package net.shibboleth.idp.plugin.authn.duo.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.security.KeyStore;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.function.Consumer;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.SubjectCanonicalizationContext;
import net.shibboleth.idp.plugin.authn.duo.DuoOIDCClientFactory;
import net.shibboleth.idp.plugin.authn.spring.CustomAbstractXmlFlowExecutionTests;
import net.shibboleth.idp.profile.LogRuntimeException;
import net.shibboleth.idp.session.IdPSession;
import net.shibboleth.idp.session.context.SessionContext;
import net.shibboleth.idp.ui.context.RelyingPartyUIContext;
import net.shibboleth.profile.context.navigate.RelyingPartyIdLookupFunction;
import net.shibboleth.shared.annotation.constraint.NonnullElements;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.logic.FunctionSupport;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.security.impl.SecureRandomIdentifierGenerationStrategy;
import net.shibboleth.shared.servlet.impl.HttpServletRequestResponseContext;
import net.shibboleth.shared.servlet.impl.ThreadLocalHttpServletRequestSupplier;
import net.shibboleth.shared.servlet.impl.ThreadLocalHttpServletResponseSupplier;
import net.shibboleth.shared.spring.config.BooleanToPredicateConverter;
import net.shibboleth.shared.spring.config.IdentifiableBeanPostProcessor;
import net.shibboleth.shared.spring.config.StringBooleanToPredicateConverter;
import net.shibboleth.shared.spring.config.StringToDurationConverter;
import net.shibboleth.shared.spring.config.StringToIPRangeConverter;
import net.shibboleth.shared.spring.config.StringToResourceConverter;
import net.shibboleth.shared.spring.expression.SpringExpressionBiPredicate;
import net.shibboleth.shared.spring.resource.ConditionalResourceResolver;
import net.shibboleth.shared.spring.util.AnnotationParameterNameDiscoverer;
import org.apache.hc.client5.http.SchemePortResolver;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.client5.http.ssl.TrustAllStrategy;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.ssl.SSLContexts;
import org.mockito.Mockito;
import org.opensaml.messaging.context.navigate.ChildContextLookup;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.context.navigate.InboundMessageContextLookup;
import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext;
import org.slf4j.Logger;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.DefaultListableBeanFactory;
import org.springframework.beans.factory.xml.XmlBeanDefinitionReader;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.ConversionServiceFactoryBean;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.env.StandardEnvironment;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.Resource;
import org.springframework.core.io.support.EncodedResource;
import org.springframework.mock.env.MockPropertySource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.util.StringUtils;
import org.springframework.webflow.config.FlowDefinitionResource;
import org.springframework.webflow.config.FlowDefinitionResourceFactory;
import org.springframework.webflow.core.collection.AttributeMap;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.test.MockExternalContext;
import org.springframework.webflow.test.MockFlowBuilderContext;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/AbstractAuthnXmlFlowExecutionTests.class */
public abstract class AbstractAuthnXmlFlowExecutionTests extends CustomAbstractXmlFlowExecutionTests {
    protected MockHttpServletRequest mockRequest;
    protected MockHttpServletResponse mockResponse;
    protected MockExternalContext externalContext;

    @Nullable
    private String flowPath;

    @Nullable
    private DuoOIDCClientFactory clientFactory;

    @Nonnull
    private final String entityId;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(AbstractAuthnXmlFlowExecutionTests.class);

    @Nonnull
    private Map<String, String> flowModelResources = CollectionSupport.emptyMap();

    @Nonnull
    private List<Flow> subflows = CollectionSupport.emptyList();

    @Nonnull
    protected Map<String, String> mockProperties = CollectionSupport.emptyMap();
    private boolean removeDefaultContextCleanupHook = false;

    public AbstractAuthnXmlFlowExecutionTests(@Nonnull String str) {
        this.entityId = (String) Objects.requireNonNull(str);
    }

    public void setFlowModelResources(@Nonnull Map<String, String> map) {
        assertNotNull(map);
        this.flowModelResources = map;
    }

    public void setClientFactory(@Nonnull DuoOIDCClientFactory duoOIDCClientFactory) {
        assertNotNull(duoOIDCClientFactory);
        this.clientFactory = duoOIDCClientFactory;
    }

    public void setFlowPath(@Nonnull @NotEmpty String str) {
        assertNotNull(str);
        this.flowPath = str;
    }

    public void setMockProperties(@Nonnull Map<String, String> map) {
        assertNotNull(map);
        this.mockProperties = map;
    }

    public void setSubflows(@Nonnull @NonnullElements List<Flow> list) {
        assertNotNull(list);
        this.subflows = list;
    }

