package net.shibboleth.idp.saml.saml2.profile.config.navigate;

import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import javax.security.auth.Subject;
import net.shibboleth.idp.authn.AuthenticationResult;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.authn.principal.ProxyAuthenticationPrincipal;
import net.shibboleth.idp.profile.RequestContextBuilder;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.saml.saml2.profile.config.BrowserSSOProfileConfiguration;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.profile.context.ProfileRequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/saml/saml2/profile/config/navigate/ProxyRestrictionLookupFunctionTest.class */
public class ProxyRestrictionLookupFunctionTest extends OpenSAMLInitBaseTestCase {
    private ProfileRequestContext prc;
    private SubjectContext sc;
    private BrowserSSOProfileConfiguration config;
    private ProxyRestrictionLookupFunction fn;
    private Pair<Integer, Set<String>> result;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.prc = new RequestContextBuilder().setRelyingPartyProfileConfigurations(Collections.singletonList(new BrowserSSOProfileConfiguration())).buildProfileRequestContext();
        this.config = this.prc.getSubcontext(RelyingPartyContext.class).getConfiguration().getProfileConfiguration(this.prc, "http://shibboleth.net/ns/profiles/saml2/sso/browser");
        this.prc.getSubcontext(RelyingPartyContext.class).setProfileConfig(this.config);
        this.sc = this.prc.getSubcontext(SubjectContext.class, true);
        this.sc.getAuthenticationResults().put("test1", new AuthenticationResult("test1", new Subject()));
        this.sc.getAuthenticationResults().put("test2", new AuthenticationResult("test2", new Subject()));
        this.fn = new ProxyRestrictionLookupFunction();
    }

    @Test
    public void testNoPrincipals() {
        this.result = this.fn.apply(this.prc);
        Assert.assertNull(this.result.getFirst());
        Assert.assertTrue(((Set) this.result.getSecond()).isEmpty());
    }

    @Test
    public void testOneEmptyPrincipal() {
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test2")).getSubject().getPrincipals().add(new ProxyAuthenticationPrincipal());
        this.result = this.fn.apply(this.prc);
        Assert.assertNull(this.result.getFirst());
        Assert.assertTrue(((Set) this.result.getSecond()).isEmpty());
    }

    @Test
    public void testOneCount() {
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.setProxyCount(10);
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test2")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 9);
        Assert.assertTrue(((Set) this.result.getSecond()).isEmpty());
        proxyAuthenticationPrincipal.setProxyCount(1);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 0);
        proxyAuthenticationPrincipal.setProxyCount(0);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 0);
    }

    @Test
    public void testTwoCounts() {
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.setProxyCount(10);
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test1")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        Principal proxyAuthenticationPrincipal2 = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.setProxyCount(5);
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test2")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal2);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 4);
        Assert.assertTrue(((Set) this.result.getSecond()).isEmpty());
        proxyAuthenticationPrincipal.setProxyCount(1);
        proxyAuthenticationPrincipal2.setProxyCount(1);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 0);
        proxyAuthenticationPrincipal.setProxyCount(0);
        proxyAuthenticationPrincipal.setProxyCount(5);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 0);
    }

    @Test
    public void testOneAudienceSet() {
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.setProxyCount(10);
        proxyAuthenticationPrincipal.getAudiences().addAll(Set.of("foo", "bar"));
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test2")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 9);
        Assert.assertEquals((Set) this.result.getSecond(), Set.of("foo", "bar"));
    }

    @Test
    public void testTwoAudienceSets() {
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.setProxyCount(10);
        proxyAuthenticationPrincipal.getAudiences().addAll(Set.of("foo", "bar"));
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test1")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        Principal proxyAuthenticationPrincipal2 = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal2.getAudiences().addAll(Set.of("foo", "bar"));
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test2")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal2);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 9);
        Assert.assertEquals((Set) this.result.getSecond(), Set.of("foo", "bar"));
        proxyAuthenticationPrincipal.getAudiences().clear();
        proxyAuthenticationPrincipal.getAudiences().add("bar");
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals((Set) this.result.getSecond(), Set.of("bar"));
        proxyAuthenticationPrincipal2.getAudiences().clear();
        proxyAuthenticationPrincipal2.getAudiences().add("foo");
        this.result = this.fn.apply(this.prc);
        Assert.assertTrue(((Set) this.result.getSecond()).isEmpty());
    }

    @Test
    public void testConfigOnly() {
        this.config.setProxyCount(5);
        this.config.setProxyAudiences(Set.of("foo", "bar"));
        this.prc.removeSubcontext(this.sc);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 5);
        Assert.assertEquals((Set) this.result.getSecond(), Set.of("foo", "bar"));
    }

    @Test
    public void testJointCount() {
        this.config.setProxyCount(5);
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.setProxyCount(10);
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test1")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        Principal proxyAuthenticationPrincipal2 = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.setProxyCount(5);
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test2")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal2);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 4);
        Assert.assertTrue(((Set) this.result.getSecond()).isEmpty());
        this.config.setProxyCount(1);
        proxyAuthenticationPrincipal.setProxyCount(1);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 0);
        this.config.setProxyCount(0);
        proxyAuthenticationPrincipal.setProxyCount(3);
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals(this.result.getFirst(), 0);
    }

    @Test
    public void testJointAudiences() {
        this.config.setProxyAudiences(Set.of("foo", "bar"));
        Principal proxyAuthenticationPrincipal = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal.getAudiences().addAll(Set.of("foo", "bar"));
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test1")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal);
        Principal proxyAuthenticationPrincipal2 = new ProxyAuthenticationPrincipal();
        proxyAuthenticationPrincipal2.getAudiences().addAll(Set.of("foo", "bar"));
        ((AuthenticationResult) this.sc.getAuthenticationResults().get("test2")).getSubject().getPrincipals().add(proxyAuthenticationPrincipal2);
        this.result = this.fn.apply(this.prc);
        Assert.assertNull(this.result.getFirst());
        Assert.assertEquals((Set) this.result.getSecond(), Set.of("foo", "bar"));
        this.config.setProxyAudiences(Set.of("foo", "baz"));
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals((Set) this.result.getSecond(), Set.of("foo"));
        proxyAuthenticationPrincipal2.getAudiences().clear();
        proxyAuthenticationPrincipal2.getAudiences().addAll(Set.of("foo", "bar", "baz"));
        this.result = this.fn.apply(this.prc);
        Assert.assertEquals((Set) this.result.getSecond(), Set.of("foo"));
        proxyAuthenticationPrincipal.getAudiences().clear();
        proxyAuthenticationPrincipal.getAudiences().add("bar");
        this.result = this.fn.apply(this.prc);
        Assert.assertTrue(((Set) this.result.getSecond()).isEmpty());
        Assert.assertEquals(this.result.getFirst(), 0);
    }
}
