package net.shibboleth.idp.test.flows.saml2;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.test.flows.AbstractFlowTest;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.impl.XSAnyBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml1.core.AttributeValue;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Status;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.core.impl.AttributeBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.testng.Assert;

/* loaded from: input_file:net/shibboleth/idp/test/flows/saml2/SAML2TestResponseValidator.class */
public class SAML2TestResponseValidator {

    @Nullable
    public Credential spCredential;

    @Nonnull
    public List<Attribute> expectedAttributes;

    @Nonnull
    public List<Attribute> expectedDesignatedAttributes;

    @Nonnull
    public Attribute uidAttribute;

    @Nonnull
    public Attribute eppnAttribute;

    @Nonnull
    public Attribute mailAttribute;

    @Nonnull
    public Attribute eduPersonScopedAffiliationAttribute;

    @Nonnull
    public String idpEntityID = AbstractFlowTest.IDP_ENTITY_ID;

    @Nonnull
    public String spEntityID = AbstractFlowTest.SP_ENTITY_ID;

    @Nonnull
    public String authnContextClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password";

    @Nonnull
    protected String statusCode = "urn:oasis:names:tc:SAML:2.0:status:Success";

    @Nonnull
    protected String statusCodeNested = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied";

    @Nonnull
    protected String statusMessage = "An error occurred.";

    @Nonnull
    public String subjectConfirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer";

    @Nonnull
    public boolean validateAuthnStatements = true;

    @Nonnull
    public boolean validateSubjectConfirmationData = true;
    public boolean usedAttributeDesignators = false;

    @Nonnull
    public NameID nameID = new NameIDBuilder().buildObject();

    public SAML2TestResponseValidator() {
        this.nameID.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        this.nameID.setNameQualifier(this.idpEntityID);
        this.nameID.setSPNameQualifier(this.spEntityID);
        buildExpectedAttributes();
    }

    protected void buildExpectedAttributes() {
        AttributeBuilder attributeBuilder = new AttributeBuilder();
        this.uidAttribute = attributeBuilder.buildObject();
        this.uidAttribute.setName("urn:oid:0.9.2342.19200300.100.1.1");
        this.uidAttribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        this.uidAttribute.setFriendlyName("uid");
        XSAny buildObject = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
        buildObject.setTextContent("jdoe");
        this.uidAttribute.getAttributeValues().add(buildObject);
        this.eppnAttribute = attributeBuilder.buildObject();
        this.eppnAttribute.setName("urn:oid:1.3.6.1.4.1.5923.1.1.1.6");
        this.eppnAttribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        this.eppnAttribute.setFriendlyName("eduPersonPrincipalName");
        XSAny buildObject2 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
        buildObject2.setTextContent("jdoe@example.org");
        this.eppnAttribute.getAttributeValues().add(buildObject2);
        this.mailAttribute = attributeBuilder.buildObject();
        this.mailAttribute.setName("urn:oid:0.9.2342.19200300.100.1.3");
        this.mailAttribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        this.mailAttribute.setFriendlyName("mail");
        XSAny buildObject3 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
        buildObject3.setTextContent("jdoe@example.org");
        this.mailAttribute.getAttributeValues().add(buildObject3);
        this.eduPersonScopedAffiliationAttribute = attributeBuilder.buildObject();
        this.eduPersonScopedAffiliationAttribute.setName("urn:oid:1.3.6.1.4.1.5923.1.1.1.9");
        this.eduPersonScopedAffiliationAttribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        this.eduPersonScopedAffiliationAttribute.setFriendlyName("eduPersonScopedAffiliation");
        XSAny buildObject4 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
        buildObject4.setTextContent("member");
        this.eduPersonScopedAffiliationAttribute.getAttributeValues().add(buildObject4);
        this.expectedAttributes = new ArrayList();
        this.expectedAttributes.add(this.uidAttribute);
        this.expectedAttributes.add(this.mailAttribute);
        this.expectedAttributes.add(this.eppnAttribute);
        this.expectedAttributes.add(this.eduPersonScopedAffiliationAttribute);
        this.expectedDesignatedAttributes = new ArrayList();
        this.expectedDesignatedAttributes.add(this.mailAttribute);
    }

    private Assertion decryptAssertion(EncryptedAssertion encryptedAssertion) throws DecryptionException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new InlineEncryptedKeyResolver());
        arrayList.add(new EncryptedElementTypeEncryptedKeyResolver());
        return new Decrypter((KeyInfoCredentialResolver) null, new StaticKeyInfoCredentialResolver(this.spCredential), new ChainingEncryptedKeyResolver(arrayList)).decrypt(encryptedAssertion);
    }

