package org.opensaml.saml.metadata.resolver.impl;

import com.google.common.io.Resources;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.Collections;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import net.shibboleth.utilities.java.support.httpclient.HttpClientSupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.joda.time.DateTime;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObjectBaseTestCase;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.credential.impl.StaticCredentialResolver;
import org.opensaml.security.httpclient.impl.SecurityEnhancedTLSSocketFactory;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.trust.impl.ExplicitKeyTrustEngine;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509Support;
import org.opensaml.security.x509.impl.BasicPKIXValidationInformation;
import org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator;
import org.opensaml.security.x509.impl.CertPathPKIXTrustEvaluator;
import org.opensaml.security.x509.impl.PKIXX509CredentialTrustEngine;
import org.opensaml.security.x509.impl.StaticPKIXValidationInformationResolver;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/FileBackedHTTPMetadataResolverTest.class */
public class FileBackedHTTPMetadataResolverTest extends XMLObjectBaseTestCase {
    private static final String DATA_PATH = "/org/opensaml/saml/metadata/resolver/impl/";
    private HttpClientBuilder httpClientBuilder;
    private String relativeMDResource;
    private String httpsMDURL;
    private String httpMDURL;
    private String badMDURL;
    private String backupFilePath;
    private FileBackedHTTPMetadataResolver metadataProvider;
    private String entityID;
    private CriteriaSet criteriaSet;

    @BeforeMethod
    protected void setUp() throws Exception {
        this.httpClientBuilder = new HttpClientBuilder();
        this.relativeMDResource = "org/opensaml/saml/metadata/resolver/impl/08ced64cddc9f1578598b2cf71ae747b11d11472.xml";
        this.httpsMDURL = String.format("https://svn.shibboleth.net/java-opensaml/trunk/opensaml-saml-impl/src/test/resources/%s", this.relativeMDResource);
        this.httpMDURL = String.format("http://svn.shibboleth.net/view/java-opensaml/trunk/opensaml-saml-impl/src/test/resources/%s?view=co", this.relativeMDResource);
        this.entityID = "https://www.example.org/sp";
        this.badMDURL = "http://www.opensaml.org/foo/bar/baz/samlmd";
        this.backupFilePath = System.getProperty("java.io.tmpdir") + System.getProperty("file.separator") + "filebacked-http-metadata.xml";
        this.criteriaSet = new CriteriaSet(new Criterion[]{new EntityIdCriterion(this.entityID)});
    }

    @AfterMethod
    protected void tearDown() throws IOException {
        Files.deleteIfExists(Paths.get(this.backupFilePath, new String[0]));
    }

    @Test
    public void testGetEntityDescriptor() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.initialize();
        Assert.assertFalse(this.metadataProvider.isInitializedFromBackupFile());
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testFailFastBadURL() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.badMDURL, this.backupFilePath);
        this.metadataProvider.setFailFastInitialization(true);
        this.metadataProvider.setParserPool(parserPool);
        try {
            this.metadataProvider.initialize();
            Assert.fail("metadata provider claims to have parsed known invalid data");
        } catch (ComponentInitializationException e) {
        }
    }

    @Test
    public void testNoFailFastBadURL() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.badMDURL, this.backupFilePath);
        this.metadataProvider.setFailFastInitialization(false);
        this.metadataProvider.setId("test");
        this.metadataProvider.setParserPool(parserPool);
        try {
            this.metadataProvider.initialize();
        } catch (ComponentInitializationException e) {
            Assert.fail("Provider failed init with fail-fast=false");
        }
        Assert.assertNull(this.metadataProvider.resolveSingle(this.criteriaSet));
    }

    @Test
    public void testFailFastBadBackupFile() throws Exception {
        try {
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpMDURL, System.getProperty("java.io.tmpdir"));
        } catch (ResolverException e) {
            Assert.fail("Provider failed bad backup file in constructor");
        }
        this.metadataProvider.setFailFastInitialization(true);
        this.metadataProvider.setParserPool(parserPool);
        try {
            this.metadataProvider.initialize();
            Assert.fail("Provider passed init with bad backup file, fail-fast=true");
        } catch (ComponentInitializationException e2) {
        }
    }

    @Test
    public void testNoFailFastBadBackupFile() throws Exception {
        try {
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpMDURL, System.getProperty("java.io.tmpdir"));
        } catch (ResolverException e) {
            Assert.fail("Provider failed bad backup file in constructor");
        }
        this.metadataProvider.setFailFastInitialization(false);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        try {
            this.metadataProvider.initialize();
            Assert.assertFalse(this.metadataProvider.isInitializedFromBackupFile());
        } catch (ComponentInitializationException e2) {
            Assert.fail("Provider failed init with bad backup file, fail-fast=false");
        }
        Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from backing file was null");
    }

