package net.shibboleth.idp.authn.spnego.impl;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.ExternalAuthenticationException;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
import net.shibboleth.idp.authn.impl.ExternalAuthenticationImpl;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.component.ComponentInitializationException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.opensaml.messaging.context.BaseContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/authn/spnego/impl/SPNEGOAuthnControllerTest.class */
public class SPNEGOAuthnControllerTest {
    private static final String TEST_CONVERSATION_KEY = "e1s1";
    private static String NTLMSSP_HEADER_DATA;
    private static String NEGOTIATE_HEADER_DATA;
    private GSSContextAcceptor mockGSSContextAcceptor;
    private Object nullObject;
    static final /* synthetic */ boolean $assertionsDisabled;
    private SPNEGOAuthnController controller = new SPNEGOAuthnController();
    private SPNEGOAuthnController mockedGSSController = new SPNEGOAuthnController() { // from class: net.shibboleth.idp.authn.spnego.impl.SPNEGOAuthnControllerTest.1
        @Nonnull
        protected GSSContextAcceptor createGSSContextAcceptor(@Nonnull SPNEGOContext sPNEGOContext) throws GSSException {
            return SPNEGOAuthnControllerTest.this.mockGSSContextAcceptor;
        }
    };

    @BeforeClass
    public void init() throws EncodingException {
        NTLMSSP_HEADER_DATA = Base64Support.encode(new byte[]{78, 84, 76, 77, 83, 83, 80}, false);
        NEGOTIATE_HEADER_DATA = Base64Support.encode("testdata".getBytes(), false);
    }

    @BeforeMethod
    public void setup() {
        this.mockGSSContextAcceptor = (GSSContextAcceptor) Mockito.mock(GSSContextAcceptor.class);
    }

    @Test(expectedExceptions = {ExternalAuthenticationException.class})
    public void withoutConversationKeyParameter_startSPNEGO_shouldThrowExternalAuthenticationException() throws Exception {
        this.controller.startSPNEGO(TEST_CONVERSATION_KEY, (HttpServletRequest) buildConversationRequestContext(null).getExternalContext().getNativeRequest(), (HttpServletResponse) this.nullObject);
    }

    @Test(expectedExceptions = {ExternalAuthenticationException.class})
    public void givenMismatchedKeys_startSPNEGO_shouldThrowExternalAuthenticationException() throws Exception {
        this.controller.startSPNEGO("e1s2", (HttpServletRequest) buildConversationRequestContext(TEST_CONVERSATION_KEY).getExternalContext().getNativeRequest(), (HttpServletResponse) this.nullObject);
    }

    @Test(expectedExceptions = {ExternalAuthenticationException.class})
    public void givenNullKey_startSPNEGO_shouldReturnAuthenticationException() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(null);
        this.controller.startSPNEGO(TEST_CONVERSATION_KEY, (MockHttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (MockHttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse());
    }

    @Test
    public void withoutSPNEGOContext_startSPNEGO_shouldReturnAuthenticationError() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        assertAuthenticationError(buildConversationRequestContext, this.controller.startSPNEGO(TEST_CONVERSATION_KEY, (MockHttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (MockHttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse()), "InvalidAuthenticationContext");
    }

    @Test
    public void withoutKerberosSettings_startSPNEGO_shouldReturnAuthenticationError() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        AuthenticationContext subcontext = ((ProfileRequestContext) buildConversationRequestContext.getConversationScope().get("opensamlProfileRequestContext")).getSubcontext(AuthenticationContext.class);
        SPNEGOContext sPNEGOContext = new SPNEGOContext();
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.addSubcontext(sPNEGOContext);
        assertAuthenticationError(buildConversationRequestContext, this.controller.startSPNEGO(TEST_CONVERSATION_KEY, (MockHttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (MockHttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse()), "InvalidAuthenticationContext");
    }

    @Test
    public void givenKerberosSettings_startSPNEGO_shouldReturnModelAndView() throws Exception {
        RequestContext buildKerberosContextRequestContext = buildKerberosContextRequestContext();
        assertModelAndView(this.controller.startSPNEGO(TEST_CONVERSATION_KEY, (MockHttpServletRequest) buildKerberosContextRequestContext.getExternalContext().getNativeRequest(), (MockHttpServletResponse) buildKerberosContextRequestContext.getExternalContext().getNativeResponse()), buildKerberosContextRequestContext);
    }