    public void validateResponse(@Nullable Response response) {
        assertResponse(response);
        assertStatus(response.getStatus());
        if (this.statusCode != "urn:oasis:names:tc:SAML:2.0:status:Success") {
            return;
        }
        if (!response.getEncryptedAssertions().isEmpty()) {
            try {
                response.getAssertions().add(decryptAssertion((EncryptedAssertion) response.getEncryptedAssertions().get(0)));
                response.getEncryptedAssertions().clear();
            } catch (DecryptionException e) {
                Assert.fail(e.getMessage());
            }
        }
        List<Assertion> assertions = response.getAssertions();
        assertAssertions(assertions);
        Assertion assertion = assertions.get(0);
        assertAssertion(assertion);
        validateSubject(assertion.getSubject());
        validateConditions(assertion);
        if (this.validateAuthnStatements) {
            validateAuthnStatements(assertion);
        }
        validateAttributeStatements(assertion);
    }

    public void validateSubject(@Nullable Subject subject) {
        assertSubject(subject);
        assertNameID(subject.getNameID());
        assertSubjectConfirmations(subject.getSubjectConfirmations());
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subject.getSubjectConfirmations().get(0);
        assertSubjectConfirmation(subjectConfirmation);
        assertSubjectConfirmationMethod(subjectConfirmation);
        if (this.validateSubjectConfirmationData) {
            assertSubjectConfirmationData(subjectConfirmation.getSubjectConfirmationData());
        }
    }

    public void validateConditions(@Nullable Assertion assertion) {
        Assert.assertNotNull(assertion);
        Conditions conditions = assertion.getConditions();
        assertConditions(conditions);
        List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
        assertAudienceRestrictions(audienceRestrictions);
        assertAudienceRestriction(audienceRestrictions.get(0));
    }

    public void validateAuthnStatements(@Nullable Assertion assertion) {
        Assert.assertNotNull(assertion);
        List<AuthnStatement> authnStatements = assertion.getAuthnStatements();
        assertAuthnStatements(authnStatements);
        AuthnStatement authnStatement = authnStatements.get(0);
        assertAuthnStatement(authnStatement);
        assertAuthnContextClassRef(authnStatement.getAuthnContext().getAuthnContextClassRef());
    }

    public void validateAttributeStatements(@Nullable Assertion assertion) {
        Assert.assertNotNull(assertion);
        List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
        assertAttributeStatements(attributeStatements);
        AttributeStatement attributeStatement = attributeStatements.get(0);
        assertAttributeStatement(attributeStatement);
        assertAttributes(attributeStatement.getAttributes());
    }

    public void assertResponse(@Nullable Response response) {
        Assert.assertNotNull(response);
        Assert.assertNotNull(response.getID());
        Assert.assertFalse(response.getID().isEmpty());
        Assert.assertNotNull(response.getIssueInstant());
        Assert.assertEquals(response.getVersion(), SAMLVersion.VERSION_20);
        Assert.assertEquals(response.getIssuer().getValue(), this.idpEntityID);
    }

    public void assertStatus(@Nullable Status status) {
        Assert.assertNotNull(status);
        Assert.assertNotNull(status.getStatusCode());
        Assert.assertEquals(status.getStatusCode().getValue(), this.statusCode);
        if (this.statusCode != "urn:oasis:names:tc:SAML:2.0:status:Success") {
            Assert.assertEquals(status.getStatusMessage().getMessage(), this.statusMessage);
            Assert.assertEquals(status.getStatusCode().getStatusCode().getValue(), this.statusCodeNested);
        }
    }

    public void assertAssertions(@Nullable List<Assertion> list) {
        Assert.assertNotNull(list);
        Assert.assertFalse(list.isEmpty());
        Assert.assertEquals(list.size(), 1);
        Assert.assertNotNull(list.get(0));
    }

    public void assertAssertion(@Nullable Assertion assertion) {
        Assert.assertNotNull(assertion);
        Assert.assertNotNull(assertion.getID());
        Assert.assertFalse(assertion.getID().isEmpty());
        Assert.assertNotNull(assertion.getIssueInstant());
        Assert.assertEquals(assertion.getVersion(), SAMLVersion.VERSION_20);
        Assert.assertEquals(assertion.getIssuer().getValue(), this.idpEntityID);
    }

    public void assertSubject(@Nullable Subject subject) {
        Assert.assertNotNull(subject);
        Assert.assertNotNull(subject.getNameID());
        Assert.assertNotNull(subject.getSubjectConfirmations());
    }

    public void assertSubjectConfirmations(@Nullable List<SubjectConfirmation> list) {
        Assert.assertNotNull(list);
        Assert.assertEquals(list.size(), 1);
    }

    public void assertSubjectConfirmation(@Nullable SubjectConfirmation subjectConfirmation) {
        Assert.assertNotNull(subjectConfirmation);
        Assert.assertNotNull(subjectConfirmation.getMethod());
    }

    public void assertSubjectConfirmationMethod(@Nullable SubjectConfirmation subjectConfirmation) {
        Assert.assertEquals(subjectConfirmation.getMethod(), this.subjectConfirmationMethod);
    }

    public void assertSubjectConfirmationData(@Nullable SubjectConfirmationData subjectConfirmationData) {
        Assert.assertEquals(subjectConfirmationData.getAddress(), "127.0.0.1");
        Assert.assertNotNull(subjectConfirmationData.getNotOnOrAfter());
        Assert.assertNotNull(subjectConfirmationData.getRecipient());
        Assert.assertFalse(subjectConfirmationData.getRecipient().isEmpty());
    }