    @Test
    public void testInitFromBackupFile() throws Exception {
        File file = new File(this.backupFilePath);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            try {
                Resources.copy(Resources.getResource(this.relativeMDResource), fileOutputStream);
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                Assert.assertTrue(file.exists(), "Backup file was not created");
                Assert.assertTrue(file.length() > 0, "Backup file contains no data");
                this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpMDURL, this.backupFilePath);
                this.metadataProvider.setParserPool(parserPool);
                this.metadataProvider.setFailFastInitialization(true);
                this.metadataProvider.setId("test");
                this.metadataProvider.setBackupFileInitNextRefreshDelay(1000L);
                this.metadataProvider.initialize();
                Assert.assertTrue(this.metadataProvider.isInitializedFromBackupFile());
                DateTime lastRefresh = this.metadataProvider.getLastRefresh();
                DateTime lastUpdate = this.metadataProvider.getLastUpdate();
                Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata inited from backing file was null");
                Thread.sleep(this.metadataProvider.getBackupFileInitNextRefreshDelay() + 5000);
                Assert.assertTrue(lastRefresh.isBefore(this.metadataProvider.getLastRefresh()));
                Assert.assertTrue(lastUpdate.isBefore(this.metadataProvider.getLastUpdate()));
                Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from HTTP refreshed metadata was null");
            } finally {
            }
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testNoBackupFileLoadWhenMetadataCached() throws Exception {
        File file = new File(this.backupFilePath);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            try {
                Resources.copy(Resources.getResource(this.relativeMDResource), fileOutputStream);
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                Assert.assertTrue(file.exists(), "Backup file was not created");
                Assert.assertTrue(file.length() > 0, "Backup file contains no data");
                this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.badMDURL, this.backupFilePath);
                this.metadataProvider.setParserPool(parserPool);
                this.metadataProvider.setFailFastInitialization(true);
                this.metadataProvider.setId("test");
                this.metadataProvider.initialize();
                Assert.assertTrue(this.metadataProvider.isInitializedFromBackupFile());
                DateTime lastRefresh = this.metadataProvider.getLastRefresh();
                DateTime lastUpdate = this.metadataProvider.getLastUpdate();
                Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from backing file was null");
                Thread.sleep(1000L);
                this.metadataProvider.refresh();
                Assert.assertTrue(lastRefresh.isBefore(this.metadataProvider.getLastRefresh()));
                Assert.assertEquals(lastUpdate, this.metadataProvider.getLastUpdate());
                Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from cached metadata was null");
            } finally {
            }
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTrustEngineSocketFactoryNoHTTPSNoTrustEngine() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testTrustEngineSocketFactoryNoHTTPSWithTrustEngine() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildExplicitKeyTrustEngine("svn-entity.crt"));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSNoTrustEngine() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSTrustEngineExplicitKey() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildExplicitKeyTrustEngine("svn-entity.crt"));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testHTTPSTrustEngineInvalidKey() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildExplicitKeyTrustEngine("badKey.crt"));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSTrustEngineValidPKIX() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildPKIXTrustEngine("svn-rootCA.crt", null, false));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSTrustEngineValidPKIXExplicitName() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildPKIXTrustEngine("svn-rootCA.crt", "*.shibboleth.net", true));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testHTTPSTrustEngineInvalidPKIX() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildPKIXTrustEngine("badCA.crt", null, false));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testHTTPSTrustEngineValidPKIXInvalidName() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(buildTrustEngineSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildPKIXTrustEngine("svn-rootCA.crt", "foobar.shibboleth.net", true));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testHTTPSTrustEngineWrongSocketFactory() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.httpsMDURL, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.setTLSTrustEngine(buildExplicitKeyTrustEngine("svn-entity.crt"));
        this.metadataProvider.initialize();
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    private LayeredConnectionSocketFactory buildTrustEngineSocketFactory() {
        return new SecurityEnhancedTLSSocketFactory(HttpClientSupport.buildNoTrustTLSSocketFactory(), SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
    }

    private TrustEngine<? super X509Credential> buildExplicitKeyTrustEngine(String str) throws URISyntaxException, CertificateException {
        return new ExplicitKeyTrustEngine(new StaticCredentialResolver(new BasicX509Credential(X509Support.decodeCertificate(new File(getClass().getResource(DATA_PATH + str).toURI())))));
    }

    private TrustEngine<? super X509Credential> buildPKIXTrustEngine(String str, String str2, boolean z) throws URISyntaxException, CertificateException {
        return new PKIXX509CredentialTrustEngine(new StaticPKIXValidationInformationResolver(Collections.singletonList(new BasicPKIXValidationInformation(Collections.singletonList(X509Support.decodeCertificate(new File(getClass().getResource(DATA_PATH + str).toURI()))), (Collection) null, 5)), str2 != null ? Collections.singleton(str2) : Collections.emptySet()), new CertPathPKIXTrustEvaluator(), z ? new BasicX509CredentialNameEvaluator() : null);
    }
}