    public void addHttpBasicAuthHeader(@Nonnull String str, @Nonnull String str2) {
        assertNotNull(str);
        assertNotNull(str2);
        this.mockRequest.addHeader("Authorization", "Basic " + Base64.getEncoder().encodeToString((str + ":" + str2).getBytes()));
    }

    public void setUp() throws NoSuchFieldException, SecurityException, Exception {
        this.mockRequest = new MockHttpServletRequest();
        this.mockResponse = new MockHttpServletResponse();
        this.externalContext = new MockExternalContext();
        this.externalContext.setNativeRequest(this.mockRequest);
        this.externalContext.setNativeResponse(this.mockResponse);
        this.removeDefaultContextCleanupHook = false;
    }

    protected FlowDefinitionResource getResource(FlowDefinitionResourceFactory flowDefinitionResourceFactory) {
        return flowDefinitionResourceFactory.createClassPathResource(this.flowPath, getClass());
    }

    @Override // net.shibboleth.idp.plugin.authn.spring.CustomAbstractXmlFlowExecutionTests
    protected FlowDefinitionResource[] getModelResources(FlowDefinitionResourceFactory flowDefinitionResourceFactory) {
        if (this.flowModelResources.isEmpty()) {
            return null;
        }
        FlowDefinitionResource[] flowDefinitionResourceArr = new FlowDefinitionResource[this.flowModelResources.size()];
        int i = 0;
        for (Map.Entry<String, String> entry : this.flowModelResources.entrySet()) {
            int i2 = i;
            i++;
            flowDefinitionResourceArr[i2] = flowDefinitionResourceFactory.createResource(entry.getKey(), (AttributeMap) null, entry.getValue());
        }
        return flowDefinitionResourceArr;
    }

    protected void configureFlowBuilderContext(MockFlowBuilderContext mockFlowBuilderContext) {
        registerMockBeanDefinitions(mockFlowBuilderContext);
        registerMockPropertySource(mockFlowBuilderContext);
        registerMockSubflows(mockFlowBuilderContext);
    }

    private void registerMockSubflows(@Nonnull MockFlowBuilderContext mockFlowBuilderContext) {
        assertNotNull(mockFlowBuilderContext);
        this.subflows.forEach(flow -> {
            mockFlowBuilderContext.registerSubflow(flow);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void loadBeanDefinitionsFromXmlFile(@Nonnull MockFlowBuilderContext mockFlowBuilderContext, @Nonnull Resource resource, @Nullable Map<String, String> map) {
        assertNotNull(mockFlowBuilderContext);
        assertTrue(resource.exists());
        assertTrue(mockFlowBuilderContext.getApplicationContext() instanceof ConfigurableApplicationContext);
        DefaultListableBeanFactory beanFactory = mockFlowBuilderContext.getApplicationContext().getBeanFactory();
        assertNotNull(beanFactory);
        assertTrue(beanFactory instanceof DefaultListableBeanFactory);
        XmlBeanDefinitionReader xmlBeanDefinitionReader = new XmlBeanDefinitionReader(beanFactory);
        beanFactory.addBeanPostProcessor(new IdentifiableBeanPostProcessor());
        beanFactory.setParameterNameDiscoverer(new AnnotationParameterNameDiscoverer());
        ConversionServiceFactoryBean conversionServiceFactoryBean = new ConversionServiceFactoryBean();
        conversionServiceFactoryBean.setConverters(createConverters());
        conversionServiceFactoryBean.afterPropertiesSet();
        beanFactory.setConversionService(conversionServiceFactoryBean.getObject());
        DefaultResourceLoader defaultResourceLoader = new DefaultResourceLoader();
        defaultResourceLoader.addProtocolResolver(new ConditionalResourceResolver());
        mockFlowBuilderContext.getApplicationContext().setResourceLoader(defaultResourceLoader);
        int loadBeanDefinitions = xmlBeanDefinitionReader.loadBeanDefinitions(new EncodedResource(resource, "UTF-8"));
        Properties properties = new Properties();
        properties.setProperty("idp.home", "classpath:");
        properties.setProperty("idp.entityID", this.entityId);
        properties.setProperty("idp.webflows", "classpath*:/flows");
        if (map != null) {
            map.forEach((str, str2) -> {
                this.log.debug("Adding property ['{}':'{}']", str, str2);
                properties.setProperty(str, str2);
            });
        }
        PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer = new PropertySourcesPlaceholderConfigurer();
        propertySourcesPlaceholderConfigurer.setProperties(properties);
        propertySourcesPlaceholderConfigurer.setPlaceholderPrefix("%{");
        propertySourcesPlaceholderConfigurer.setPlaceholderSuffix("}");
        propertySourcesPlaceholderConfigurer.postProcessBeanFactory(beanFactory);
        this.log.info("Loaded {} beans from {}", Integer.valueOf(loadBeanDefinitions), resource);
    }