    public void assertNameID(@Nullable NameID nameID) {
        Assert.assertNotNull(nameID);
        Assert.assertNotNull(nameID.getValue());
        if (this.nameID.getFormat() != null && !this.nameID.getFormat().equals("urn:oasis:names:tc:SAML:2.0:nameid-format:transient")) {
            Assert.assertEquals(nameID.getValue(), this.nameID.getValue());
        }
        Assert.assertEquals(nameID.getFormat(), this.nameID.getFormat());
        Assert.assertEquals(nameID.getNameQualifier(), this.nameID.getNameQualifier());
        Assert.assertEquals(nameID.getSPNameQualifier(), this.nameID.getSPNameQualifier());
    }

    public void assertConditions(@Nullable Conditions conditions) {
        Assert.assertNotNull(conditions);
        Assert.assertNotNull(conditions.getNotBefore());
        Assert.assertNotNull(conditions.getNotOnOrAfter());
    }

    public void assertAudienceRestrictions(@Nullable List<AudienceRestriction> list) {
        Assert.assertNotNull(list);
        Assert.assertEquals(list.size(), 1);
    }

    public void assertAudienceRestriction(@Nullable AudienceRestriction audienceRestriction) {
        Assert.assertNotNull(audienceRestriction);
        List audiences = audienceRestriction.getAudiences();
        Assert.assertEquals(audiences.size(), 1);
        Assert.assertEquals(((Audience) audiences.get(0)).getAudienceURI(), AbstractFlowTest.SP_ENTITY_ID);
    }

    public void assertAuthnStatements(@Nullable List<AuthnStatement> list) {
        Assert.assertNotNull(list);
        Assert.assertEquals(list.size(), 1);
        Assert.assertNotNull(list.get(0));
    }

    public void assertAuthnStatement(@Nonnull AuthnStatement authnStatement) {
        Assert.assertNotNull(authnStatement);
        Assert.assertNotNull(authnStatement.getAuthnInstant());
        Assert.assertNotNull(authnStatement.getAuthnContext());
        Assert.assertNotNull(authnStatement.getAuthnContext().getAuthnContextClassRef());
    }

    public void assertAuthnContextClassRef(@Nullable AuthnContextClassRef authnContextClassRef) {
        Assert.assertEquals(authnContextClassRef.getAuthnContextClassRef(), this.authnContextClassRef);
    }

    public void assertAttributeStatements(@Nullable List<AttributeStatement> list) {
        Assert.assertNotNull(list);
        Assert.assertFalse(list.isEmpty());
        Assert.assertEquals(list.size(), 1);
        Assert.assertNotNull(list.get(0));
    }

    public void assertAttributeStatement(@Nullable AttributeStatement attributeStatement) {
        Assert.assertNotNull(attributeStatement);
        Assert.assertNotNull(attributeStatement.getAttributes());
    }

    public void assertAttributes(@Nullable List<Attribute> list) {
        Assert.assertNotNull(list);
        Assert.assertFalse(list.isEmpty());
        Assert.assertEquals(list.size(), this.usedAttributeDesignators ? this.expectedDesignatedAttributes.size() : this.expectedAttributes.size());
        HashMap hashMap = new HashMap();
        for (Attribute attribute : list) {
            hashMap.put(attribute.getName(), attribute);
        }
        int i = 0;
        while (true) {
            if (i >= (this.usedAttributeDesignators ? this.expectedDesignatedAttributes.size() : this.expectedAttributes.size())) {
                return;
            }
            Attribute attribute2 = this.usedAttributeDesignators ? this.expectedDesignatedAttributes.get(i) : this.expectedAttributes.get(i);
            Attribute attribute3 = (Attribute) hashMap.get(attribute2.getName());
            Assert.assertNotNull(attribute3);
            assertAttributeName(attribute3, attribute2.getName(), attribute2.getNameFormat(), attribute2.getFriendlyName());
            assertAttributeValue(attribute3, ((XSAny) attribute2.getAttributeValues().get(0)).getTextContent());
            i++;
        }
    }

    public void assertAttributeName(@Nullable Attribute attribute, @Nonnull String str, @Nonnull String str2, @Nonnull String str3) {
        Assert.assertNotNull(attribute);
        Assert.assertEquals(attribute.getName(), str);
        Assert.assertEquals(attribute.getNameFormat(), str2);
        Assert.assertEquals(attribute.getFriendlyName(), str3);
    }

    public void assertAttributeValue(@Nullable Attribute attribute, @Nonnull String str) {
        Assert.assertEquals(attribute.getAttributeValues().size(), 1);
        Assert.assertTrue(attribute.getAttributeValues().get(0) instanceof XSAny);
        Assert.assertEquals(((XSAny) attribute.getAttributeValues().get(0)).getTextContent(), str);
    }
}
