package org.opensaml.saml.saml2.wssecurity.messaging.impl;

import jakarta.servlet.http.HttpServletRequest;
import java.io.File;
import java.net.URISyntaxException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.function.Function;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.collection.Pair;
import net.shibboleth.shared.resolver.CriteriaSet;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.saml2.assertion.tests.BaseAssertionValidationTest;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.testing.SAML2ActionTestingSupport;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.x509.X509Support;
import org.springframework.mock.web.MockHttpServletRequest;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/wssecurity/messaging/impl/DefaultSAML20AssertionValidationContextBuilderTest.class */
public class DefaultSAML20AssertionValidationContextBuilderTest extends XMLObjectBaseTestCase {
    private DefaultSAML20AssertionValidationContextBuilder builder;
    private SAML20AssertionTokenValidationInput input;
    private String issuerEntityID = BaseAssertionValidationTest.ISSUER;
    private String rpEntityID = "https://rp.example.com";
    private String requestURL = "https://rp.example.com/wss/saml";
    private String remoteAddr = "10.1.2.3";
    private X509Certificate clientTLSCert;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    protected void setUp() throws URISyntaxException, CertificateException {
        this.builder = new DefaultSAML20AssertionValidationContextBuilder();
        this.input = new SAML20AssertionTokenValidationInput(buildMessageContext(), buildHttpServletRequest(), buildAssertion());
    }

    @Test
    public void testDefaults() {
        ValidationContext apply = this.builder.apply(this.input);
        if (!$assertionsDisabled && apply == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(apply.getStaticParameters().get("saml2.SignatureRequired"), Boolean.TRUE);
        CriteriaSet criteriaSet = (CriteriaSet) apply.getStaticParameters().get("saml2.SignatureValidationCriteriaSet");
        Assert.assertEquals(criteriaSet.size(), 2);
        EntityIdCriterion entityIdCriterion = (EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class);
        if (!$assertionsDisabled && entityIdCriterion == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(entityIdCriterion.getEntityId(), this.issuerEntityID);
        UsageCriterion usageCriterion = (UsageCriterion) criteriaSet.get(UsageCriterion.class);
        if (!$assertionsDisabled && usageCriterion == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(usageCriterion.getUsage(), UsageType.SIGNING);
        Assert.assertEquals(apply.getStaticParameters().get("saml2.SubjectConfirmation.HoK.PresenterCertificate"), this.clientTLSCert);
        Assert.assertEquals(apply.getStaticParameters().get("saml2.SubjectConfirmation.HoK.PresenterKey"), (Object) null);
        Set set = (Set) apply.getStaticParameters().get("saml2.SubjectConfirmation.ValidRecipients");
        Assert.assertEquals(set.size(), 2);
        Assert.assertTrue(set.contains(this.requestURL));
        Assert.assertTrue(set.contains(this.rpEntityID));
        Set set2 = (Set) apply.getStaticParameters().get("saml2.Conditions.ValidAudiences");
        Assert.assertEquals(set2.size(), 1);
        Assert.assertTrue(set2.contains(this.rpEntityID));
    }

    @Test
    public void testCustom() {
        this.builder.setSignatureRequired(false);
        this.builder.setSignatureCriteriaSetFunction(new Function<Pair<MessageContext, Assertion>, CriteriaSet>() { // from class: org.opensaml.saml.saml2.wssecurity.messaging.impl.DefaultSAML20AssertionValidationContextBuilderTest.1
            @Override // java.util.function.Function
            @Nullable
            public CriteriaSet apply(@Nullable Pair<MessageContext, Assertion> pair) {
                CriteriaSet criteriaSet = new CriteriaSet();
                criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
                criteriaSet.add(new ProtocolCriterion("urn:oasis:names:tc:SAML:2.0:protocol"));
                return criteriaSet;
            }
        });
        ValidationContext apply = this.builder.apply(this.input);
        if (!$assertionsDisabled && apply == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(apply.getStaticParameters().get("saml2.SignatureRequired"), Boolean.FALSE);
        CriteriaSet criteriaSet = (CriteriaSet) apply.getStaticParameters().get("saml2.SignatureValidationCriteriaSet");
        Assert.assertEquals(criteriaSet.size(), 4);
        EntityIdCriterion entityIdCriterion = (EntityIdCriterion) criteriaSet.get(EntityIdCriterion.class);
        if (!$assertionsDisabled && entityIdCriterion == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(entityIdCriterion.getEntityId(), this.issuerEntityID);
        UsageCriterion usageCriterion = (UsageCriterion) criteriaSet.get(UsageCriterion.class);
        if (!$assertionsDisabled && usageCriterion == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(usageCriterion.getUsage(), UsageType.SIGNING);
        EntityRoleCriterion entityRoleCriterion = (EntityRoleCriterion) criteriaSet.get(EntityRoleCriterion.class);
        if (!$assertionsDisabled && entityRoleCriterion == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(entityRoleCriterion.getRole(), IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        ProtocolCriterion protocolCriterion = (ProtocolCriterion) criteriaSet.get(ProtocolCriterion.class);
        if (!$assertionsDisabled && protocolCriterion == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(protocolCriterion.getProtocol(), "urn:oasis:names:tc:SAML:2.0:protocol");
        Assert.assertEquals(apply.getStaticParameters().get("saml2.SubjectConfirmation.HoK.PresenterCertificate"), this.clientTLSCert);
        Assert.assertEquals(apply.getStaticParameters().get("saml2.SubjectConfirmation.HoK.PresenterKey"), (Object) null);
        Set set = (Set) apply.getStaticParameters().get("saml2.SubjectConfirmation.ValidRecipients");
        Assert.assertEquals(set.size(), 2);
        Assert.assertTrue(set.contains(this.requestURL));
        Assert.assertTrue(set.contains(this.rpEntityID));
        Set set2 = (Set) apply.getStaticParameters().get("saml2.Conditions.ValidAudiences");
        Assert.assertEquals(set2.size(), 1);
        Assert.assertTrue(set2.contains(this.rpEntityID));
    }

    @Nonnull
    private MessageContext buildMessageContext() {
        MessageContext messageContext = new MessageContext();
        messageContext.ensureSubcontext(SAMLSelfEntityContext.class).setEntityId(this.rpEntityID);
        return messageContext;
    }

    @Nonnull
    private HttpServletRequest buildHttpServletRequest() throws URISyntaxException, CertificateException {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.setScheme("https");
        mockHttpServletRequest.setServerName("rp.example.com");
        mockHttpServletRequest.setServerPort(443);
        mockHttpServletRequest.setRequestURI("/wss/saml");
        mockHttpServletRequest.setRemoteAddr(this.remoteAddr);
        this.clientTLSCert = X509Support.decodeCertificate(new File(getClass().getResource("/org/opensaml/saml/saml2/wssecurity/messaging/impl/presenter.crt").toURI()));
        mockHttpServletRequest.setAttribute("jakarta.servlet.request.X509Certificate", new X509Certificate[]{this.clientTLSCert});
        return mockHttpServletRequest;
    }

    @Nonnull
    private Assertion buildAssertion() {
        Assertion buildAssertion = SAML2ActionTestingSupport.buildAssertion();
        buildAssertion.setSubject(SAML2ActionTestingSupport.buildSubject("barney"));
        buildAssertion.setIssuer(SAML2ActionTestingSupport.buildIssuer(this.issuerEntityID));
        return buildAssertion;
    }

    static {
        $assertionsDisabled = !DefaultSAML20AssertionValidationContextBuilderTest.class.desiredAssertionStatus();
    }
}
