package org.opensaml.saml.metadata.resolver.impl;

import com.google.common.io.Resources;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.time.Duration;
import java.time.Instant;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import net.shibboleth.utilities.java.support.repository.RepositorySupport;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBaseTestCase;
import org.opensaml.saml.metadata.resolver.filter.FilterException;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilter;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext;
import org.opensaml.saml.metadata.resolver.filter.data.impl.MetadataSource;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.httpclient.HttpClientSecurityParameters;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/FileBackedHTTPMetadataResolverTest.class */
public class FileBackedHTTPMetadataResolverTest extends XMLObjectBaseTestCase {
    private HttpClientBuilder httpClientBuilder;
    private String metadataURLHttps;
    private String metadataURLHttp;
    private String relativeMDResource;
    private String relativeMDResourceExpired;
    private String relativeMDResourceBad;
    private String badMDURL;
    private String backupFilePath;
    private FileBackedHTTPMetadataResolver metadataProvider;
    private String entityID;
    private CriteriaSet criteriaSet;

    /* loaded from: input_file:org/opensaml/saml/metadata/resolver/impl/FileBackedHTTPMetadataResolverTest$MockContextTrackingFilter.class */
    public class MockContextTrackingFilter implements MetadataFilter {
        public MetadataFilterContext lastFilterContext;

        public MockContextTrackingFilter() {
        }

        public XMLObject filter(XMLObject xMLObject, MetadataFilterContext metadataFilterContext) throws FilterException {
            this.lastFilterContext = metadataFilterContext;
            return xMLObject;
        }
    }

    @BeforeMethod
    protected void setUp() throws Exception {
        this.httpClientBuilder = new HttpClientBuilder();
        this.relativeMDResource = "org/opensaml/saml/metadata/resolver/impl/08ced64cddc9f1578598b2cf71ae747b11d11472.xml";
        this.relativeMDResourceExpired = "org/opensaml/saml/metadata/resolver/impl/08ced64cddc9f1578598b2cf71ae747b11d11473-expired.xml";
        this.relativeMDResourceBad = "org/opensaml/saml/metadata/resolver/impl/08ced64cddc9f1578598b2cf71ae747b11d11473-bad.xml";
        this.metadataURLHttps = RepositorySupport.buildHTTPSResourceURL("java-opensaml", String.format("opensaml-saml-impl/src/test/resources/%s", this.relativeMDResource));
        this.metadataURLHttp = RepositorySupport.buildHTTPResourceURL("java-opensaml", String.format("opensaml-saml-impl/src/test/resources/%s", this.relativeMDResource), false);
        this.entityID = "https://www.example.org/sp";
        this.badMDURL = "http://www.opensaml.org/foo/bar/baz/samlmd";
        this.backupFilePath = System.getProperty("java.io.tmpdir") + System.getProperty("file.separator") + "filebacked-http-metadata.xml";
        this.criteriaSet = new CriteriaSet(new Criterion[]{new EntityIdCriterion(this.entityID)});
    }

    @AfterMethod
    protected void tearDown() throws IOException {
        Files.deleteIfExists(Paths.get(this.backupFilePath, new String[0]));
    }

    @Test
    public void testGetEntityDescriptor() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttp, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.initialize();
        Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
        Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
        Assert.assertNull(this.metadataProvider.getLastFailureCause());
        Assert.assertFalse(this.metadataProvider.isInitializedFromBackupFile());
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testFailFastBadURL() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.badMDURL, this.backupFilePath);
        this.metadataProvider.setFailFastInitialization(true);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        try {
            this.metadataProvider.initialize();
            Assert.fail("metadata provider claims to have parsed known invalid data");
        } catch (ComponentInitializationException e) {
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
        }
    }

    @Test
    public void testNoFailFastBadURL() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.badMDURL, this.backupFilePath);
        this.metadataProvider.setFailFastInitialization(false);
        this.metadataProvider.setId("test");
        this.metadataProvider.setParserPool(parserPool);
        try {
            this.metadataProvider.initialize();
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
        } catch (ComponentInitializationException e) {
            Assert.fail("Provider failed init with fail-fast=false");
        }
        Assert.assertNull(this.metadataProvider.resolveSingle(this.criteriaSet));
    }