    @Test
    public void givenKerberosSettings_startSPNEGO_shouldPreserveQueryString() throws Exception {
        RequestContext buildKerberosContextRequestContext = buildKerberosContextRequestContext();
        ((MockHttpServletRequest) buildKerberosContextRequestContext.getExternalContext().getNativeRequest()).setQueryString("dummy query string");
        assertModelAndView(this.controller.startSPNEGO(TEST_CONVERSATION_KEY, (MockHttpServletRequest) buildKerberosContextRequestContext.getExternalContext().getNativeRequest(), (MockHttpServletResponse) buildKerberosContextRequestContext.getExternalContext().getNativeResponse()), buildKerberosContextRequestContext);
    }

    @Test
    public void givenKerberosSettings_startSPNEGO_shouldReplyUnauthorizedNegotiate() throws Exception {
        RequestContext buildKerberosContextRequestContext = buildKerberosContextRequestContext();
        this.controller.startSPNEGO(TEST_CONVERSATION_KEY, (MockHttpServletRequest) buildKerberosContextRequestContext.getExternalContext().getNativeRequest(), (MockHttpServletResponse) buildKerberosContextRequestContext.getExternalContext().getNativeResponse());
        assertResponseUnauthorizedNegotiate(buildKerberosContextRequestContext);
    }

    @Test
    public void withoutNegotiateToken_continueSPNEGO_shouldReturnModelAndView() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        assertModelAndView(this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate", (HttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse()), buildConversationRequestContext);
    }

    @Test
    public void withoutNegotiateToken_continueSPNEGO_shouldPreserveQueryString() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        ((MockHttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest()).setQueryString("dummy query string");
        assertModelAndView(this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate", (HttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse()), buildConversationRequestContext);
    }

    @Test
    public void withoutNegotiateToken_continueSPNEGO_shouldReplyUnauthorizedNegotiate() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate", (HttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse());
        assertResponseUnauthorizedNegotiate(buildConversationRequestContext);
    }

    @Test
    public void withoutSPNEGOContext_continueSPNEGO_shouldReturnAuthenticationError() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        assertAuthenticationError(buildConversationRequestContext, this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse()), "InvalidAuthenticationContext");
    }

    @Test
    public void withoutKerberosSettings_continueSPNEGO_shouldReturnAuthenticationError() throws Exception {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        assertAuthenticationError(buildConversationRequestContext, this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildConversationRequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildConversationRequestContext.getExternalContext().getNativeResponse()), "InvalidAuthenticationContext");
    }

    @Test
    public void givenFailedGSSContextAcceptorInstantiation_continueSPNEGO_shouldReturnAuthenticationException() throws Exception {
        final GSSException gSSException = new GSSException(0);
        SPNEGOAuthnController sPNEGOAuthnController = new SPNEGOAuthnController() { // from class: net.shibboleth.idp.authn.spnego.impl.SPNEGOAuthnControllerTest.2
            @Nonnull
            protected GSSContextAcceptor createGSSContextAcceptor(@Nonnull SPNEGOContext sPNEGOContext) throws GSSException {
                throw gSSException;
            }
        };
        RequestContext buildKerberosContextRequestContext = buildKerberosContextRequestContext();
        ModelAndView continueSPNEGO = sPNEGOAuthnController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildKerberosContextRequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildKerberosContextRequestContext.getExternalContext().getNativeResponse());
        Assert.assertSame(((Exception) ((ServletRequest) buildKerberosContextRequestContext.getExternalContext().getNativeRequest()).getAttribute("authnException")).getCause(), gSSException);
        assertAuthenticationExceptionCause(buildKerberosContextRequestContext, continueSPNEGO, GSSException.class);
    }

    @Test
    public void givenSuccessfulGSSContextAcceptorInstantiation_continueSPNEGO_shouldHaveSetAcceptorInSPNEGOContext() throws Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(false);
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse());
        AuthenticationContext subcontext = ((BaseContext) buildSPNEGORequestContext.getConversationScope().get("opensamlProfileRequestContext")).getSubcontext(AuthenticationContext.class);
        SPNEGOContext sPNEGOContext = subcontext != null ? (SPNEGOContext) subcontext.getSubcontext(SPNEGOContext.class) : null;
        if (!$assertionsDisabled && sPNEGOContext == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(sPNEGOContext.getContextAcceptor(), this.mockGSSContextAcceptor);
    }

    @Test
    public void givenHeaderAuthorizationNegotiate_withNTLMdata_continueSPNEGO_shouldReturnAuthenticationError() throws Exception {
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NTLMSSP_HEADER_DATA);
        assertAuthenticationError(buildSPNEGORequestContext, this.controller.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NTLMSSP_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse()), "NTLMUnsupported");
    }

    @Test
    public void whenAcceptSecContextThrowsException_continueSPNEGO_shouldReturnAuthenticationException() throws Exception {
        RuntimeException runtimeException = new RuntimeException();
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenThrow(new Throwable[]{runtimeException});
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        ModelAndView continueSPNEGO = this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse());
        Assert.assertSame(((Exception) ((HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest()).getAttribute("authnException")).getCause(), runtimeException);
        assertAuthenticationExceptionCause(buildSPNEGORequestContext, continueSPNEGO, RuntimeException.class);
    }

