package org.apereo.cas.support.saml.web.idp.profile.builders.subject;

import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import org.apereo.cas.support.saml.BaseSamlIdPConfigurationTests;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade;
import org.apereo.cas.support.saml.web.idp.profile.builders.AuthenticatedAssertionContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileBuilderContext;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;

@Tag("SAML2")
/* loaded from: input_file:org/apereo/cas/support/saml/web/idp/profile/builders/subject/SamlProfileSamlSubjectBuilderTests.class */
public class SamlProfileSamlSubjectBuilderTests extends BaseSamlIdPConfigurationTests {
    @Test
    public void verifySubjectWithNoNameId() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.setSkewAllowance(1000);
        samlRegisteredServiceForTestShib.setSkipGeneratingAssertionNameId(true);
        samlRegisteredServiceForTestShib.setSkipGeneratingSubjectConfirmationNotOnOrAfter(true);
        samlRegisteredServiceForTestShib.setSkipGeneratingSubjectConfirmationNameId(true);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        Assertions.assertNotNull(this.samlProfileSamlSubjectBuilder.build(SamlProfileBuilderContext.builder().samlRequest(authnRequestFor).httpRequest(mockHttpServletRequest).httpResponse(mockHttpServletResponse).authenticatedAssertion(getAssertion()).registeredService(samlRegisteredServiceForTestShib).adaptor(samlRegisteredServiceServiceProviderMetadataFacade).binding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST").build()));
    }

    @Test
    public void verifySubjectWithSkewedConfData() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.setSkewAllowance(1000);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        AuthenticatedAssertionContext assertion = getAssertion();
        Instant truncatedTo = ZonedDateTime.now(ZoneOffset.UTC).plusSeconds(samlRegisteredServiceForTestShib.getSkewAllowance()).toInstant().truncatedTo(ChronoUnit.SECONDS);
        Subject build = this.samlProfileSamlSubjectBuilder.build(SamlProfileBuilderContext.builder().samlRequest(authnRequestFor).httpRequest(mockHttpServletRequest).httpResponse(mockHttpServletResponse).authenticatedAssertion(assertion).registeredService(samlRegisteredServiceForTestShib).adaptor(samlRegisteredServiceServiceProviderMetadataFacade).binding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST").build());
        Assertions.assertNotNull(build);
        Assertions.assertEquals(truncatedTo, ((SubjectConfirmation) build.getSubjectConfirmations().get(0)).getSubjectConfirmationData().getNotOnOrAfter().truncatedTo(ChronoUnit.SECONDS));
    }

    @Test
    public void verifyEncryptedSubject() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        SamlRegisteredService samlRegisteredServiceForTestShib = getSamlRegisteredServiceForTestShib(true, true);
        samlRegisteredServiceForTestShib.setSkipGeneratingSubjectConfirmationNameId(false);
        samlRegisteredServiceForTestShib.setSkipGeneratingSubjectConfirmationNotOnOrAfter(false);
        samlRegisteredServiceForTestShib.setSkewAllowance(0);
        SamlRegisteredServiceServiceProviderMetadataFacade samlRegisteredServiceServiceProviderMetadataFacade = (SamlRegisteredServiceServiceProviderMetadataFacade) SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredServiceForTestShib, samlRegisteredServiceForTestShib.getServiceId()).get();
        AuthnRequest authnRequestFor = getAuthnRequestFor(samlRegisteredServiceForTestShib);
        AuthenticatedAssertionContext assertion = getAssertion();
        samlRegisteredServiceForTestShib.setRequiredNameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
        Subject build = this.samlProfileSamlSubjectBuilder.build(SamlProfileBuilderContext.builder().samlRequest(authnRequestFor).httpRequest(mockHttpServletRequest).httpResponse(mockHttpServletResponse).authenticatedAssertion(assertion).registeredService(samlRegisteredServiceForTestShib).adaptor(samlRegisteredServiceServiceProviderMetadataFacade).binding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST").build());
        Assertions.assertNotNull(build);
        SubjectConfirmation subjectConfirmation = (SubjectConfirmation) build.getSubjectConfirmations().get(0);
        Assertions.assertNotNull(subjectConfirmation.getEncryptedID());
        Assertions.assertNull(subjectConfirmation.getNameID());
        Assertions.assertNotNull(build.getEncryptedID());
        Assertions.assertNull(build.getNameID());
    }
}
