package io.fusionauth.samlv2.service;

import io.fusionauth.samlv2.domain.Algorithm;
import io.fusionauth.samlv2.domain.AuthenticationRequest;
import io.fusionauth.samlv2.domain.AuthenticationResponse;
import io.fusionauth.samlv2.domain.MetaData;
import io.fusionauth.samlv2.domain.NameIDFormat;
import io.fusionauth.samlv2.domain.ResponseStatus;
import io.fusionauth.samlv2.domain.SAMLException;
import io.fusionauth.samlv2.domain.jaxb.oasis.protocol.AuthnRequestType;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.UUID;
import java.util.zip.Inflater;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

@Test(groups = {"unit"})
/* loaded from: input_file:io/fusionauth/samlv2/service/DefaultSAMLv2ServiceTest.class */
public class DefaultSAMLv2ServiceTest {
    @BeforeClass
    public void beforeClass() {
        System.setProperty("com.sun.org.apache.xml.internal.security.ignoreLineBreaks", "true");
    }

    @Test
    public void buildHTTPRedirectAuthnRequest() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        authenticationRequest.id = "foobarbaz";
        authenticationRequest.issuer = "https://local.fusionauth.io";
        String buildHTTPRedirectAuthnRequest = new DefaultSAMLv2Service().buildHTTPRedirectAuthnRequest(authenticationRequest, "Relay-State-String", true, generateKeyPair.getPrivate(), Algorithm.RS256);
        System.out.println(buildHTTPRedirectAuthnRequest);
        byte[] decode = Base64.getMimeDecoder().decode(URLDecoder.decode(buildHTTPRedirectAuthnRequest.substring(buildHTTPRedirectAuthnRequest.indexOf("=") + 1, buildHTTPRedirectAuthnRequest.indexOf("&")), "UTF-8"));
        byte[] bArr = new byte[4096];
        Inflater inflater = new Inflater(true);
        inflater.setInput(decode);
        JAXBElement jAXBElement = (JAXBElement) JAXBContext.newInstance(new Class[]{AuthnRequestType.class}).createUnmarshaller().unmarshal(new ByteArrayInputStream(bArr, 0, inflater.inflate(bArr)));
        Assert.assertEquals(((AuthnRequestType) jAXBElement.getValue()).getID(), "foobarbaz");
        Assert.assertEquals(((AuthnRequestType) jAXBElement.getValue()).getIssuer().getValue(), "https://local.fusionauth.io");
        Assert.assertEquals(((AuthnRequestType) jAXBElement.getValue()).getVersion(), "2.0");
        Assert.assertFalse(((AuthnRequestType) jAXBElement.getValue()).getNameIDPolicy().isAllowCreate().booleanValue());
        int indexOf = buildHTTPRedirectAuthnRequest.indexOf("RelayState=");
        Assert.assertEquals(buildHTTPRedirectAuthnRequest.substring(indexOf + "RelayState=".length(), buildHTTPRedirectAuthnRequest.indexOf("&", indexOf)), "Relay-State-String");
        int indexOf2 = buildHTTPRedirectAuthnRequest.indexOf("SigAlg=");
        Assert.assertEquals(URLDecoder.decode(buildHTTPRedirectAuthnRequest.substring(indexOf2 + "SigAlg=".length(), buildHTTPRedirectAuthnRequest.indexOf("&", indexOf2)), "UTF-8"), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
    }

