package io.fusionauth.samlv2.service;

import io.fusionauth.samlv2.domain.AuthenticationResponse;
import io.fusionauth.samlv2.domain.NameIDFormat;
import io.fusionauth.samlv2.domain.ResponseStatus;
import io.fusionauth.samlv2.domain.jaxb.oasis.protocol.AuthnRequestType;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.net.URLDecoder;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.time.ZonedDateTime;
import java.util.Base64;
import java.util.List;
import java.util.zip.Inflater;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import org.testng.Assert;
import org.testng.annotations.Test;

@Test(groups = {"unit"})
/* loaded from: input_file:io/fusionauth/samlv2/service/DefaultSAMLServiceTest.class */
public class DefaultSAMLServiceTest {
    @Test
    public void buildHTTPRedirectAuthnRequest() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
        keyPairGenerator.initialize(512);
        String buildHTTPRedirectAuthnRequest = new DefaultSAMLService().buildHTTPRedirectAuthnRequest("foobarbaz", "https://local.fusionauth.io", "Relay-State-String", true, keyPairGenerator.generateKeyPair().getPrivate());
        System.out.println(buildHTTPRedirectAuthnRequest);
        byte[] decode = Base64.getDecoder().decode(URLDecoder.decode(buildHTTPRedirectAuthnRequest.substring(buildHTTPRedirectAuthnRequest.indexOf("=") + 1, buildHTTPRedirectAuthnRequest.indexOf("&")), "UTF-8"));
        byte[] bArr = new byte[4096];
        Inflater inflater = new Inflater(true);
        inflater.setInput(decode);
        JAXBElement jAXBElement = (JAXBElement) JAXBContext.newInstance(new Class[]{AuthnRequestType.class}).createUnmarshaller().unmarshal(new ByteArrayInputStream(bArr, 0, inflater.inflate(bArr)));
        Assert.assertEquals(((AuthnRequestType) jAXBElement.getValue()).getID(), "foobarbaz");
        Assert.assertEquals(((AuthnRequestType) jAXBElement.getValue()).getIssuer().getValue(), "https://local.fusionauth.io");
        Assert.assertEquals(((AuthnRequestType) jAXBElement.getValue()).getVersion(), "2.0");
        Assert.assertFalse(((AuthnRequestType) jAXBElement.getValue()).getNameIDPolicy().isAllowCreate().booleanValue());
        int indexOf = buildHTTPRedirectAuthnRequest.indexOf("RelayState=");
        Assert.assertEquals(buildHTTPRedirectAuthnRequest.substring(indexOf + "RelayState=".length(), buildHTTPRedirectAuthnRequest.indexOf("&", indexOf)), "Relay-State-String");
        int indexOf2 = buildHTTPRedirectAuthnRequest.indexOf("SigAlg=");
        Assert.assertEquals(URLDecoder.decode(buildHTTPRedirectAuthnRequest.substring(indexOf2 + "SigAlg=".length(), buildHTTPRedirectAuthnRequest.indexOf("&", indexOf2)), "UTF-8"), "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
    }

    @Test
    public void parseResponse() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream newInputStream = Files.newInputStream(Paths.get("src/test/certificates/certificate.cer", new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                PublicKey publicKey = certificateFactory.generateCertificate(newInputStream).getPublicKey();
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                AuthenticationResponse parseResponse = new DefaultSAMLService().parseResponse(new String(Files.readAllBytes(Paths.get("src/test/xml/encodedResponse.txt", new String[0]))), true, publicKey);
                Assert.assertEquals(parseResponse.destination, "https://local.fusionauth.io/saml2/reply");
                Assert.assertTrue(parseResponse.notBefore.isBefore(ZonedDateTime.now()));
                Assert.assertTrue(ZonedDateTime.now().isAfter(parseResponse.notOnOrAfter));
                Assert.assertTrue(parseResponse.instant.isBefore(ZonedDateTime.now()));
                Assert.assertEquals(parseResponse.issuer, "https://sts.windows.net/c2150111-3c44-4508-9f08-790cb4032a23/");
                Assert.assertEquals(parseResponse.status, ResponseStatus.Success);
                Assert.assertEquals((String) ((List) parseResponse.user.attributes.get("http://schemas.microsoft.com/identity/claims/displayname")).get(0), "Brian Pontarelli");
                Assert.assertEquals((String) ((List) parseResponse.user.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname")).get(0), "Brian");
                Assert.assertEquals((String) ((List) parseResponse.user.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname")).get(0), "Pontarelli");
                Assert.assertEquals((String) ((List) parseResponse.user.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")).get(0), "brian@inversoft.com");
                Assert.assertEquals(parseResponse.user.format, NameIDFormat.EmailAddress);
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }
}