    private Set<Converter<?, ?>> createConverters() {
        return Set.of(new StringToDurationConverter(), new StringToResourceConverter(), new StringToIPRangeConverter(), new BooleanToPredicateConverter(), new StringBooleanToPredicateConverter(), new StringToResourceConverter());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void registerMockBeanDefinitions(@Nonnull MockFlowBuilderContext mockFlowBuilderContext) {
        mockFlowBuilderContext.registerBean("shibboleth.DefaultIdentifierGenerationStrategy", new SecureRandomIdentifierGenerationStrategy());
        HttpServletRequestResponseContext.loadCurrent(this.mockRequest, this.mockResponse);
        mockFlowBuilderContext.registerBean("shibboleth.PostLoginSubjectCanonicalizationFlows", Collections.emptyList());
        mockFlowBuilderContext.registerBean("shibboleth.JSONObjectMapper", new ObjectMapper());
        ConversionServiceFactoryBean conversionServiceFactoryBean = new ConversionServiceFactoryBean();
        conversionServiceFactoryBean.setConverters(createConverters());
        conversionServiceFactoryBean.afterPropertiesSet();
        mockFlowBuilderContext.registerBean("conversionService", conversionServiceFactoryBean.getObject());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.RelyingPartyIdLookup.Simple", BeanDefinitionBuilder.genericBeanDefinition(RelyingPartyIdLookupFunction.class).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.MessageContextLookup.Inbound", BeanDefinitionBuilder.genericBeanDefinition(InboundMessageContextLookup.class).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.ChildLookup.SessionContext", BeanDefinitionBuilder.genericBeanDefinition(ChildContextLookup.class).addConstructorArgValue(SessionContext.class).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.ChildLookupOrCreate.SAMLMessageInfoContext", BeanDefinitionBuilder.genericBeanDefinition(ChildContextLookup.class).addConstructorArgValue(SAMLMessageInfoContext.class).addConstructorArgValue(true).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.HttpServletRequestSupplier", BeanDefinitionBuilder.genericBeanDefinition(ThreadLocalHttpServletRequestSupplier.class).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.HttpServletResponseSupplier", BeanDefinitionBuilder.genericBeanDefinition(ThreadLocalHttpServletResponseSupplier.class).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.Functions.Constant", BeanDefinitionBuilder.genericBeanDefinition(FunctionSupport.class).setFactoryMethod("constant").setAbstract(true).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.BiConditions.Expression", BeanDefinitionBuilder.genericBeanDefinition(SpringExpressionBiPredicate.class).setAbstract(true).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.CommaDelimStringArray", BeanDefinitionBuilder.genericBeanDefinition(StringUtils.class).setFactoryMethod("commaDelimitedListToStringArray").setAbstract(true).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "LogRuntimeException", BeanDefinitionBuilder.genericBeanDefinition(LogRuntimeException.class).getBeanDefinition());
        if (this.clientFactory != null) {
            mockFlowBuilderContext.registerBean("shibboleth.authn.DuoOIDC.test.clientFactory", this.clientFactory);
        }
        if (isRemoveDefaultContextCleanupHook()) {
            mockFlowBuilderContext.registerBean("shibboleth.authn.DuoOIDC.CleanUpHook", new Consumer<ProfileRequestContext>() { // from class: net.shibboleth.idp.plugin.authn.duo.impl.AbstractAuthnXmlFlowExecutionTests.1
                @Override // java.util.function.Consumer
                public void accept(ProfileRequestContext profileRequestContext) {
                }
            });
        }
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.Functions.Compose", BeanDefinitionBuilder.genericBeanDefinition(FunctionSupport.class).setFactoryMethod("compose").setAbstract(true).getBeanDefinition());
        addBeanDefinition(mockFlowBuilderContext, "shibboleth.ChildLookup.AuthenticationContext", BeanDefinitionBuilder.genericBeanDefinition(ChildContextLookup.class).addConstructorArgValue(AuthenticationContext.class).getBeanDefinition());
        try {
            addBeanSingleton(mockFlowBuilderContext, "shibboleth.InternalHttpClient", Constraint.isNotNull(HttpClients.custom().setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create().setSslContext(SSLContexts.custom().loadTrustMaterial((KeyStore) null, new TrustAllStrategy()).build()).build()).build()).setSchemePortResolver(new SchemePortResolver() { // from class: net.shibboleth.idp.plugin.authn.duo.impl.AbstractAuthnXmlFlowExecutionTests.2
                public int resolve(HttpHost httpHost) {
                    return 9191;
                }
            }).evictExpiredConnections().build(), "HttpClient can not be null"));
        } catch (Exception e) {
            this.log.error("Could not mock HTTP response", e);
        }
    }