    @Test
    public void buildIdPMetaData() throws Exception {
        MetaData metaData = new MetaData();
        metaData.id = UUID.randomUUID().toString();
        metaData.entityId = "https://fusionauth.io/samlv2/" + metaData.id;
        metaData.idp = new MetaData.IDPMetaData();
        metaData.idp.signInEndpoint = "https://fusionauth.io/samlv2/login";
        metaData.idp.logoutEndpoint = "https://fusionauth.io/samlv2/logout";
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        metaData.idp.certificates.add(CertificateTools.fromKeyPair(keyPairGenerator.generateKeyPair(), Algorithm.RS256, "FusionAuth"));
        DefaultSAMLv2Service defaultSAMLv2Service = new DefaultSAMLv2Service();
        String buildMetadataResponse = defaultSAMLv2Service.buildMetadataResponse(metaData);
        System.out.println(buildMetadataResponse);
        Assert.assertTrue(buildMetadataResponse.contains("_" + metaData.id));
        Assert.assertTrue(buildMetadataResponse.contains(metaData.entityId));
        Assert.assertTrue(buildMetadataResponse.contains(metaData.idp.signInEndpoint));
        Assert.assertTrue(buildMetadataResponse.contains(metaData.idp.logoutEndpoint));
        Assert.assertTrue(buildMetadataResponse.contains("<ns2:IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">"));
        MetaData parseMetaData = defaultSAMLv2Service.parseMetaData(buildMetadataResponse);
        Assert.assertEquals(parseMetaData.id, "_" + metaData.id);
        Assert.assertEquals(parseMetaData.entityId, metaData.entityId);
        Assert.assertEquals(parseMetaData.idp.signInEndpoint, metaData.idp.signInEndpoint);
        Assert.assertEquals(parseMetaData.idp.logoutEndpoint, metaData.idp.logoutEndpoint);
        Assert.assertEquals(parseMetaData.idp.certificates.get(0), metaData.idp.certificates.get(0));
    }

    @Test
    public void buildSPMetaData() throws Exception {
        MetaData metaData = new MetaData();
        metaData.id = UUID.randomUUID().toString();
        metaData.entityId = "https://fusionauth.io/samlv2/sp/" + metaData.id;
        metaData.sp = new MetaData.SPMetaData();
        metaData.sp.acsEndpoint = "https://fusionauth.io/oauth2/callback";
        metaData.sp.nameIDFormat = NameIDFormat.EmailAddress;
        DefaultSAMLv2Service defaultSAMLv2Service = new DefaultSAMLv2Service();
        String buildMetadataResponse = defaultSAMLv2Service.buildMetadataResponse(metaData);
        System.out.println(buildMetadataResponse);
        Assert.assertTrue(buildMetadataResponse.contains("_" + metaData.id));
        Assert.assertTrue(buildMetadataResponse.contains(metaData.entityId));
        Assert.assertTrue(buildMetadataResponse.contains(metaData.sp.acsEndpoint));
        Assert.assertTrue(buildMetadataResponse.contains(metaData.sp.nameIDFormat.toSAMLFormat()));
        Assert.assertTrue(buildMetadataResponse.contains("<ns2:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">"));
        MetaData parseMetaData = defaultSAMLv2Service.parseMetaData(buildMetadataResponse);
        Assert.assertEquals(parseMetaData.id, "_" + metaData.id);
        Assert.assertEquals(parseMetaData.entityId, metaData.entityId);
        Assert.assertEquals(parseMetaData.sp.acsEndpoint, metaData.sp.acsEndpoint);
        Assert.assertEquals(parseMetaData.sp.nameIDFormat, metaData.sp.nameIDFormat);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "maxLineLength")
    public Object[][] maxLineLength() {
        return new Object[]{new Object[]{42}, new Object[]{64}, new Object[]{76}, new Object[]{96}, new Object[]{128}};
    }

    @Test
    public void parseMetaData() throws Exception {
        byte[] readAllBytes = Files.readAllBytes(Paths.get("src/test/xml/metadata.xml", new String[0]));
        DefaultSAMLv2Service defaultSAMLv2Service = new DefaultSAMLv2Service();
        Assert.assertEquals(defaultSAMLv2Service.parseMetaData(new String(readAllBytes, StandardCharsets.UTF_8)).idp.certificates.size(), 3);
        Assert.assertEquals(defaultSAMLv2Service.parseMetaData(new String(Files.readAllBytes(Paths.get("src/test/xml/metadata-2.xml", new String[0])), StandardCharsets.UTF_8)).idp.certificates.size(), 1);
    }