    @Test
    public void testFailFastBadBackupFile() throws Exception {
        try {
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttp, System.getProperty("java.io.tmpdir"));
        } catch (ResolverException e) {
            Assert.fail("Provider failed bad backup file in constructor");
        }
        this.metadataProvider.setFailFastInitialization(true);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        try {
            this.metadataProvider.initialize();
            Assert.fail("Provider passed init with bad backup file, fail-fast=true");
        } catch (ComponentInitializationException e2) {
            Assert.assertNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
        }
    }

    @Test
    public void testNoFailFastBadBackupFile() throws Exception {
        try {
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttp, System.getProperty("java.io.tmpdir"));
        } catch (ResolverException e) {
            Assert.fail("Provider failed bad backup file in constructor");
        }
        this.metadataProvider.setFailFastInitialization(false);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        try {
            this.metadataProvider.initialize();
            Assert.assertFalse(this.metadataProvider.isInitializedFromBackupFile());
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
        } catch (ComponentInitializationException e2) {
            Assert.fail("Provider failed init with bad backup file, fail-fast=false");
        }
        Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from backing file was null");
    }

    @Test
    public void testInitFromBackupFile() throws Exception {
        File file = new File(this.backupFilePath);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            Resources.copy(Resources.getResource(this.relativeMDResource), fileOutputStream);
            fileOutputStream.close();
            Assert.assertTrue(file.exists(), "Backup file was not created");
            Assert.assertTrue(file.length() > 0, "Backup file contains no data");
            MockContextTrackingFilter mockContextTrackingFilter = new MockContextTrackingFilter();
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttp, this.backupFilePath);
            this.metadataProvider.setParserPool(parserPool);
            this.metadataProvider.setFailFastInitialization(true);
            this.metadataProvider.setId("test");
            this.metadataProvider.setBackupFileInitNextRefreshDelay(Duration.ofSeconds(1L));
            this.metadataProvider.setMetadataFilter(mockContextTrackingFilter);
            this.metadataProvider.initialize();
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(this.metadataProvider.isInitializedFromBackupFile());
            Assert.assertTrue(((MetadataSource) mockContextTrackingFilter.lastFilterContext.get(MetadataSource.class)).isTrusted());
            Instant lastRefresh = this.metadataProvider.getLastRefresh();
            Instant lastUpdate = this.metadataProvider.getLastUpdate();
            Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata inited from backing file was null");
            Thread.sleep(this.metadataProvider.getBackupFileInitNextRefreshDelay().toMillis() + 5000);
            Assert.assertTrue(lastRefresh.isBefore(this.metadataProvider.getLastRefresh()));
            Assert.assertTrue(lastUpdate.isBefore(this.metadataProvider.getLastUpdate()));
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
            Assert.assertFalse(((MetadataSource) mockContextTrackingFilter.lastFilterContext.get(MetadataSource.class)).isTrusted());
            Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from HTTP refreshed metadata was null");
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testInitFromExpiredBackupFile() throws Exception {
        File file = new File(this.backupFilePath);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            Resources.copy(Resources.getResource(this.relativeMDResourceExpired), fileOutputStream);
            fileOutputStream.close();
            Assert.assertTrue(file.exists(), "Backup file was not created");
            Assert.assertTrue(file.length() > 0, "Backup file contains no data");
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttp, this.backupFilePath);
            this.metadataProvider.setParserPool(parserPool);
            this.metadataProvider.setFailFastInitialization(true);
            this.metadataProvider.setId("test");
            this.metadataProvider.setBackupFileInitNextRefreshDelay(Duration.ofSeconds(1L));
            this.metadataProvider.initialize();
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
            Assert.assertTrue(this.metadataProvider.isInitializedFromBackupFile());
            Instant now = Instant.now();
            Instant lastRefresh = this.metadataProvider.getLastRefresh();
            Assert.assertNull(this.metadataProvider.getLastUpdate());
            Assert.assertNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata inited from backing file was non-null");
            Thread.sleep(this.metadataProvider.getBackupFileInitNextRefreshDelay().toMillis() + 5000);
            Assert.assertTrue(lastRefresh.isBefore(this.metadataProvider.getLastRefresh()));
            Instant lastUpdate = this.metadataProvider.getLastUpdate();
            Assert.assertNotNull(lastUpdate);
            Assert.assertTrue(lastUpdate.isAfter(now));
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
            Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from HTTP refreshed metadata was null");
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testInitFromBadBackupFileNonFailFast() throws Exception {
