package net.shibboleth.idp.test.flows.cas;

import javax.annotation.Nonnull;
import net.shibboleth.idp.attribute.context.AttributeContext;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.cas.ticket.ServiceTicket;
import net.shibboleth.idp.cas.ticket.TicketService;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.SessionManager;
import net.shibboleth.idp.test.flows.AbstractFlowTest;
import org.joda.time.DateTime;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.execution.FlowExecutionOutcome;
import org.springframework.webflow.executor.FlowExecutionResult;
import org.testng.Assert;
import org.testng.annotations.Test;

@ContextConfiguration(locations = {"/test/test-cas-beans.xml"})
/* loaded from: input_file:net/shibboleth/idp/test/flows/cas/SamlValidateFlowTest.class */
public class SamlValidateFlowTest extends AbstractFlowTest {

    @Nonnull
    private static String FLOW_ID = "cas/samlValidate";
    private static final String SAML_REQUEST_TEMPLATE = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" MajorVersion=\"1\" MinorVersion=\"1\" RequestID=\"_192.168.16.51.1024506224022\" IssueInstant=\"2002-06-19T17:03:44.022Z\"><samlp:AssertionArtifact>@@TICKET@@</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>";

    @Autowired
    private TicketService ticketService;

    @Autowired
    private SessionManager sessionManager;

    @Test
    public void testSuccess() throws Exception {
        IdPSession createSession = this.sessionManager.createSession("john");
        createSession.addAuthenticationResult(new AuthenticationResult("authn/Password", new UsernamePrincipal("john")));
        ServiceTicket createServiceTicket = this.ticketService.createServiceTicket("ST-1415133132-ompog68ygxKyX9BPwPuw0hESQBjuA", DateTime.now().plusSeconds(5).toInstant(), createSession.getId(), "https://test.example.org/", false);
        String replace = SAML_REQUEST_TEMPLATE.replace("@@TICKET@@", createServiceTicket.getId());
        this.request.setMethod("POST");
        this.request.setContent(replace.getBytes("UTF-8"));
        this.externalContext.getMockRequestParameterMap().put("TARGET", createServiceTicket.getService());
        overrideEndStateOutput(FLOW_ID, "ValidateSuccess");
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        String contentAsString = this.response.getContentAsString();
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(outcome.getId(), "ValidateSuccess");
        Assert.assertTrue(contentAsString.contains("<saml1p:StatusCode Value=\"saml1p:Success\"/>"));
        Assert.assertTrue(contentAsString.contains("<saml1:NameIdentifier>john</saml1:NameIdentifier>"));
        Assert.assertTrue(contentAsString.contains("<saml1:NameIdentifier>john</saml1:NameIdentifier>"));
        Assert.assertTrue(contentAsString.contains("<saml1:Attribute AttributeName=\"uid\" AttributeNamespace=\"http://www.ja-sig.org/products/cas/\"><saml1:AttributeValue xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xsd:string\">john</saml1:AttributeValue></saml1:Attribute>"));
        Assert.assertTrue(contentAsString.contains("<saml1:Attribute AttributeName=\"mail\" AttributeNamespace=\"http://www.ja-sig.org/products/cas/\"><saml1:AttributeValue xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xsd:string\">john@example.org</saml1:AttributeValue></saml1:Attribute>"));
        Assert.assertTrue(contentAsString.contains("<saml1:Attribute AttributeName=\"eduPersonPrincipalName\" AttributeNamespace=\"http://www.ja-sig.org/products/cas/\"><saml1:AttributeValue xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xsd:string\">john</saml1:AttributeValue></saml1:Attribute>"));
        assertPopulatedAttributeContext((ProfileRequestContext) outcome.getOutput().get(AbstractFlowTest.END_STATE_OUTPUT_ATTR_NAME));
    }

    @Test
    public void testFailureTicketExpired() throws Exception {
        String replace = SAML_REQUEST_TEMPLATE.replace("@@TICKET@@", "ST-123-abcdefg");
        this.request.setMethod("POST");
        this.request.setContent(replace.getBytes("UTF-8"));
        this.externalContext.getMockRequestParameterMap().put("TARGET", "https://test.example.org/");
        Assert.assertEquals(this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext).getOutcome().getId(), "ProtocolErrorView");
        String contentAsString = this.response.getContentAsString();
        Assert.assertTrue(contentAsString.contains("<saml1p:StatusCode Value=\"INVALID_TICKET\""));
        Assert.assertTrue(contentAsString.contains("<saml1p:StatusMessage>E_TICKET_EXPIRED</saml1p:StatusMessage>"));
    }

