package org.apereo.cas.support.saml;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.File;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.time.Clock;
import java.time.Instant;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Objects;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
import org.apache.velocity.app.VelocityEngine;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
import org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalResolver;
import org.apereo.cas.authentication.principal.ServiceFactory;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.config.CasCoreAuditAutoConfiguration;
import org.apereo.cas.config.CasCoreAuthenticationAutoConfiguration;
import org.apereo.cas.config.CasCoreAutoConfiguration;
import org.apereo.cas.config.CasCoreCookieAutoConfiguration;
import org.apereo.cas.config.CasCoreLogoutAutoConfiguration;
import org.apereo.cas.config.CasCoreMonitorAutoConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationAutoConfiguration;
import org.apereo.cas.config.CasCoreMultifactorAuthenticationWebflowAutoConfiguration;
import org.apereo.cas.config.CasCoreNotificationsAutoConfiguration;
import org.apereo.cas.config.CasCoreSamlAutoConfiguration;
import org.apereo.cas.config.CasCoreScriptingAutoConfiguration;
import org.apereo.cas.config.CasCoreServicesAutoConfiguration;
import org.apereo.cas.config.CasCoreTicketsAutoConfiguration;
import org.apereo.cas.config.CasCoreUtilAutoConfiguration;
import org.apereo.cas.config.CasCoreValidationAutoConfiguration;
import org.apereo.cas.config.CasCoreWebAutoConfiguration;
import org.apereo.cas.config.CasCoreWebflowAutoConfiguration;
import org.apereo.cas.config.CasPersonDirectoryAutoConfiguration;
import org.apereo.cas.config.CasSamlIdPAutoConfiguration;
import org.apereo.cas.config.CasThrottlingAutoConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.support.TriStateBoolean;
import org.apereo.cas.services.RegisteredServicesTemplatesManager;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.services.ServicesManagerRegisteredServiceLocator;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataCustomizer;
import org.apereo.cas.support.saml.idp.metadata.generator.SamlIdPMetadataGenerator;
import org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceMetadataAdaptor;
import org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver;
import org.apereo.cas.support.saml.util.Saml20HexRandomIdGenerator;
import org.apereo.cas.support.saml.web.idp.profile.builders.AuthenticatedAssertionContext;
import org.apereo.cas.support.saml.web.idp.profile.builders.SamlProfileObjectBuilder;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectEncrypter;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.SamlIdPObjectSigner;
import org.apereo.cas.support.saml.web.idp.profile.builders.enc.validate.SamlObjectSignatureValidator;
import org.apereo.cas.test.CasTestExtension;
import org.apereo.cas.ticket.registry.TicketRegistry;
import org.apereo.cas.util.RandomUtils;
import org.apereo.cas.util.spring.boot.SpringBootTestAutoConfigurations;
import org.apereo.cas.web.UrlValidator;
import org.apereo.cas.web.cookie.CasCookieBuilder;
import org.apereo.cas.web.support.ArgumentExtractor;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.extension.ExtendWith;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.common.messaging.context.SAMLMetadataContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.Organization;
import org.opensaml.saml.saml2.metadata.OrganizationName;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.jee.context.JEEContext;
import org.pac4j.jee.context.session.JEESessionStore;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.context.SAML2MessageContext;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.autoconfigure.actuate.observability.AutoConfigureObservability;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.web.servlet.MockMvc;