    @Test
    public void withoutGSSContext_continueSPNEGO_shouldReturnModelAndView() throws Exception {
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn((Object) null);
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        assertModelAndView(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "", (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse()), buildSPNEGORequestContext);
    }

    @Test
    public void withoutGSSContext_continueSPNEGO_shouldReplyUnauthorizedNegotiate() throws Exception {
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn((Object) null);
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse());
        assertResponseUnauthorizedNegotiate(buildSPNEGORequestContext, Base64Support.encode("tokenBytes".getBytes(), false));
    }

    @Test
    public void givenGSSContextNotEstablished_continueSPNEGO_shouldReturnModelAndView() throws Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(false);
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        assertModelAndView(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "", (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse()), buildSPNEGORequestContext);
    }

    @Test
    public void givenGSSContextNotEstablished_continueSPNEGO_shouldReplyUnauthorizedNegotiate() throws Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(false);
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse());
        assertResponseUnauthorizedNegotiate(buildSPNEGORequestContext, Base64Support.encode("tokenBytes".getBytes(), false));
    }

    @Test
    public void givenGSSContextEstablished_andGSSException_continueSPNEGO_shouldReturnAuthenticationError() throws Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Throwable gSSException = new GSSException(0);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenThrow(new Throwable[]{gSSException});
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        ModelAndView continueSPNEGO = this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse());
        Assert.assertSame(((Exception) ((HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest()).getAttribute("authnException")).getCause(), gSSException);
        assertAuthenticationExceptionCause(buildSPNEGORequestContext, continueSPNEGO, GSSException.class);
    }

    @Test
    public void givenGSSContextEstablished_continueSPNEGO_shouldReturnNull() throws Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        GSSName gSSName = (GSSName) Mockito.mock(GSSName.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenReturn(gSSName);
        Mockito.when(gSSName.toString()).thenReturn("testname@realm");
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        Assert.assertNull(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse()));
    }

    @Test
    public void givenGSSContextEstablished_continueSPNEGO_shouldSetAuthenticationSubjectAttribute() throws Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        GSSName gSSName = (GSSName) Mockito.mock(GSSName.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenReturn(gSSName);
        Mockito.when(gSSName.toString()).thenReturn("testname@realm");
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse());
        Subject subject = (Subject) ((HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest()).getAttribute("subject");
        Assert.assertEquals(subject.getClass(), Subject.class);
        Assert.assertTrue(subject.getPrincipals(KerberosPrincipal.class).contains(new KerberosPrincipal("testname@realm")));
        Assert.assertTrue(subject.getPrincipals(UsernamePrincipal.class).contains(new UsernamePrincipal("testname@realm")));
    }

    @Test
    public void givenGSSContextEstablishedButNoGSSNameIsNull_continueSPNEGO_shouldSetAuthenticationSubjectAttribute() throws Exception {
        GSSContext gSSContext = (GSSContext) Mockito.mock(GSSContext.class);
        Mockito.when(this.mockGSSContextAcceptor.acceptSecContext((byte[]) ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn("tokenBytes".getBytes());
        Mockito.when(this.mockGSSContextAcceptor.getContext()).thenReturn(gSSContext);
        Mockito.when(Boolean.valueOf(gSSContext.isEstablished())).thenReturn(true);
        Mockito.when(gSSContext.getSrcName()).thenReturn((Object) null);
        RequestContext buildSPNEGORequestContext = buildSPNEGORequestContext(NEGOTIATE_HEADER_DATA);
        Assert.assertNull(this.mockedGSSController.continueSPNEGO(TEST_CONVERSATION_KEY, "Negotiate " + NEGOTIATE_HEADER_DATA, (HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest(), (HttpServletResponse) buildSPNEGORequestContext.getExternalContext().getNativeResponse()));
        Assert.assertEquals(((HttpServletRequest) buildSPNEGORequestContext.getExternalContext().getNativeRequest()).getAttribute("authnException").getClass(), ExternalAuthenticationException.class);
    }

    private RequestContext buildSPNEGORequestContext(String str) throws ComponentInitializationException {
        RequestContext buildKerberosContextRequestContext = buildKerberosContextRequestContext();
        ((MockHttpServletRequest) buildKerberosContextRequestContext.getExternalContext().getNativeRequest()).addHeader("Authorization", "Negotiate " + str);
        return buildKerberosContextRequestContext;
    }

    private RequestContext buildKerberosContextRequestContext() throws ComponentInitializationException {
        RequestContext buildConversationRequestContext = buildConversationRequestContext(TEST_CONVERSATION_KEY);
        buildKerberosProfileRequestContext(buildConversationRequestContext);
        return buildConversationRequestContext;
    }