    @Test(dataProvider = "maxLineLength")
    public void parseRequest_includeLineReturns(int i) throws Exception {
        String str = new String(Files.readAllBytes(Paths.get("src/test/xml/authn-request-control.xml", new String[0])));
        String str2 = new String(Files.readAllBytes(Paths.get("src/test/xml/encoded/authn-request-control.txt", new String[0])));
        ArrayList arrayList = new ArrayList();
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= str2.length()) {
                AuthenticationRequest parseRequest = new DefaultSAMLv2Service().parseRequest(String.join("\n", arrayList), (String) null, (String) null, false, (PublicKey) null, (Algorithm) null);
                Assert.assertEquals(parseRequest.id, "_809707f0030a5d00620c9d9df97f627afe9dcc24");
                Assert.assertEquals(parseRequest.issuer, "http://sp.example.com/demo1/metadata.php");
                Assert.assertEquals(parseRequest.nameIdFormat, NameIDFormat.EmailAddress);
                Assert.assertEquals(parseRequest.version, "2.0");
                Assert.assertEquals(parseRequest.xml.replace("\r\n", "\n"), str.replace("\r\n", "\n"));
                return;
            }
            arrayList.add(str2.substring(i3, Math.min(i3 + i, str2.length())));
            i2 = i3 + i;
        }
    }

    @Test
    public void parseRequest_noNameIdPolicy() throws Exception {
        String str = new String(Files.readAllBytes(Paths.get("src/test/xml/authn-request-noNameIdPolicy.xml", new String[0])));
        AuthenticationRequest parseRequest = new DefaultSAMLv2Service().parseRequest(new String(Files.readAllBytes(Paths.get("src/test/xml/encoded/authn-request-noNameIdPolicy.txt", new String[0]))), (String) null, (String) null, false, (PublicKey) null, (Algorithm) null);
        Assert.assertEquals(parseRequest.id, "id_4c6e5aa3");
        Assert.assertEquals(parseRequest.issuer, "https://medallia.com/sso/mlg");
        Assert.assertEquals(parseRequest.nameIdFormat, NameIDFormat.EmailAddress);
        Assert.assertEquals(parseRequest.version, "2.0");
        Assert.assertEquals(parseRequest.xml.replace("\r\n", "\n"), str.replace("\r\n", "\n"));
    }

    @Test
    public void parseRequest_withNameIdPolicy() throws Exception {
        String str = new String(Files.readAllBytes(Paths.get("src/test/xml/authn-request-control.xml", new String[0])));
        AuthenticationRequest parseRequest = new DefaultSAMLv2Service().parseRequest(new String(Files.readAllBytes(Paths.get("src/test/xml/encoded/authn-request-control.txt", new String[0]))), (String) null, (String) null, false, (PublicKey) null, (Algorithm) null);
        Assert.assertEquals(parseRequest.id, "_809707f0030a5d00620c9d9df97f627afe9dcc24");
        Assert.assertEquals(parseRequest.issuer, "http://sp.example.com/demo1/metadata.php");
        Assert.assertEquals(parseRequest.nameIdFormat, NameIDFormat.EmailAddress);
        Assert.assertEquals(parseRequest.version, "2.0");
        Assert.assertEquals(parseRequest.xml.replace("\r\n", "\n"), str.replace("\r\n", "\n"));
    }