@AutoConfigureObservability
@EnableConfigurationProperties({CasConfigurationProperties.class})
@ExtendWith({CasTestExtension.class})
@SpringBootTest(classes = {SharedTestConfiguration.class}, properties = {"server.port=8383", "cas.monitor.endpoints.endpoint.defaults.access=ANONYMOUS", "management.endpoints.web.exposure.include=*", "management.endpoints.enabled-by-default=true", "cas.webflow.crypto.encryption.key=qLhvLuaobvfzMmbo9U_bYA", "cas.webflow.crypto.signing.key=oZeAR5pEXsolruu4OQYsQKxf-FCvFzSsKlsVaKmfIl6pNzoPm6zPW94NRS1af7vT-0bb3DpPBeksvBXjloEsiA", "cas.authn.saml-idp.core.entity-id=https://cas.example.org/idp", "cas.authn.saml-idp.metadata.http.metadata-backup-location=file://${java.io.tmpdir}/metadata-backups", "cas.authn.saml-idp.metadata.file-system.location=${#systemProperties['java.io.tmpdir']}/idp-metadata-${#randomNumber8}"}, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@AutoConfigureMockMvc
/* loaded from: input_file:org/apereo/cas/support/saml/BaseSamlIdPConfigurationTests.class */
public abstract class BaseSamlIdPConfigurationTests {

    @Autowired
    @Qualifier("mockMvc")
    protected MockMvc mockMvc;

    @Autowired
    protected ConfigurableApplicationContext applicationContext;

    @Autowired
    @Qualifier("ticketGrantingTicketCookieGenerator")
    protected CasCookieBuilder ticketGrantingTicketCookieGenerator;

    @Autowired
    @Qualifier("registeredServicesTemplatesManager")
    protected RegisteredServicesTemplatesManager registeredServicesTemplatesManager;

    @Autowired
    @Qualifier("webApplicationServiceFactory")
    protected ServiceFactory<WebApplicationService> webApplicationServiceFactory;

    @Autowired
    @Qualifier("casSamlIdPMetadataResolver")
    protected MetadataResolver casSamlIdPMetadataResolver;

    @Autowired
    @Qualifier("shibboleth.OpenSAMLConfig")
    protected OpenSamlConfigBean openSamlConfigBean;

    @Autowired
    @Qualifier("shibboleth.VelocityEngine")
    protected VelocityEngine velocityEngine;

    @Autowired
    @Qualifier("samlObjectSigner")
    protected SamlIdPObjectSigner samlIdPObjectSigner;

    @Autowired
    @Qualifier("samlObjectEncrypter")
    protected SamlIdPObjectEncrypter samlIdPObjectEncrypter;

    @Autowired
    @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver")
    protected SamlRegisteredServiceCachingMetadataResolver samlRegisteredServiceCachingMetadataResolver;

    @Autowired
    @Qualifier("urlValidator")
    protected UrlValidator urlValidator;

    @Autowired
    @Qualifier("servicesManager")
    protected ServicesManager servicesManager;

    @Autowired
    @Qualifier("samlProfileSamlResponseBuilder")
    protected SamlProfileObjectBuilder<Response> samlProfileSamlResponseBuilder;

    @Autowired
    @Qualifier("samlProfileSamlSubjectBuilder")
    protected SamlProfileObjectBuilder<Subject> samlProfileSamlSubjectBuilder;

    @Autowired
    @Qualifier("samlProfileSamlConditionsBuilder")
    protected SamlProfileObjectBuilder<Conditions> samlProfileSamlConditionsBuilder;

    @Autowired
    @Qualifier("samlIdPDistributedSessionStore")
    protected SessionStore samlIdPDistributedSessionStore;

    @Autowired
    @Qualifier("samlObjectSignatureValidator")
    protected SamlObjectSignatureValidator samlObjectSignatureValidator;

    @Autowired
    protected CasConfigurationProperties casProperties;

    @Autowired
    @Qualifier("argumentExtractor")
    protected ArgumentExtractor argumentExtractor;

    @Autowired
    @Qualifier("defaultSamlRegisteredServiceCachingMetadataResolver")
    protected SamlRegisteredServiceCachingMetadataResolver defaultSamlRegisteredServiceCachingMetadataResolver;

    @Autowired
    @Qualifier("samlIdPMetadataLocator")
    protected SamlIdPMetadataLocator samlIdPMetadataLocator;

    @Autowired
    @Qualifier("samlIdPMetadataGenerator")
    protected SamlIdPMetadataGenerator samlIdPMetadataGenerator;

    @Autowired
    @Qualifier("ticketRegistry")
    protected TicketRegistry ticketRegistry;