    private ProfileRequestContext buildKerberosProfileRequestContext(RequestContext requestContext) {
        ProfileRequestContext profileRequestContext = (ProfileRequestContext) requestContext.getConversationScope().get("opensamlProfileRequestContext");
        AuthenticationContext subcontext = profileRequestContext.getSubcontext(AuthenticationContext.class);
        SPNEGOContext sPNEGOContext = new SPNEGOContext();
        KerberosSettings kerberosSettings = new KerberosSettings();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new KerberosRealmSettings());
        kerberosSettings.setRealms(arrayList);
        sPNEGOContext.setKerberosSettings(kerberosSettings);
        if (!$assertionsDisabled && subcontext == null) {
            throw new AssertionError();
        }
        subcontext.addSubcontext(sPNEGOContext);
        return profileRequestContext;
    }

    private RequestContext buildConversationRequestContext(String str) throws ComponentInitializationException {
        RequestContext buildRequestContext = new RequestContextBuilder().buildRequestContext();
        if (str != null) {
            ((MockHttpServletRequest) buildRequestContext.getExternalContext().getNativeRequest()).addParameter("conversation", str);
        }
        ProfileRequestContext profileRequestContext = (ProfileRequestContext) buildRequestContext.getConversationScope().get("opensamlProfileRequestContext");
        ((MockServletContext) buildRequestContext.getExternalContext().getNativeContext()).setAttribute("net.shibboleth.idp.flowExecutor", profileRequestContext);
        AuthenticationContext ensureSubcontext = profileRequestContext.ensureSubcontext(AuthenticationContext.class);
        if (!$assertionsDisabled && ensureSubcontext == null) {
            throw new AssertionError();
        }
        ensureSubcontext.setAttemptedFlow(new AuthenticationFlowDescriptor());
        ensureSubcontext.addSubcontext(new ExternalAuthenticationContext(new ExternalAuthenticationImpl())).setFlowExecutionUrl("foo");
        return buildRequestContext;
    }

    private void assertAuthenticationError(RequestContext requestContext, ModelAndView modelAndView, String str) {
        Assert.assertNull(modelAndView);
        Assert.assertEquals(((ServletRequest) requestContext.getExternalContext().getNativeRequest()).getAttribute("authnError").toString(), str);
    }

    private void assertAuthenticationExceptionCause(RequestContext requestContext, ModelAndView modelAndView, Class<?> cls) {
        Assert.assertNull(modelAndView);
        Assert.assertEquals(((Exception) ((ServletRequest) requestContext.getExternalContext().getNativeRequest()).getAttribute("authnException")).getCause().getClass(), cls);
    }

    private void assertModelAndView(ModelAndView modelAndView, RequestContext requestContext) {
        Assert.assertEquals(modelAndView.getViewName(), "spnego-unavailable");
        Map model = modelAndView.getModel();
        Assert.assertTrue(model.containsKey("encoder"), "Model doesn't contain \"encoder\"");
        Assert.assertEquals(model.get("encoder").getClass(), Class.class);
        Assert.assertTrue(model.containsKey("errorUrl"), "Model doesn't contain \"errorUrl\"");
        Assert.assertEquals(model.get("errorUrl").getClass(), String.class);
        if (((HttpServletRequest) requestContext.getExternalContext().getNativeRequest()).getQueryString() != null) {
            Assert.assertTrue(((String) model.get("errorUrl")).endsWith("/error?" + ((HttpServletRequest) requestContext.getExternalContext().getNativeRequest()).getQueryString()));
        } else {
            Assert.assertTrue(((String) model.get("errorUrl")).endsWith("/error"));
        }
        Assert.assertTrue(model.containsKey("request"), "Model doesn't contain \"request\"");
        Assert.assertTrue(model.get("request") instanceof HttpServletRequest);
    }

    private void assertResponseUnauthorizedNegotiate(RequestContext requestContext) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) requestContext.getExternalContext().getNativeResponse();
        Assert.assertEquals(httpServletResponse.getStatus(), 401);
        Assert.assertEquals(httpServletResponse.getHeader("WWW-Authenticate"), "Negotiate");
    }

    private void assertResponseUnauthorizedNegotiate(RequestContext requestContext, String str) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) requestContext.getExternalContext().getNativeResponse();
        Assert.assertEquals(httpServletResponse.getStatus(), 401);
        Assert.assertEquals(httpServletResponse.getHeader("WWW-Authenticate"), "Negotiate " + str);
    }

    static {
        $assertionsDisabled = !SPNEGOAuthnControllerTest.class.desiredAssertionStatus();
    }
}
