package org.apereo.cas.support.wsfederation;

import java.nio.charset.StandardCharsets;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apereo.cas.authentication.principal.AbstractWebApplicationService;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.opensaml.saml.saml1.core.Assertion;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.signature.Signature;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;

@Tag("WSFederation")
/* loaded from: input_file:org/apereo/cas/support/wsfederation/WsFederationHelperTests.class */
public class WsFederationHelperTests extends AbstractWsFederationTests {
    @Test
    public void verifyEncryptedToken() throws Exception {
        AbstractWebApplicationService service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
        Assertions.assertNotNull(this.wsFederationHelper.buildAndVerifyAssertion(this.wsFederationHelper.getRequestSecurityTokenFromResult(IOUtils.toString(new ClassPathResource("encryptedToken.txt").getInputStream(), StandardCharsets.UTF_8)), this.wsFederationConfigurations, service).getKey());
    }

    @Test
    public void verifyParseTokenString() throws Exception {
        Assertions.assertNotNull(this.wsFederationHelper.buildAndVerifyAssertion(this.wsFederationHelper.getRequestSecurityTokenFromResult(IOUtils.toString(new ClassPathResource("goodTokenResponse.txt").getInputStream(), StandardCharsets.UTF_8)), this.wsFederationConfigurations, RegisteredServiceTestUtils.getService()), "testParseTokenString() - Not null");
    }

    @Test
    public void verifyCreateCredentialFromToken() throws Exception {
        Pair buildAndVerifyAssertion = this.wsFederationHelper.buildAndVerifyAssertion(this.wsFederationHelper.getRequestSecurityTokenFromResult(IOUtils.toString(new ClassPathResource("goodTokenResponse.txt").getInputStream(), StandardCharsets.UTF_8)), this.wsFederationConfigurations, RegisteredServiceTestUtils.getService());
        WsFederationCredential wsFederationCredential = new WsFederationCredential();
        wsFederationCredential.setIssuedOn(ZonedDateTime.parse("2014-02-26T22:51:16.504Z"));
        wsFederationCredential.setNotBefore(ZonedDateTime.parse("2014-02-26T22:51:16.474Z"));
        wsFederationCredential.setNotOnOrAfter(ZonedDateTime.parse("2014-02-26T23:51:16.474Z"));
        wsFederationCredential.setIssuer("http://adfs.example.com/adfs/services/trust");
        wsFederationCredential.setAudience("urn:federation:cas");
        wsFederationCredential.setId("_6257b2bf-7361-4081-ae1f-ec58d4310f61");
        WsFederationCredential createCredentialFromToken = this.wsFederationHelper.createCredentialFromToken((Assertion) buildAndVerifyAssertion.getKey());
        Assertions.assertNotNull(createCredentialFromToken);
        Assertions.assertEquals(wsFederationCredential.getIssuedOn(), createCredentialFromToken.getIssuedOn());
        Assertions.assertEquals(wsFederationCredential.getNotBefore(), createCredentialFromToken.getNotBefore());
        Assertions.assertEquals(wsFederationCredential.getNotOnOrAfter(), createCredentialFromToken.getNotOnOrAfter());
        Assertions.assertEquals(wsFederationCredential.getIssuer(), createCredentialFromToken.getIssuer());
        Assertions.assertEquals(wsFederationCredential.getAudience(), createCredentialFromToken.getAudience());
        Assertions.assertEquals(wsFederationCredential.getId(), createCredentialFromToken.getId());
    }

    @Test
    public void verifyGetSigningCredential() {
        Assertions.assertNotNull((Credential) this.wsFederationConfigurations.iterator().next().getSigningWallet().iterator().next());
    }

    @Test
    public void verifyValidateSignatureGoodToken() throws Exception {
        Assertions.assertTrue(this.wsFederationHelper.validateSignature(this.wsFederationHelper.buildAndVerifyAssertion(this.wsFederationHelper.getRequestSecurityTokenFromResult(IOUtils.toString(new ClassPathResource("goodTokenResponse.txt").getInputStream(), StandardCharsets.UTF_8)), this.wsFederationConfigurations, RegisteredServiceTestUtils.getService())));
    }

    @Test
    public void verifyValidateSignatureBadInput() {
        Assertions.assertFalse(this.wsFederationHelper.validateSignature((Pair) null));
        Assertions.assertFalse(this.wsFederationHelper.validateSignature(Pair.of((Object) null, (Object) null)));
        WsFederationConfiguration next = this.wsFederationConfigurations.iterator().next();
        Assertion assertion = (Assertion) Mockito.mock(Assertion.class);
        Assertions.assertFalse(this.wsFederationHelper.validateSignature(Pair.of(assertion, next)));
        Mockito.when(assertion.getSignature()).thenReturn((Signature) Mockito.mock(Signature.class));
        Assertions.assertFalse(this.wsFederationHelper.validateSignature(Pair.of(assertion, next)));
    }

    @Test
    public void verifyValidateSignatureModifiedAttribute() throws Exception {
        Assertions.assertFalse(this.wsFederationHelper.validateSignature(this.wsFederationHelper.buildAndVerifyAssertion(this.wsFederationHelper.getRequestSecurityTokenFromResult(IOUtils.toString(new ClassPathResource("badTokenResponse.txt").getInputStream(), StandardCharsets.UTF_8)), this.wsFederationConfigurations, RegisteredServiceTestUtils.getService())));
    }

    @Test
    public void verifyValidateSignatureBadKey() throws Exception {
        WsFederationConfiguration wsFederationConfiguration = new WsFederationConfiguration();
        wsFederationConfiguration.setSigningCertificateResources(new Resource[]{new ClassPathResource("bad-signing.crt")});
        ArrayList arrayList = new ArrayList(wsFederationConfiguration.getSigningWallet());
        Pair buildAndVerifyAssertion = this.wsFederationHelper.buildAndVerifyAssertion(this.wsFederationHelper.getRequestSecurityTokenFromResult(IOUtils.toString(new ClassPathResource("goodTokenResponse.txt").getInputStream(), StandardCharsets.UTF_8)), this.wsFederationConfigurations, RegisteredServiceTestUtils.getService());
        List signingWallet = ((WsFederationConfiguration) buildAndVerifyAssertion.getValue()).getSigningWallet();
        signingWallet.clear();
        signingWallet.addAll(arrayList);
        Assertions.assertFalse(this.wsFederationHelper.validateSignature(buildAndVerifyAssertion));
    }

    @Test
    public void verifyValidateSignatureModifiedSignature() throws Exception {
        Assertions.assertFalse(this.wsFederationHelper.validateSignature(this.wsFederationHelper.buildAndVerifyAssertion(this.wsFederationHelper.getRequestSecurityTokenFromResult(IOUtils.toString(new ClassPathResource("badTokenSignature.txt").getInputStream(), StandardCharsets.UTF_8)), this.wsFederationConfigurations, RegisteredServiceTestUtils.getService())));
    }
}
