package org.opensaml.saml.saml2.profile.impl;

import java.io.File;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.List;
import java.util.function.Function;
import javax.annotation.Nonnull;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.PredicateSupport;
import net.shibboleth.shared.resolver.ResolverException;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.testing.ActionTestingSupport;
import org.opensaml.profile.testing.RequestContextBuilder;
import org.opensaml.saml.common.SAMLException;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandlerTest;
import org.opensaml.saml.common.profile.NameIdentifierGenerator;
import org.opensaml.saml.common.profile.logic.AffiliationNameIDPolicyPredicate;
import org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator;
import org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects;
import org.opensaml.saml.saml2.testing.SAML2ActionTestingSupport;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/profile/impl/AddNameIDToSubjectsTest.class */
public class AddNameIDToSubjectsTest extends XMLObjectBaseTestCase {
    private static final String NAME_QUALIFIER = "https://idp.example.org";
    private FilesystemMetadataResolver metadataResolver;
    private SAMLObjectBuilder<NameIDPolicy> policyBuilder;
    private ChainingSAML2NameIDGenerator generator;
    private ProfileRequestContext prc;
    private AddNameIDToSubjects action;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/opensaml/saml/saml2/profile/impl/AddNameIDToSubjectsTest$EmailFormatLookupStrategy.class */
    private class EmailFormatLookupStrategy implements Function<ProfileRequestContext, List<String>> {
        private EmailFormatLookupStrategy() {
        }

        @Override // java.util.function.Function
        public List<String> apply(ProfileRequestContext profileRequestContext) {
            return Arrays.asList("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        }
    }

    /* loaded from: input_file:org/opensaml/saml/saml2/profile/impl/AddNameIDToSubjectsTest$MockSAML2NameIDGenerator.class */
    private class MockSAML2NameIDGenerator extends AbstractSAML2NameIDGenerator {
        private final String identifier;

        public MockSAML2NameIDGenerator(@Nonnull String str) {
            setId("test");
            setDefaultIdPNameQualifierLookupStrategy(new Function<ProfileRequestContext, String>() { // from class: org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjectsTest.MockSAML2NameIDGenerator.1
                @Override // java.util.function.Function
                public String apply(ProfileRequestContext profileRequestContext) {
                    return "https://idp.example.org";
                }
            });
            this.identifier = str;
        }

        protected String getIdentifier(ProfileRequestContext profileRequestContext) throws SAMLException {
            return this.identifier;
        }
    }

    /* loaded from: input_file:org/opensaml/saml/saml2/profile/impl/AddNameIDToSubjectsTest$X509FormatLookupStrategy.class */
    private class X509FormatLookupStrategy implements Function<ProfileRequestContext, List<String>> {
        private X509FormatLookupStrategy() {
        }

        @Override // java.util.function.Function
        public List<String> apply(ProfileRequestContext profileRequestContext) {
            return Arrays.asList("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        }
    }

    @BeforeClass
    public void classSetUp() throws ResolverException, URISyntaxException, ComponentInitializationException {
        this.metadataResolver = new FilesystemMetadataResolver(new File(SAMLMetadataLookupHandlerTest.class.getResource("/org/opensaml/saml/saml2/profile/impl/affiliation-metadata.xml").toURI()));
        this.metadataResolver.setParserPool(parserPool);
        this.metadataResolver.setId("md");
        this.metadataResolver.initialize();
    }

    @AfterClass
    public void classTearDown() {
        this.metadataResolver.destroy();
    }

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.prc = new RequestContextBuilder().buildProfileRequestContext();
        this.action = new AddNameIDToSubjects();
        NameIdentifierGenerator mockSAML2NameIDGenerator = new MockSAML2NameIDGenerator("foo");
        mockSAML2NameIDGenerator.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        mockSAML2NameIDGenerator.initialize();
        NameIdentifierGenerator mockSAML2NameIDGenerator2 = new MockSAML2NameIDGenerator("bar");
        mockSAML2NameIDGenerator2.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        mockSAML2NameIDGenerator2.setActivationCondition(PredicateSupport.alwaysFalse());
        mockSAML2NameIDGenerator2.initialize();
        NameIdentifierGenerator mockSAML2NameIDGenerator3 = new MockSAML2NameIDGenerator("baz");
        mockSAML2NameIDGenerator3.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        mockSAML2NameIDGenerator3.initialize();
        NameIdentifierGenerator mockSAML2NameIDGenerator4 = new MockSAML2NameIDGenerator("baf");
        mockSAML2NameIDGenerator4.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        mockSAML2NameIDGenerator4.initialize();
        this.generator = new ChainingSAML2NameIDGenerator();
        this.generator.setGenerators(CollectionSupport.listOf(new NameIdentifierGenerator[]{mockSAML2NameIDGenerator, mockSAML2NameIDGenerator2, mockSAML2NameIDGenerator3, mockSAML2NameIDGenerator4}));
        this.action.setNameIDGenerator(this.generator);
        this.policyBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().ensureBuilder(NameIDPolicy.DEFAULT_ELEMENT_NAME);
    }

    @Test
    public void testNoMessage() throws ComponentInitializationException {
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertNull(((Assertion) this.prc.ensureOutboundMessageContext().ensureMessage()).getSubject());
    }

    @Test
    public void testNoAssertions() throws ComponentInitializationException {
        this.prc.ensureOutboundMessageContext().setMessage(SAML2ActionTestingSupport.buildResponse());
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertTrue(((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().isEmpty());
    }