    @Test
    public void parseResponse() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream newInputStream = Files.newInputStream(Paths.get("src/test/certificates/certificate.cer", new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                PublicKey publicKey = certificateFactory.generateCertificate(newInputStream).getPublicKey();
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                AuthenticationResponse parseResponse = new DefaultSAMLv2Service().parseResponse(new String(Files.readAllBytes(Paths.get("src/test/xml/encodedResponse.txt", new String[0]))), true, publicKey);
                Assert.assertEquals(parseResponse.destination, "https://local.fusionauth.io/oauth2/callback");
                Assert.assertTrue(parseResponse.assertion.conditions.notBefore.isBefore(ZonedDateTime.now()));
                Assert.assertTrue(ZonedDateTime.now().isAfter(parseResponse.assertion.conditions.notOnOrAfter));
                Assert.assertTrue(parseResponse.issueInstant.isBefore(ZonedDateTime.now()));
                Assert.assertEquals(parseResponse.issuer, "https://sts.windows.net/c2150111-3c44-4508-9f08-790cb4032a23/");
                Assert.assertEquals(parseResponse.status.code, ResponseStatus.Success);
                Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.microsoft.com/identity/claims/displayname")).get(0), "Brian Pontarelli");
                Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname")).get(0), "Brian");
                Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname")).get(0), "Pontarelli");
                Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")).get(0), "brian@inversoft.com");
                Assert.assertEquals(parseResponse.assertion.subject.nameID.format, NameIDFormat.EmailAddress);
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void parseResponse_handleNilAttribute() throws Exception {
        AuthenticationResponse parseResponse = new DefaultSAMLv2Service().parseResponse(new String(Files.readAllBytes(Paths.get("src/test/xml/encoded/example-response.txt", new String[0]))), false, (PublicKey) null);
        Assert.assertEquals(parseResponse.destination, "http://sp.example.com/demo1/index.php?acs");
        Assert.assertTrue(parseResponse.assertion.conditions.notBefore.isBefore(ZonedDateTime.now()));
        Assert.assertEquals(parseResponse.issuer, "http://idp.example.com/metadata.php");
        Assert.assertEquals(parseResponse.status.code, ResponseStatus.Success);
        Assert.assertEquals(((List) parseResponse.assertion.attributes.get("uid")).size(), 1);
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("uid")).get(0), "test");
        Assert.assertEquals(((List) parseResponse.assertion.attributes.get("mail")).size(), 1);
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("mail")).get(0), "test@example.com");
        Assert.assertEquals(((List) parseResponse.assertion.attributes.get("eduPersonAffiliation")).size(), 2);
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("eduPersonAffiliation")).get(0), "users");
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("eduPersonAffiliation")).get(1), "examplerole1");
        Assert.assertEquals(((List) parseResponse.assertion.attributes.get("memberOf")).size(), 1);
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("memberOf")).get(0), "");
        Assert.assertEquals(((List) parseResponse.assertion.attributes.get("PersonImmutableID")).size(), 1);
        Assert.assertNull(((List) parseResponse.assertion.attributes.get("PersonImmutableID")).get(0));
        Assert.assertEquals(parseResponse.assertion.subject.nameID.format, NameIDFormat.Transient);
    }

    @Test(dataProvider = "maxLineLength")
    public void parseResponse_includeLineReturns(int i) throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream newInputStream = Files.newInputStream(Paths.get("src/test/certificates/certificate.cer", new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                PublicKey publicKey = certificateFactory.generateCertificate(newInputStream).getPublicKey();
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                String str = new String(Files.readAllBytes(Paths.get("src/test/xml/encodedResponse.txt", new String[0])));
                ArrayList arrayList = new ArrayList();
                int i2 = 0;
                while (true) {
                    int i3 = i2;
                    if (i3 >= str.length()) {
                        AuthenticationResponse parseResponse = new DefaultSAMLv2Service().parseResponse(String.join("\n", arrayList), true, publicKey);
                        Assert.assertEquals(parseResponse.destination, "https://local.fusionauth.io/oauth2/callback");
                        Assert.assertTrue(parseResponse.assertion.conditions.notBefore.isBefore(ZonedDateTime.now()));
                        Assert.assertTrue(ZonedDateTime.now().isAfter(parseResponse.assertion.conditions.notOnOrAfter));
                        Assert.assertTrue(parseResponse.issueInstant.isBefore(ZonedDateTime.now()));
                        Assert.assertEquals(parseResponse.issuer, "https://sts.windows.net/c2150111-3c44-4508-9f08-790cb4032a23/");
                        Assert.assertEquals(parseResponse.status.code, ResponseStatus.Success);
                        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.microsoft.com/identity/claims/displayname")).get(0), "Brian Pontarelli");
                        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname")).get(0), "Brian");
                        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname")).get(0), "Pontarelli");
                        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")).get(0), "brian@inversoft.com");
                        Assert.assertEquals(parseResponse.assertion.subject.nameID.format, NameIDFormat.EmailAddress);
                        return;
                    }
                    arrayList.add(str.substring(i3, Math.min(i3 + i, str.length())));
                    i2 = i3 + i;
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void parseResponse_signatureCheck() throws Exception {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream newInputStream = Files.newInputStream(Paths.get("src/test/certificates/certificate.cer", new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                PublicKey publicKey = certificateFactory.generateCertificate(newInputStream).getPublicKey();
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                try {
                    new DefaultSAMLv2Service().parseResponse(new String(Files.readAllBytes(Paths.get("src/test/xml/encodedResponse-signatureRemoved.txt", new String[0]))), true, publicKey);
                    Assert.fail("Should have thrown an exception");
                } catch (SAMLException e) {
                    Assert.assertEquals(e.getMessage(), "Invalid SAML v2.0 authentication response. The signature is missing from the XML but is required.");
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void roundTripRequest() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        authenticationRequest.id = "foobarbaz";
        authenticationRequest.issuer = "https://local.fusionauth.io";
        DefaultSAMLv2Service defaultSAMLv2Service = new DefaultSAMLv2Service();
        String buildHTTPRedirectAuthnRequest = defaultSAMLv2Service.buildHTTPRedirectAuthnRequest(authenticationRequest, "Relay-State-String", true, generateKeyPair.getPrivate(), Algorithm.RS256);
        System.out.println(buildHTTPRedirectAuthnRequest);
        String decode = URLDecoder.decode(buildHTTPRedirectAuthnRequest.substring(buildHTTPRedirectAuthnRequest.indexOf("=") + 1, buildHTTPRedirectAuthnRequest.indexOf("&")), "UTF-8");
        int indexOf = buildHTTPRedirectAuthnRequest.indexOf("RelayState=");
        String substring = buildHTTPRedirectAuthnRequest.substring(indexOf + "RelayState=".length(), buildHTTPRedirectAuthnRequest.indexOf("&", indexOf));
        Assert.assertEquals(substring, "Relay-State-String");
        int indexOf2 = buildHTTPRedirectAuthnRequest.indexOf("SigAlg=");
        String decode2 = URLDecoder.decode(buildHTTPRedirectAuthnRequest.substring(indexOf2 + "SigAlg=".length(), buildHTTPRedirectAuthnRequest.indexOf("&", indexOf2)), "UTF-8");
        int indexOf3 = buildHTTPRedirectAuthnRequest.indexOf("Signature=");
        AuthenticationRequest parseRequest = defaultSAMLv2Service.parseRequest(decode, substring, URLDecoder.decode(buildHTTPRedirectAuthnRequest.substring(indexOf3 + "Signature=".length(), buildHTTPRedirectAuthnRequest.length()), "UTF-8"), true, generateKeyPair.getPublic(), Algorithm.fromURI(decode2));
        Assert.assertEquals(parseRequest.id, "foobarbaz");
        Assert.assertEquals(parseRequest.issuer, "https://local.fusionauth.io");
        Assert.assertEquals(parseRequest.nameIdFormat, NameIDFormat.EmailAddress);
        Assert.assertEquals(parseRequest.version, "2.0");
    }

