDQWithSecondaryURLBuilderForArtifact() throws Exception {
        FunctionDrivenDynamicHTTPMetadataResolver functionDrivenDynamicHTTPMetadataResolver = (FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, "dynamicMetadataQueryProtocolWithSecondaryURLBuilders.xml", "beans.xml");
        byte[] digest = MessageDigest.getInstance("SHA-1").digest("urn:mace:incommon:osu.edu".getBytes("UTF-8"));
        byte[] bArr = new byte[20];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        EntityDescriptor resolveSingle = functionDrivenDynamicHTTPMetadataResolver.resolveSingle(new CriteriaSet(new Criterion[]{new ArtifactCriterion(new SAML2ArtifactType0004(new byte[]{0, 0}, digest, bArr))}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "urn:mace:incommon:osu.edu");
    }

    @Test
    public void testRegex() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPResourceURL(REPO_IDP, "shib-metadata-spring/src/test/resources/net/shibboleth/spring/metadata/$1.xml", false)), "dynamicRegex.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://idp.example.org/idp/shibboleth")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://idp.example.org/idp/shibboleth");
    }

    @Test
    public void testHttpCachingNone() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPResourceURL(REPO_OPENSAML, TEMPLATE_URL, false)), "dynamic-httpCaching-none.xml", "beans.xml", "httpClient.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testHttpCachingMemory() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPResourceURL(REPO_OPENSAML, TEMPLATE_URL, false)), "dynamic-httpCaching-memory.xml", "beans.xml", "httpClient.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testHttpCachingFile() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPResourceURL(REPO_OPENSAML, TEMPLATE_URL, false)), "dynamic-httpCaching-file.xml", "beans.xml", "httpClient.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testHTTPSNoTrustEngine() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPResourceURL(REPO_OPENSAML, TEMPLATE_URL, false)), "dynamic-https-noTrustEngine.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testHTTPSTrustEngineExplicitKey() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPSResourceURL(REPO_OPENSAML, TEMPLATE_URL)), "dynamic-https-trustEngine-explicitKey.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testHTTPSTrustEngineInvalidKey() throws Exception {
        Assert.assertNull(((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPSResourceURL(REPO_OPENSAML, TEMPLATE_URL)), "dynamic-https-trustEngine-invalidKey.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }

    @Test
    public void testHTTPSTrustEngineValidPKIX() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPSResourceURL(REPO_OPENSAML, TEMPLATE_URL)), "dynamic-https-trustEngine-validPKIX.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testHTTPSTrustEngineValidPKIXExplicitTrustedName() throws Exception {
        EntityDescriptor resolveSingle = ((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPSResourceURL(REPO_OPENSAML, TEMPLATE_URL)), "dynamic-https-trustEngine-validPKIX-explicitTrustedName.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")}));
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getEntityID(), "https://www.example.org/sp");
    }

    @Test
    public void testHTTPSTrustEngineInvalidPKIX() throws Exception {
        Assert.assertNull(((FunctionDrivenDynamicHTTPMetadataResolver) getBean(FunctionDrivenDynamicHTTPMetadataResolver.class, singletonPropertySource(PROP_MDURL, RepositorySupport.buildHTTPSResourceURL(REPO_OPENSAML, TEMPLATE_URL)), "dynamic-https-trustEngine-invalidPKIX.xml", "beans.xml")).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("https://www.example.org/sp")})));
    }
}