        File file = new File(this.backupFilePath);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            Resources.copy(Resources.getResource(this.relativeMDResourceBad), fileOutputStream);
            fileOutputStream.close();
            Assert.assertTrue(file.exists(), "Backup file was not created");
            Assert.assertTrue(file.length() > 0, "Backup file contains no data");
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttp, this.backupFilePath);
            this.metadataProvider.setParserPool(parserPool);
            this.metadataProvider.setFailFastInitialization(false);
            this.metadataProvider.setId("test");
            this.metadataProvider.setBackupFileInitNextRefreshDelay(Duration.ofSeconds(1L));
            this.metadataProvider.initialize();
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
            Assert.assertTrue(this.metadataProvider.isInitializedFromBackupFile());
            Instant now = Instant.now();
            Instant lastRefresh = this.metadataProvider.getLastRefresh();
            Assert.assertNull(this.metadataProvider.getLastUpdate());
            Assert.assertNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata inited from backing file was non-null");
            Thread.sleep(this.metadataProvider.getBackupFileInitNextRefreshDelay().toMillis() + 5000);
            Assert.assertTrue(lastRefresh.isBefore(this.metadataProvider.getLastRefresh()));
            Instant lastUpdate = this.metadataProvider.getLastUpdate();
            Assert.assertNotNull(lastUpdate);
            Assert.assertTrue(lastUpdate.isAfter(now));
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
            Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from HTTP refreshed metadata was null");
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testNoBackupFileLoadWhenMetadataCached() throws Exception {
        File file = new File(this.backupFilePath);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            Resources.copy(Resources.getResource(this.relativeMDResource), fileOutputStream);
            fileOutputStream.close();
            Assert.assertTrue(file.exists(), "Backup file was not created");
            Assert.assertTrue(file.length() > 0, "Backup file contains no data");
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.badMDURL, this.backupFilePath);
            this.metadataProvider.setParserPool(parserPool);
            this.metadataProvider.setFailFastInitialization(true);
            this.metadataProvider.setId("test");
            this.metadataProvider.initialize();
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(this.metadataProvider.isInitializedFromBackupFile());
            Instant lastRefresh = this.metadataProvider.getLastRefresh();
            Instant lastUpdate = this.metadataProvider.getLastUpdate();
            Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from backing file was null");
            Thread.sleep(1000L);
            this.metadataProvider.refresh();
            Assert.assertTrue(lastRefresh.isBefore(this.metadataProvider.getLastRefresh()));
            Assert.assertEquals(lastUpdate, this.metadataProvider.getLastUpdate());
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
            Assert.assertNotNull(this.metadataProvider.resolveSingle(this.criteriaSet), "Metadata retrieved from cached metadata was null");
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Test
    public void testTrustEngineSocketFactoryNoHTTPSNoTrustEngine() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory(true));
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttp, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        this.metadataProvider.initialize();
        Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
        Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
        Assert.assertNull(this.metadataProvider.getLastFailureCause());
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testTrustEngineSocketFactoryNoHTTPSWithTrustEngine() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("repo-entity.crt"));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.metadataProvider.initialize();
        Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
        Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
        Assert.assertNull(this.metadataProvider.getLastFailureCause());
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSNoTrustEngine() throws Exception {
        try {
            System.setProperty("javax.net.ssl.trustStore", getClass().getResource("repo.truststore.jks").getFile());
            System.setProperty("javax.net.ssl.trustStorePassword", "shibboleth");
            this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory(false));
            this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
            this.metadataProvider.setParserPool(parserPool);
            this.metadataProvider.setId("test");
            this.metadataProvider.initialize();
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNull(this.metadataProvider.getLastFailureCause());
            EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
            Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
            Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
            System.setProperty("javax.net.ssl.trustStore", "");
            System.setProperty("javax.net.ssl.trustStorePassword", "");
        } catch (Throwable th) {
            System.setProperty("javax.net.ssl.trustStore", "");
            System.setProperty("javax.net.ssl.trustStorePassword", "");
            throw th;
        }
    }