    @Test
    void testRequiredFormat() throws ComponentInitializationException {
        addAssertions();
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        NameIDPolicy buildObject = this.policyBuilder.buildObject();
        buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        buildAuthnRequest.setNameIDPolicy(buildObject);
        this.prc.ensureInboundMessageContext().setMessage(buildAuthnRequest);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Subject subject = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject();
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError();
        }
        NameID nameID = subject.getNameID();
        if (!$assertionsDisabled && nameID == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID.getValue(), "baz");
        Assert.assertEquals(nameID.getFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        Subject subject2 = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(1)).getSubject();
        if (!$assertionsDisabled && subject2 == null) {
            throw new AssertionError();
        }
        NameID nameID2 = subject2.getNameID();
        if (!$assertionsDisabled && nameID2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID2.getValue(), "baz");
        Assert.assertEquals(nameID2.getFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
    }

    @Test
    void testRequiredFormatError() throws ComponentInitializationException {
        addAssertions();
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        NameIDPolicy buildObject = this.policyBuilder.buildObject();
        buildObject.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos");
        buildAuthnRequest.setNameIDPolicy(buildObject);
        this.prc.ensureInboundMessageContext().setMessage(buildAuthnRequest);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidNameIDPolicy");
        Assert.assertNull(((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject());
    }

    @Test
    void testQualifierAsIssuer() throws ComponentInitializationException {
        addAssertions();
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        NameIDPolicy buildObject = this.policyBuilder.buildObject();
        buildObject.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        buildObject.setSPNameQualifier("foo");
        buildAuthnRequest.setNameIDPolicy(buildObject);
        this.prc.ensureInboundMessageContext().setMessage(buildAuthnRequest);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidNameIDPolicy");
        Assert.assertNull(((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject());
        Issuer issuer = buildAuthnRequest.getIssuer();
        if (!$assertionsDisabled && issuer == null) {
            throw new AssertionError();
        }
        buildObject.setSPNameQualifier(issuer.getValue());
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Subject subject = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject();
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError();
        }
        NameID nameID = subject.getNameID();
        if (!$assertionsDisabled && nameID == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID.getValue(), "baf");
        Assert.assertEquals(nameID.getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
    }

    @Test
    void testAffiliation() throws ComponentInitializationException {
        addAssertions();
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        NameIDPolicy buildObject = this.policyBuilder.buildObject();
        buildObject.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        buildObject.setSPNameQualifier("foo");
        buildAuthnRequest.setNameIDPolicy(buildObject);
        this.prc.ensureInboundMessageContext().setMessage(buildAuthnRequest);
        AffiliationNameIDPolicyPredicate affiliationNameIDPolicyPredicate = new AffiliationNameIDPolicyPredicate();
        affiliationNameIDPolicyPredicate.setMetadataResolver(this.metadataResolver);
        affiliationNameIDPolicyPredicate.setRequesterIdLookupStrategy(new AddNameIDToSubjects.RequesterIdFromIssuerFunction());
        affiliationNameIDPolicyPredicate.setObjectLookupStrategy(new AddNameIDToSubjects.NameIDPolicyLookupFunction());
        affiliationNameIDPolicyPredicate.initialize();
        this.action.setNameIDPolicyPredicate(affiliationNameIDPolicyPredicate);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidNameIDPolicy");
        Assert.assertNull(((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject());
        buildObject.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        buildObject.setSPNameQualifier("http://affiliation.example.org");
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Subject subject = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject();
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError();
        }
        NameID nameID = subject.getNameID();
        if (!$assertionsDisabled && nameID == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID.getValue(), "baf");
        Assert.assertEquals(nameID.getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
    }

    @Test
    void testArbitraryFormat() throws ComponentInitializationException {
        addAssertions();
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertNull(((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject());
        Assert.assertNull(((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(1)).getSubject());
    }

    @Test
    void testSingleGenerator() throws ComponentInitializationException {
        addAssertions();
        this.action.setFormatLookupStrategy(new X509FormatLookupStrategy());
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Subject subject = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject();
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError();
        }
        NameID nameID = subject.getNameID();
        if (!$assertionsDisabled && nameID == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID.getValue(), "foo");
        Assert.assertEquals(nameID.getFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        Subject subject2 = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(1)).getSubject();
        if (!$assertionsDisabled && subject2 == null) {
            throw new AssertionError();
        }
        NameID nameID2 = subject2.getNameID();
        if (!$assertionsDisabled && nameID2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID2.getValue(), "foo");
        Assert.assertEquals(nameID2.getFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
    }

    @Test
    void testMultipleGenerators() throws ComponentInitializationException {
        addAssertions();
        this.action.setFormatLookupStrategy(new EmailFormatLookupStrategy());
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Subject subject = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(0)).getSubject();
        if (!$assertionsDisabled && subject == null) {
            throw new AssertionError();
        }
        NameID nameID = subject.getNameID();
        if (!$assertionsDisabled && nameID == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID.getValue(), "baz");
        Assert.assertEquals(nameID.getFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        Subject subject2 = ((Assertion) ((Response) this.prc.ensureOutboundMessageContext().ensureMessage()).getAssertions().get(1)).getSubject();
        if (!$assertionsDisabled && subject2 == null) {
            throw new AssertionError();
        }
        NameID nameID2 = subject2.getNameID();
        if (!$assertionsDisabled && nameID2 == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(nameID2.getValue(), "baz");
        Assert.assertEquals(nameID2.getFormat(), "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
    }

    private void addAssertions() {
        Response buildResponse = SAML2ActionTestingSupport.buildResponse();
        buildResponse.getAssertions().add(SAML2ActionTestingSupport.buildAssertion());
        buildResponse.getAssertions().add(SAML2ActionTestingSupport.buildAssertion());
        this.prc.ensureOutboundMessageContext().setMessage(buildResponse);
    }

    static {
        $assertionsDisabled = !AddNameIDToSubjectsTest.class.desiredAssertionStatus();
    }
}