    @Test
    public void testFailureSessionExpired() throws Exception {
        ServiceTicket createServiceTicket = this.ticketService.createServiceTicket("ST-1415133227-o5ly5eArKccYkb2P+80uRE7Gq9xSAqWtOg", DateTime.now().plusSeconds(5).toInstant(), "No-Such-Session-Id", "https://test.example.org/", false);
        String replace = SAML_REQUEST_TEMPLATE.replace("@@TICKET@@", createServiceTicket.getId());
        this.request.setMethod("POST");
        this.request.setContent(replace.getBytes("UTF-8"));
        this.externalContext.getMockRequestParameterMap().put("TARGET", createServiceTicket.getService());
        Assert.assertEquals(this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext).getOutcome().getId(), "ProtocolErrorView");
        String contentAsString = this.response.getContentAsString();
        Assert.assertTrue(contentAsString.contains("<saml1p:StatusCode Value=\"INVALID_TICKET\""));
        Assert.assertTrue(contentAsString.contains("<saml1p:StatusMessage>E_SESSION_EXPIRED</saml1p:StatusMessage>"));
    }

    @Test
    public void testSuccessWhenResolveAttributesFalse() throws Exception {
        IdPSession createSession = this.sessionManager.createSession("john");
        createSession.addAuthenticationResult(new AuthenticationResult("authn/Password", new UsernamePrincipal("john")));
        ServiceTicket createServiceTicket = this.ticketService.createServiceTicket("ST-2718281828-ompog68ygxKyX9BPwPuw0hESQBjuA", DateTime.now().plusSeconds(5).toInstant(), createSession.getId(), "https://no-attrs.example.org/", false);
        String replace = SAML_REQUEST_TEMPLATE.replace("@@TICKET@@", createServiceTicket.getId());
        this.request.setMethod("POST");
        this.request.setContent(replace.getBytes("UTF-8"));
        this.externalContext.getMockRequestParameterMap().put("TARGET", createServiceTicket.getService());
        overrideEndStateOutput(FLOW_ID, "ValidateSuccess");
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        String contentAsString = this.response.getContentAsString();
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(outcome.getId(), "ValidateSuccess");
        Assert.assertTrue(contentAsString.contains("<saml1p:StatusCode Value=\"saml1p:Success\"/>"));
        Assert.assertTrue(contentAsString.contains("<saml1:NameIdentifier>john</saml1:NameIdentifier>"));
        Assert.assertTrue(contentAsString.contains("<saml1:NameIdentifier>john</saml1:NameIdentifier>"));
        Assert.assertTrue(contentAsString.contains("<saml1:Attribute AttributeName=\"uid\" AttributeNamespace=\"http://www.ja-sig.org/products/cas/\"><saml1:AttributeValue xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xsd:string\">john</saml1:AttributeValue></saml1:Attribute>"));
        Assert.assertTrue(contentAsString.contains("<saml1:Attribute AttributeName=\"mail\" AttributeNamespace=\"http://www.ja-sig.org/products/cas/\"><saml1:AttributeValue xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xsd:string\">john@example.org</saml1:AttributeValue></saml1:Attribute>"));
        Assert.assertTrue(contentAsString.contains("<saml1:Attribute AttributeName=\"eduPersonPrincipalName\" AttributeNamespace=\"http://www.ja-sig.org/products/cas/\"><saml1:AttributeValue xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xsd:string\">john</saml1:AttributeValue></saml1:Attribute>"));
        assertPopulatedAttributeContext((ProfileRequestContext) outcome.getOutput().get(AbstractFlowTest.END_STATE_OUTPUT_ATTR_NAME));
    }

    private void assertPopulatedAttributeContext(ProfileRequestContext profileRequestContext) {
        Assert.assertNotNull(profileRequestContext);
        RelyingPartyContext subcontext = profileRequestContext.getSubcontext(RelyingPartyContext.class, false);
        Assert.assertNotNull(subcontext);
        AttributeContext subcontext2 = subcontext.getSubcontext(AttributeContext.class, false);
        Assert.assertNotNull(subcontext2);
        Assert.assertFalse(subcontext2.getUnfilteredIdPAttributes().isEmpty());
    }
}