    @Autowired
    @Qualifier("samlArtifactMap")
    protected SAMLArtifactMap samlArtifactMap;

    @Autowired
    @Qualifier("samlIdPServicesManagerRegisteredServiceLocator")
    protected ServicesManagerRegisteredServiceLocator samlIdPServicesManagerRegisteredServiceLocator;

    @Autowired
    @Qualifier("defaultAuthnContextClassRefBuilder")
    protected SamlProfileObjectBuilder<AuthnContext> defaultAuthnContextClassRefBuilder;

    /* loaded from: input_file:org/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$PermissionSamlAttributeValue.class */
    public static final class PermissionSamlAttributeValue extends Record {
        private final String type;
        private final String group;
        private final String user;

        public PermissionSamlAttributeValue(String str, String str2, String str3) {
            this.type = str;
            this.group = str2;
            this.user = str3;
        }

        @Override // java.lang.Record
        public String toString() {
            return new ToStringBuilder(this, ToStringStyle.NO_CLASS_NAME_STYLE).append("user", this.user).append("group", this.group).append("type", this.type).build();
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, PermissionSamlAttributeValue.class), PermissionSamlAttributeValue.class, "type;group;user", "FIELD:Lorg/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$PermissionSamlAttributeValue;->type:Ljava/lang/String;", "FIELD:Lorg/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$PermissionSamlAttributeValue;->group:Ljava/lang/String;", "FIELD:Lorg/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$PermissionSamlAttributeValue;->user:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, PermissionSamlAttributeValue.class, Object.class), PermissionSamlAttributeValue.class, "type;group;user", "FIELD:Lorg/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$PermissionSamlAttributeValue;->type:Ljava/lang/String;", "FIELD:Lorg/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$PermissionSamlAttributeValue;->group:Ljava/lang/String;", "FIELD:Lorg/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$PermissionSamlAttributeValue;->user:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String type() {
            return this.type;
        }

        public String group() {
            return this.group;
        }

        public String user() {
            return this.user;
        }
    }

    @TestConfiguration(value = "SamlIdPMetadataTestConfiguration", proxyBeanMethods = false)
    /* loaded from: input_file:org/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$SamlIdPMetadataTestConfiguration.class */
    static class SamlIdPMetadataTestConfiguration {
        SamlIdPMetadataTestConfiguration() {
        }

        @Bean
        public AuthenticationEventExecutionPlanConfigurer samlIdPTestAuthenticationEventExecutionPlanConfigurer(@Qualifier("defaultPrincipalResolver") ObjectProvider<PrincipalResolver> objectProvider) {
            return authenticationEventExecutionPlan -> {
                authenticationEventExecutionPlan.registerAuthenticationHandlerWithPrincipalResolver(new SimpleTestUsernamePasswordAuthenticationHandler(), (PrincipalResolver) objectProvider.getObject());
            };
        }

        @Bean
        public SamlIdPMetadataCustomizer samlIdPMetadataCustomizer(@Qualifier("shibboleth.OpenSAMLConfig") OpenSamlConfigBean openSamlConfigBean) {
            return (entityDescriptor, optional) -> {
                Organization buildObject = openSamlConfigBean.getBuilderFactory().getBuilder(Organization.DEFAULT_ELEMENT_NAME).buildObject(Organization.DEFAULT_ELEMENT_NAME);
                OrganizationName buildObject2 = openSamlConfigBean.getBuilderFactory().getBuilder(OrganizationName.DEFAULT_ELEMENT_NAME).buildObject(OrganizationName.DEFAULT_ELEMENT_NAME);
                buildObject2.setValue("CASOrganizationName");
                buildObject.getOrganizationNames().add(buildObject2);
                entityDescriptor.setOrganization(buildObject);
            };
        }
    }