    @Test
    public void roundTripResponse() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        String str = new String(Files.readAllBytes(Paths.get("src/test/xml/encodedResponse.txt", new String[0])));
        DefaultSAMLv2Service defaultSAMLv2Service = new DefaultSAMLv2Service();
        String buildAuthnResponse = defaultSAMLv2Service.buildAuthnResponse(defaultSAMLv2Service.parseResponse(str, false, (PublicKey) null), true, generateKeyPair.getPrivate(), CertificateTools.fromKeyPair(generateKeyPair, Algorithm.RS256, "FooBar"), Algorithm.RS256, "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        System.out.println(new String(Base64.getMimeDecoder().decode(buildAuthnResponse)));
        AuthenticationResponse parseResponse = defaultSAMLv2Service.parseResponse(buildAuthnResponse, true, generateKeyPair.getPublic());
        Assert.assertEquals(parseResponse.destination, "https://local.fusionauth.io/oauth2/callback");
        Assert.assertTrue(parseResponse.assertion.conditions.notBefore.isBefore(ZonedDateTime.now()));
        Assert.assertTrue(ZonedDateTime.now().isAfter(parseResponse.assertion.conditions.notOnOrAfter));
        Assert.assertTrue(parseResponse.issueInstant.isBefore(ZonedDateTime.now()));
        Assert.assertEquals(parseResponse.issuer, "https://sts.windows.net/c2150111-3c44-4508-9f08-790cb4032a23/");
        Assert.assertEquals(parseResponse.status.code, ResponseStatus.Success);
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.microsoft.com/identity/claims/displayname")).get(0), "Brian Pontarelli");
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname")).get(0), "Brian");
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname")).get(0), "Pontarelli");
        Assert.assertEquals((String) ((List) parseResponse.assertion.attributes.get("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")).get(0), "brian@inversoft.com");
        Assert.assertEquals(parseResponse.assertion.subject.nameID.format, NameIDFormat.EmailAddress);
    }
}
