package org.apereo.cas.support.saml.web.idp.profile.builders.response;

import java.util.List;
import org.apache.xerces.xs.XSObject;
import org.apereo.cas.mock.MockTicketGrantingTicket;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.util.CollectionUtils;
import org.jasig.cas.client.validation.Assertion;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Response;
import org.pac4j.core.context.JEEContext;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Tag("SAML")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/response/SamlProfileSaml2ResponseBuilderTests.class */
public class SamlProfileSaml2ResponseBuilderTests extends BaseSamlIdPConfigurationTests {
    @Test
    public void verifySamlResponseAllSigned() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.getAttributeValueTypes().put("permissions", XSObject.class.getSimpleName());
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Assertions.assertNotNull(this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext()));
    }

    @Test
    public void verifySamlResponseWithIssuerEntityId() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.setIssuerEntityId("https://issuer.example.org");
        samlRegisteredServiceForTestShib.getAttributeValueTypes().put("permissions", XSObject.class.getSimpleName());
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Assertions.assertNotNull(this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext()));
    }

    @Test
    public void verifySamlResponseWithAttributeQuery() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockTicketGrantingTicket mockTicketGrantingTicket = new MockTicketGrantingTicket("casuser");
        this.ticketRegistry.addTicket(mockTicketGrantingTicket);
        this.samlIdPDistributedSessionStore.set(new JEEContext(mockHttpServletRequest, mockHttpServletResponse), "ticketGrantingTicketId", mockTicketGrantingTicket.getId());
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.setIssuerEntityId("https://issuer.example.org");
        samlRegisteredServiceForTestShib.getAttributeValueTypes().put("permissions", XSObject.class.getSimpleName());
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        Assertion assertion = getAssertion();
        RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(mockHttpServletRequest, mockHttpServletResponse));
        Assertions.assertNotNull(this.samlProfileSamlResponseBuilder.build(authnRequestFor, mockHttpServletRequest, mockHttpServletResponse, assertion, samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", new MessageContext()));
    }

    @Test
    public void verifySamlResponseAllSignedEncrypted() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true, true);
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Response build = this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertTrue(build.getAssertions().isEmpty());
        Assertions.assertFalse(build.getEncryptedAssertions().isEmpty());
    }

    @Test
    public void verifySamlResponseAssertionSigned() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(false, true);
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Response build = this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        List assertions = build.getAssertions();
        Assertions.assertFalse(assertions.isEmpty());
        Assertions.assertNull(((org.opensaml.saml.saml2.core.Assertion) assertions.get(0)).getSubject().getNameID());
        Assertions.assertNotNull(((org.opensaml.saml.saml2.core.Assertion) assertions.get(0)).getSubject().getEncryptedID());
    }

    @Test
    public void verifySamlResponseResponseSigned() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, false);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Assertions.assertNotNull(this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext()));
    }

    @Test
    public void verifySamlResponseNothingSigned() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(false, false);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Assertions.assertNotNull(this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext()));
    }

    @Test
    public void verifySamlResponseSha1SigningAndDigest() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.setSigningSignatureAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"}));
        samlRegisteredServiceForTestShib.setSigningSignatureReferenceDigestMethods(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2000/09/xmldsig#sha1"}));
        samlRegisteredServiceForTestShib.setSigningSignatureWhiteListedAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2000/09/xmldsig#rsa-sha1", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", "http://www.w3.org/2000/09/xmldsig#sha1"}));
        Response build = this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertEquals("http://www.w3.org/2000/09/xmldsig#rsa-sha1", ((org.opensaml.saml.saml2.core.Assertion) build.getAssertions().get(0)).getSignature().getSignatureAlgorithm());
        Assertions.assertEquals("http://www.w3.org/2000/09/xmldsig#rsa-sha1", build.getSignature().getSignatureAlgorithm());
    }

    @Test
    public void verifySamlResponseSha256SigningAndDigest() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.setSigningSignatureAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"}));
        samlRegisteredServiceForTestShib.setSigningSignatureReferenceDigestMethods(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2001/04/xmlenc#sha256"}));
        samlRegisteredServiceForTestShib.setSigningSignatureWhiteListedAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"}));
        samlRegisteredServiceForTestShib.setSigningSignatureBlackListedAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"}));
        Response build = this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertEquals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", ((org.opensaml.saml.saml2.core.Assertion) build.getAssertions().get(0)).getSignature().getSignatureAlgorithm());
        Assertions.assertEquals("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", build.getSignature().getSignatureAlgorithm());
    }

    @Test
    public void verifySamlResponseAllSignedEncryptedWithCBC() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true, true);
        samlRegisteredServiceForTestShib.setEncryptionDataAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2001/04/xmlenc#aes128-cbc"}));
        samlRegisteredServiceForTestShib.setEncryptionKeyAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"}));
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        Response build = this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertTrue(build.getAssertions().isEmpty());
        Assertions.assertFalse(build.getEncryptedAssertions().isEmpty());
        Assertions.assertEquals("http://www.w3.org/2001/04/xmlenc#aes128-cbc", ((EncryptedAssertion) build.getEncryptedAssertions().get(0)).getEncryptedData().getEncryptionMethod().getAlgorithm());
    }

    @Test
    public void verifySamlResponseAllSignedEncryptedWithGCM() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true, true);
        samlRegisteredServiceForTestShib.setEncryptionDataAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2009/xmlenc11#aes128-gcm"}));
        samlRegisteredServiceForTestShib.setEncryptionKeyAlgorithms(CollectionUtils.wrapArrayList(new String[]{"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"}));
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        Response build = this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertTrue(build.getAssertions().isEmpty());
        Assertions.assertFalse(build.getEncryptedAssertions().isEmpty());
        Assertions.assertEquals("http://www.w3.org/2009/xmlenc11#aes128-gcm", ((EncryptedAssertion) build.getEncryptedAssertions().get(0)).getEncryptedData().getEncryptionMethod().getAlgorithm());
    }

    @Test
    public void verifySamlResponseAllSignedEncryptedWithEncryptionOptional() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true, true);
        samlRegisteredServiceForTestShib.setEncryptionDataAlgorithms(CollectionUtils.wrapArrayList(new String[]{"something"}));
        samlRegisteredServiceForTestShib.setEncryptionKeyAlgorithms(CollectionUtils.wrapArrayList(new String[]{"something"}));
        samlRegisteredServiceForTestShib.setEncryptionOptional(true);
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        Response build = this.samlProfileSamlResponseBuilder.build(getAuthnRequestFor(samlRegisteredServiceForTestShib), mockHttpServletRequest, mockHttpServletResponse, getAssertion(), samlRegisteredServiceForTestShib, (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get(), "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertFalse(build.getAssertions().isEmpty());
        Assertions.assertTrue(build.getEncryptedAssertions().isEmpty());
    }
}