    @SpringBootConfiguration(proxyBeanMethods = false)
    @ImportAutoConfiguration({CasCoreTicketsAutoConfiguration.class, CasCoreServicesAutoConfiguration.class, CasCoreAuthenticationAutoConfiguration.class, CasCoreNotificationsAutoConfiguration.class, CasCoreAuditAutoConfiguration.class, CasCoreWebAutoConfiguration.class, CasCoreMonitorAutoConfiguration.class, CasCoreWebflowAutoConfiguration.class, CasThrottlingAutoConfiguration.class, CasSamlIdPAutoConfiguration.class, CasCoreLogoutAutoConfiguration.class, CasCoreCookieAutoConfiguration.class, CasCoreValidationAutoConfiguration.class, CasCoreMultifactorAuthenticationAutoConfiguration.class, CasCoreMultifactorAuthenticationWebflowAutoConfiguration.class, CasCoreAutoConfiguration.class, CasCoreSamlAutoConfiguration.class, CasPersonDirectoryAutoConfiguration.class, CasCoreUtilAutoConfiguration.class, CasCoreScriptingAutoConfiguration.class})
    @SpringBootTestAutoConfigurations
    @Import({SamlIdPMetadataTestConfiguration.class})
    /* loaded from: input_file:org/apereo/cas/support/saml/BaseSamlIdPConfigurationTests$SharedTestConfiguration.class */
    public static class SharedTestConfiguration {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AuthenticatedAssertionContext getAssertion() {
        return getAssertion(Map.of());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AuthenticatedAssertionContext getAssertion(Map<String, Object> map) {
        return getAssertion("casuser", map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static AuthenticatedAssertionContext getAssertion(String str, Map<String, Object> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(CoreAuthenticationTestUtils.getAttributes());
        linkedHashMap.putAll(map);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new PermissionSamlAttributeValue("admin", "cas-admins", "super-cas"));
        arrayList.add(new PermissionSamlAttributeValue("designer", "cas-designers", "cas-ux"));
        linkedHashMap.put("permissions", arrayList);
        return AuthenticatedAssertionContext.builder().name(str).authenticationDate(ZonedDateTime.now(Clock.systemUTC())).validUntilDate(ZonedDateTime.now(Clock.systemUTC()).plusHours(1L)).validFromDate(ZonedDateTime.now(Clock.systemUTC())).attributes(linkedHashMap).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthnRequest getAuthnRequestFor(SamlRegisteredService samlRegisteredService) {
        return getAuthnRequestFor(samlRegisteredService.getServiceId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthnRequest getAuthnRequestFor(String str) {
        AuthnRequest newSamlObject = this.samlProfileSamlResponseBuilder.newSamlObject(AuthnRequest.class);
        newSamlObject.setID(Saml20HexRandomIdGenerator.INSTANCE.getNewString());
        Issuer newSamlObject2 = this.samlProfileSamlResponseBuilder.newSamlObject(Issuer.class);
        newSamlObject2.setValue(str);
        newSamlObject.setIssuer(newSamlObject2);
        newSamlObject.setIssueInstant(Instant.now(Clock.systemUTC()));
        return newSamlObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SamlRegisteredService getSamlRegisteredServiceForTestShib() {
        return getSamlRegisteredServiceForTestShib(false, false, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SamlRegisteredService getSamlRegisteredServiceForTestShib(boolean z, boolean z2) {
        return getSamlRegisteredServiceForTestShib(z, z2, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SamlRegisteredService getSamlRegisteredServiceForTestShib(boolean z, boolean z2, boolean z3) {
        return getSamlRegisteredServiceFor(z, z2, z3, "https://sp.testshib.org/shibboleth-sp");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SamlRegisteredService getSamlRegisteredServiceFor(boolean z, boolean z2, boolean z3, String str) {
        SamlRegisteredService samlRegisteredService = new SamlRegisteredService();
        samlRegisteredService.setName("TestShib");
        samlRegisteredService.setServiceId(str);
        samlRegisteredService.setId(RandomUtils.nextInt());
        samlRegisteredService.setSignAssertions(TriStateBoolean.fromBoolean(z));
        samlRegisteredService.setSignResponses(TriStateBoolean.fromBoolean(z2));
