package org.apereo.cas.support.saml.web.idp.profile.builders.nameid;

import java.util.ArrayList;
import java.util.Date;
import java.util.UUID;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.util.CollectionUtils;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.jasig.cas.client.validation.Assertion;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("SAML")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/nameid/SamlProfileSamlNameIdBuilderTests.class */
public class SamlProfileSamlNameIdBuilderTests extends BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("samlProfileSamlNameIdBuilder")
    private SamlProfileObjectBuilder<NameID> samlProfileSamlNameIdBuilder;

    @Test
    public void verifyNoSupportedFormats() {
        AuthnRequest authnRequest = (AuthnRequest) Mockito.mock(AuthnRequest.class);
        Issuer issuer = (Issuer) Mockito.mock(Issuer.class);
        Mockito.when(issuer.getValue()).thenReturn("https://idp.example.org");
        Mockito.when(authnRequest.getIssuer()).thenReturn(issuer);
        NameIDPolicy nameIDPolicy = (NameIDPolicy) Mockito.mock(NameIDPolicy.class);
        Mockito.when(nameIDPolicy.getFormat()).thenReturn("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        Mockito.when(authnRequest.getNameIDPolicy()).thenReturn(nameIDPolicy);
        SamlRegisteredService samlRegisteredService = new SamlRegisteredService();
        samlRegisteredService.setServiceId("entity-id");
        samlRegisteredService.setNameIdQualifier("https://qualifier.example.org");
        samlRegisteredService.setServiceProviderNameIdQualifier("https://sp-qualifier.example.org");
        samlRegisteredService.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) Mockito.mock(SamlRegisteredServiceServiceProviderMetadataFacade.class);
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getEntityId()).thenReturn(samlRegisteredService.getServiceId());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrincipal()).thenReturn(new AttributePrincipalImpl("casuser"));
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getSupportedNameIdFormats()).thenReturn(new ArrayList(0));
        Assertions.assertNotNull(this.samlProfileSamlNameIdBuilder.build(authnRequest, new MockHttpServletRequest(), new MockHttpServletResponse(), assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext()));
    }

    @Test
    public void verifyUnknownSupportedFormats() {
        AuthnRequest authnRequest = (AuthnRequest) Mockito.mock(AuthnRequest.class);
        Issuer issuer = (Issuer) Mockito.mock(Issuer.class);
        Mockito.when(issuer.getValue()).thenReturn("https://idp.example.org");
        Mockito.when(authnRequest.getIssuer()).thenReturn(issuer);
        NameIDPolicy nameIDPolicy = (NameIDPolicy) Mockito.mock(NameIDPolicy.class);
        Mockito.when(nameIDPolicy.getFormat()).thenReturn("badformat");
        Mockito.when(authnRequest.getNameIDPolicy()).thenReturn(nameIDPolicy);
        SamlRegisteredService samlRegisteredService = new SamlRegisteredService();
        samlRegisteredService.setServiceId("entity-id");
        samlRegisteredService.setNameIdQualifier("https://qualifier.example.org");
        samlRegisteredService.setServiceProviderNameIdQualifier("https://sp-qualifier.example.org");
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) Mockito.mock(SamlRegisteredServiceServiceProviderMetadataFacade.class);
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getEntityId()).thenReturn(samlRegisteredService.getServiceId());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrincipal()).thenThrow(new Throwable[]{new RuntimeException("undefined")});
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getSupportedNameIdFormats()).thenReturn(new ArrayList(0));
        Assertions.assertNull(this.samlProfileSamlNameIdBuilder.build(authnRequest, new MockHttpServletRequest(), new MockHttpServletResponse(), assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext()));
    }

    @Test
    public void verifyNameId() {
        verifyNameIdByFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        verifyNameIdByFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        verifyNameIdByFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        verifyNameIdByFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        verifyNameIdByFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName");
        verifyNameIdByFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName");
        verifyNameIdByFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos");
    }

    @Test
    public void verifyPersistedNameIdFormat() {
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrincipal()).thenReturn(new AttributePrincipalImpl("casuser"));
        Mockito.when(assertion.getValidFromDate()).thenReturn(new Date());
        Subject build = this.samlProfileSamlSubjectBuilder.build(authnRequestFor, new MockHttpServletRequest(), new MockHttpServletResponse(), assertion, samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build.getNameID());
        Assertions.assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", build.getNameID().getFormat());
        Assertions.assertEquals(samlRegisteredServiceServiceProviderMetadataFacade.getEntityId(), build.getNameID().getSPNameQualifier());
        Assertions.assertEquals("https://cas.example.org/idp", build.getNameID().getNameQualifier());
    }

