package net.shibboleth.idp.plugin.authn.oidc.rp.messaging.context.logic;

import net.shibboleth.idp.plugin.authn.oidc.rp.context.AbstractAuthenticatableOIDCContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.oidc.profile.config.impl.DefaultOIDCAuthorizationConfiguration;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/messaging/context/logic/RequiresSignatureVerificationPredicateTest.class */
public class RequiresSignatureVerificationPredicateTest {
    private RequiresSignatureVerificationPredicate predicate;
    private RelyingPartyContext rpc;
    private DefaultOIDCAuthorizationConfiguration config;
    private MessageContext msgCtx;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/messaging/context/logic/RequiresSignatureVerificationPredicateTest$MockAuthenticatableContext.class */
    public static class MockAuthenticatableContext extends AbstractAuthenticatableOIDCContext {
        private MockAuthenticatableContext(boolean z) {
            super.setAuthenticated(z);
        }
    }

    @BeforeMethod
    public void setup() {
        this.msgCtx = new MessageContext();
        new ProfileRequestContext().setInboundMessageContext(this.msgCtx);
        this.rpc = new RelyingPartyContext();
        this.config = new DefaultOIDCAuthorizationConfiguration();
        this.rpc.setProfileConfig(this.config);
    }

    @Test
    public void testSignatureVerificationRequired_TLSOnlyDisabled() {
        this.predicate = new RequiresSignatureVerificationPredicate(messageContext -> {
            return new MockAuthenticatableContext(true);
        });
        this.predicate.setRelyingPartyContextLookupStrategy(messageContext2 -> {
            this.config.setTlsServerValidationSufficient(false);
            return this.rpc;
        });
        Assert.assertTrue(this.predicate.test(this.msgCtx));
    }

    @Test
    public void testSignatureVerificationRequired_TLSOnlyDisabled_ContextNotAuthenticated() {
        this.predicate = new RequiresSignatureVerificationPredicate(messageContext -> {
            return new MockAuthenticatableContext(false);
        });
        this.predicate.setRelyingPartyContextLookupStrategy(messageContext2 -> {
            this.config.setTlsServerValidationSufficient(false);
            return this.rpc;
        });
        Assert.assertTrue(this.predicate.test(this.msgCtx));
    }

    @Test
    public void testSignatureVerificationRequired_TLSOnlyEnabled_ContextNotAuthenticated() {
        this.predicate = new RequiresSignatureVerificationPredicate(messageContext -> {
            return new MockAuthenticatableContext(false);
        });
        this.predicate.setRelyingPartyContextLookupStrategy(messageContext2 -> {
            this.config.setTlsServerValidationSufficient(true);
            return this.rpc;
        });
        Assert.assertTrue(this.predicate.test(this.msgCtx));
    }

    @Test
    public void testSignatureVerificationNotRequired_TLSOnlyEnabled() {
        this.predicate = new RequiresSignatureVerificationPredicate(messageContext -> {
            return new MockAuthenticatableContext(true);
        });
        this.predicate.setRelyingPartyContextLookupStrategy(messageContext2 -> {
            this.config.setTlsServerValidationSufficient(true);
            return this.rpc;
        });
        Assert.assertFalse(this.predicate.test(this.msgCtx));
    }
}