        samlRegisteredService.setEncryptAssertions(z3);
        samlRegisteredService.setDescription("SAML Service");
        samlRegisteredService.setMetadataLocation("classpath:metadata/testshib-providers.xml");
        return samlRegisteredService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SamlRegisteredService getSamlRegisteredServiceFor(String str) {
        return getSamlRegisteredServiceFor(false, false, false, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthnRequest signAuthnRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthnRequest authnRequest, SamlRegisteredService samlRegisteredService) throws Exception {
        return this.samlIdPObjectSigner.encode(authnRequest, samlRegisteredService, (SamlRegisteredServiceMetadataAdaptor) SamlRegisteredServiceMetadataAdaptor.get(this.samlRegisteredServiceCachingMetadataResolver, samlRegisteredService, samlRegisteredService.getServiceId()).get(), httpServletResponse, httpServletRequest, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", authnRequest, new MessageContext());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAML2MessageContext buildSamlMessageContext() throws Exception {
        String canonicalPath = new File("src/test/resources/metadata/idp-metadata.xml").getCanonicalPath();
        String canonicalPath2 = new File(FileUtils.getTempDirectory(), "keystore").getCanonicalPath();
        String canonicalPath3 = new File(FileUtils.getTempDirectory(), "sp-metadata.xml").getCanonicalPath();
        SAML2Configuration sAML2Configuration = new SAML2Configuration(canonicalPath2, "changeit", "changeit", canonicalPath);
        sAML2Configuration.setServiceProviderEntityId("cas:example:sp");
        sAML2Configuration.setServiceProviderMetadataPath(canonicalPath3);
        sAML2Configuration.init();
        SAML2Client sAML2Client = new SAML2Client(sAML2Configuration);
        sAML2Client.setCallbackUrl("http://callback.example.org");
        sAML2Client.init();
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("user-agent", "Mozilla/5.0 (Windows NT 10.0; WOW64)");
        SAML2MessageContext sAML2MessageContext = new SAML2MessageContext(new CallContext(new JEEContext(mockHttpServletRequest, new MockHttpServletResponse()), new JEESessionStore()));
        sAML2MessageContext.setSaml2Configuration(sAML2Configuration);
        SAMLPeerEntityContext ensureSubcontext = sAML2MessageContext.getMessageContext().ensureSubcontext(SAMLPeerEntityContext.class);
        Assertions.assertNotNull(ensureSubcontext);
        ensureSubcontext.setEntityId("https://cas.example.org/idp");
        SAMLMetadataContext ensureSubcontext2 = ensureSubcontext.ensureSubcontext(SAMLMetadataContext.class);
        Assertions.assertNotNull(ensureSubcontext2);
        ensureSubcontext2.setRoleDescriptor((RoleDescriptor) SamlIdPUtils.getRoleDescriptorResolver(this.casSamlIdPMetadataResolver, true).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion((String) Objects.requireNonNull(ensureSubcontext.getEntityId())), new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME)})));
        SAMLSelfEntityContext ensureSubcontext3 = sAML2MessageContext.getMessageContext().ensureSubcontext(SAMLSelfEntityContext.class);
        Assertions.assertNotNull(ensureSubcontext3);
        ensureSubcontext3.setEntityId(sAML2Configuration.getServiceProviderEntityId());
        SAMLMetadataContext ensureSubcontext4 = ensureSubcontext3.ensureSubcontext(SAMLMetadataContext.class);
        Assertions.assertNotNull(ensureSubcontext4);
        InMemoryResourceMetadataResolver inMemoryResourceMetadataResolver = new InMemoryResourceMetadataResolver(new File(canonicalPath3), this.openSamlConfigBean);
        inMemoryResourceMetadataResolver.setId(getClass().getSimpleName());
        inMemoryResourceMetadataResolver.initialize();
        ensureSubcontext4.setRoleDescriptor((RoleDescriptor) SamlIdPUtils.getRoleDescriptorResolver(inMemoryResourceMetadataResolver, true).resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion((String) Objects.requireNonNull(ensureSubcontext3.getEntityId())), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)})));
        return sAML2MessageContext;
    }
}