    @Test
    public void testHTTPSTrustEngineExplicitKey() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("repo-entity.crt"));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.metadataProvider.initialize();
        Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
        Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
        Assert.assertNull(this.metadataProvider.getLastFailureCause());
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSTrustEngineInvalidKey() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("badKey.crt"));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        try {
            this.metadataProvider.initialize();
            Assert.fail("Invalid metadata TLS should have failed init");
        } catch (ComponentInitializationException e) {
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
        }
    }

    @Test
    public void testHTTPSTrustEngineValidPKIX() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("repo-rootCA.crt", null, false));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.metadataProvider.initialize();
        Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
        Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
        Assert.assertNull(this.metadataProvider.getLastFailureCause());
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSTrustEngineValidPKIXExplicitName() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("repo-rootCA.crt", "test.shibboleth.net", true));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        this.metadataProvider.initialize();
        Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
        Assert.assertTrue(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
        Assert.assertNull(this.metadataProvider.getLastFailureCause());
        EntityDescriptor resolveSingle = this.metadataProvider.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle, "Retrieved entity descriptor was null");
        Assert.assertEquals(resolveSingle.getEntityID(), this.entityID, "Entity's ID does not match requested ID");
    }

    @Test
    public void testHTTPSTrustEngineInvalidPKIX() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("badCA.crt", null, false));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        try {
            this.metadataProvider.initialize();
            Assert.fail("Invalid metadata TLS should have failed init");
        } catch (ComponentInitializationException e) {
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
        }
    }

    @Test
    public void testHTTPSTrustEngineValidPKIXInvalidName() throws Exception {
        this.httpClientBuilder.setTLSSocketFactory(HTTPMetadataResolverTest.buildSocketFactory());
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildPKIXTrustEngine("repo-rootCA.crt", "foobar.shibboleth.net", true));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        try {
            this.metadataProvider.initialize();
            Assert.fail("Invalid metadata TLS should have failed init");
        } catch (ComponentInitializationException e) {
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
        }
    }

    @Test
    public void testHTTPSTrustEngineWrongSocketFactory() throws Exception {
        this.metadataProvider = new FileBackedHTTPMetadataResolver(this.httpClientBuilder.buildClient(), this.metadataURLHttps, this.backupFilePath);
        this.metadataProvider.setParserPool(parserPool);
        this.metadataProvider.setId("test");
        HttpClientSecurityParameters httpClientSecurityParameters = new HttpClientSecurityParameters();
        httpClientSecurityParameters.setTLSTrustEngine(HTTPMetadataResolverTest.buildExplicitKeyTrustEngine("repo-entity.crt"));
        this.metadataProvider.setHttpClientSecurityParameters(httpClientSecurityParameters);
        try {
            this.metadataProvider.initialize();
            Assert.fail("Invalid metadata TLS should have failed init");
        } catch (ComponentInitializationException e) {
            Assert.assertNotNull(this.metadataProvider.wasLastRefreshSuccess());
            Assert.assertFalse(this.metadataProvider.wasLastRefreshSuccess().booleanValue());
            Assert.assertNotNull(this.metadataProvider.getLastFailureCause());
            Assert.assertTrue(ResolverException.class.isInstance(this.metadataProvider.getLastFailureCause()));
        }
    }
}