    @Test
    public void verifyPersistedNameIdFormatWithServiceEntityIdOverride() {
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        samlRegisteredServiceForTestShib.setIssuerEntityId(UUID.randomUUID().toString());
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrincipal()).thenReturn(new AttributePrincipalImpl("casuser"));
        Mockito.when(assertion.getValidFromDate()).thenReturn(new Date());
        Subject build = this.samlProfileSamlSubjectBuilder.build(authnRequestFor, new MockHttpServletRequest(), new MockHttpServletResponse(), assertion, samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build.getNameID());
        Assertions.assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", build.getNameID().getFormat());
        Assertions.assertEquals(samlRegisteredServiceServiceProviderMetadataFacade.getEntityId(), build.getNameID().getSPNameQualifier());
        Assertions.assertEquals(samlRegisteredServiceForTestShib.getIssuerEntityId(), build.getNameID().getNameQualifier());
    }

    @Test
    public void verifyEncryptedNameIdFormat() {
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib();
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        samlRegisteredServiceForTestShib.setSkipGeneratingSubjectConfirmationNameId(false);
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrincipal()).thenReturn(new AttributePrincipalImpl("casuser"));
        Mockito.when(assertion.getValidFromDate()).thenReturn(new Date());
        Subject build = this.samlProfileSamlSubjectBuilder.build(authnRequestFor, new MockHttpServletRequest(), new MockHttpServletResponse(), assertion, samlRegisteredServiceForTestShib, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNull(build.getNameID());
        Assertions.assertNotNull(build.getEncryptedID());
        Assertions.assertFalse(build.getSubjectConfirmations().isEmpty());
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) build.getSubjectConfirmations().get(0);
        Assertions.assertNotNull(subjectConfirmation.getEncryptedID());
        Assertions.assertNull(subjectConfirmation.getNameID());
    }

    @Test
    public void verifySkipTransient() {
        AuthnRequest authnRequest = (AuthnRequest) Mockito.mock(AuthnRequest.class);
        Issuer issuer = (Issuer) Mockito.mock(Issuer.class);
        Mockito.when(issuer.getValue()).thenReturn("https://idp.example.org");
        Mockito.when(authnRequest.getIssuer()).thenReturn(issuer);
        NameIDPolicy nameIDPolicy = (NameIDPolicy) Mockito.mock(NameIDPolicy.class);
        Mockito.when(nameIDPolicy.getFormat()).thenReturn("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        Mockito.when(authnRequest.getNameIDPolicy()).thenReturn(nameIDPolicy);
        SamlRegisteredService samlRegisteredService = new SamlRegisteredService();
        samlRegisteredService.setServiceId("entity-id");
        samlRegisteredService.setSkipGeneratingTransientNameId(true);
        samlRegisteredService.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) Mockito.mock(SamlRegisteredServiceServiceProviderMetadataFacade.class);
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getEntityId()).thenReturn(samlRegisteredService.getServiceId());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrincipal()).thenReturn(new AttributePrincipalImpl("casuser"));
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getSupportedNameIdFormats()).thenReturn(CollectionUtils.wrapList(new String[]{"urn:oasis:names:tc:SAML:2.0:nameid-format:transient"}));
        NameID build = this.samlProfileSamlNameIdBuilder.build(authnRequest, new MockHttpServletRequest(), new MockHttpServletResponse(), assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", build.getFormat());
        Assertions.assertEquals("casuser", build.getValue());
    }

    private void verifyNameIdByFormat(String str) {
        AuthnRequest authnRequest = (AuthnRequest) Mockito.mock(AuthnRequest.class);
        Issuer issuer = (Issuer) Mockito.mock(Issuer.class);
        Mockito.when(issuer.getValue()).thenReturn("https://idp.example.org");
        Mockito.when(authnRequest.getIssuer()).thenReturn(issuer);
        NameIDPolicy nameIDPolicy = (NameIDPolicy) Mockito.mock(NameIDPolicy.class);
        Mockito.when(nameIDPolicy.getFormat()).thenReturn(str);
        Mockito.when(authnRequest.getNameIDPolicy()).thenReturn(nameIDPolicy);
        SamlRegisteredService samlRegisteredService = new SamlRegisteredService();
        samlRegisteredService.setServiceId("entity-id");
        samlRegisteredService.setRequiredNameIdFormat(str);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) Mockito.mock(SamlRegisteredServiceServiceProviderMetadataFacade.class);
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getEntityId()).thenReturn(samlRegisteredService.getServiceId());
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Mockito.when(assertion.getPrincipal()).thenReturn(new AttributePrincipalImpl("casuser"));
        Mockito.when(samlRegisteredServiceServiceProviderMetadataFacade.getSupportedNameIdFormats()).thenReturn(CollectionUtils.wrapList(new String[]{"urn:oasis:names:tc:SAML:2.0:nameid-format:transient", str}));
        NameID build = this.samlProfileSamlNameIdBuilder.build(authnRequest, new MockHttpServletRequest(), new MockHttpServletResponse(), assertion, samlRegisteredService, samlRegisteredServiceServiceProviderMetadataFacade, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", new MessageContext());
        Assertions.assertNotNull(build);
        Assertions.assertEquals(str, build.getFormat());
        if (str.equals("urn:oasis:names:tc:SAML:2.0:nameid-format:transient")) {
            Assertions.assertNotEquals("casuser", build.getValue());
        } else {
            Assertions.assertEquals("casuser", build.getValue());
        }
    }
}