    protected void addBeanSingleton(@Nonnull MockFlowBuilderContext mockFlowBuilderContext, @Nonnull String str, @Nonnull Object obj) {
        assertNotNull(mockFlowBuilderContext);
        assertNotNull(str);
        assertNotNull(obj);
        assertTrue(mockFlowBuilderContext.getApplicationContext() instanceof ConfigurableApplicationContext);
        DefaultListableBeanFactory beanFactory = mockFlowBuilderContext.getApplicationContext().getBeanFactory();
        assertNotNull(beanFactory);
        assertTrue(beanFactory instanceof DefaultListableBeanFactory);
        beanFactory.registerSingleton(str, obj);
    }

    private void addBeanDefinition(@Nonnull MockFlowBuilderContext mockFlowBuilderContext, @Nonnull String str, @Nonnull BeanDefinition beanDefinition) {
        assertNotNull(mockFlowBuilderContext);
        assertNotNull(str);
        assertNotNull(beanDefinition);
        assertTrue(mockFlowBuilderContext.getApplicationContext() instanceof ConfigurableApplicationContext);
        DefaultListableBeanFactory beanFactory = mockFlowBuilderContext.getApplicationContext().getBeanFactory();
        assertNotNull(beanFactory);
        assertTrue(beanFactory instanceof DefaultListableBeanFactory);
        beanFactory.registerBeanDefinition(str, beanDefinition);
    }

    private void registerMockPropertySource(@Nonnull MockFlowBuilderContext mockFlowBuilderContext) {
        assertNotNull(mockFlowBuilderContext);
        assertNotNull(mockFlowBuilderContext.getApplicationContext());
        assertNotNull(mockFlowBuilderContext.getApplicationContext().getEnvironment());
        assertTrue(mockFlowBuilderContext.getApplicationContext().getEnvironment() instanceof StandardEnvironment);
        MockPropertySource mockPropertySource = new MockPropertySource();
        mockPropertySource.setProperty("idp.home", "classpath:");
        mockPropertySource.setProperty("idp.webflows", "classpath*:/flows");
        this.mockProperties.forEach((str, str2) -> {
            mockPropertySource.setProperty(str, str2);
        });
        mockFlowBuilderContext.getApplicationContext().getEnvironment().getPropertySources().addFirst(mockPropertySource);
        mockFlowBuilderContext.getApplicationContext().getEnvironment().setPlaceholderPrefix("%{");
        mockFlowBuilderContext.getApplicationContext().getEnvironment().setPlaceholderSuffix("}");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public ProfileRequestContext buildProfileRequestContext(boolean z, boolean z2) {
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        AuthenticationContext authenticationContext = new AuthenticationContext();
        AuthenticationFlowDescriptor authenticationFlowDescriptor = new AuthenticationFlowDescriptor();
        authenticationFlowDescriptor.setId("authn/DuoOIDC");
        authenticationContext.setAttemptedFlow(authenticationFlowDescriptor);
        authenticationContext.addSubcontext(new RelyingPartyUIContext());
        authenticationContext.setForceAuthn(z);
        profileRequestContext.addSubcontext(authenticationContext);
        if (z2) {
            SubjectCanonicalizationContext subjectCanonicalizationContext = new SubjectCanonicalizationContext();
            subjectCanonicalizationContext.setPrincipalName("jdoe");
            profileRequestContext.addSubcontext(subjectCanonicalizationContext);
        }
        SessionContext sessionContext = new SessionContext();
        IdPSession idPSession = (IdPSession) Mockito.mock(IdPSession.class);
        Mockito.when(idPSession.getPrincipalName()).thenReturn("jdoe");
        sessionContext.setIdPSession(idPSession);
        profileRequestContext.addSubcontext(sessionContext);
        profileRequestContext.setBrowserProfile(true);
        return profileRequestContext;
    }

    protected boolean isRemoveDefaultContextCleanupHook() {
        return this.removeDefaultContextCleanupHook;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setRemoveDefaultContextCleanupHook(boolean z) {
        this.removeDefaultContextCleanupHook = z;
    }
}
