package org.apache.nifi.web.security.saml.impl;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.HashSet;
import org.apache.commons.lang3.SystemUtils;
import org.apache.nifi.security.util.TemporaryKeyStoreBuilder;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.saml.SAMLConfigurationFactory;
import org.apache.nifi.web.security.saml.SAMLService;
import org.apache.nifi.web.security.saml.impl.tls.TruststoreStrategy;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/nifi/web/security/saml/impl/TestStandardSAMLService.class */
public class TestStandardSAMLService {
    private NiFiProperties properties;
    private SAMLConfigurationFactory samlConfigurationFactory;
    private SAMLService samlService;

    @BeforeClass
    public static void setUpSuite() {
        Assume.assumeTrue("Test only runs on *nix", !SystemUtils.IS_OS_WINDOWS);
    }

    @Before
    public void setup() {
        this.properties = (NiFiProperties) Mockito.mock(NiFiProperties.class);
        this.samlConfigurationFactory = new StandardSAMLConfigurationFactory();
        this.samlService = new StandardSAMLService(this.samlConfigurationFactory, this.properties);
    }

    @After
    public void teardown() {
        this.samlService.shutdown();
    }

    @Test
    public void testSamlEnabledWithFileBasedIdpMetadata() throws GeneralSecurityException, IOException {
        File file = new File("src/test/resources/saml/sso-circle-meta.xml");
        TlsConfiguration build = new TemporaryKeyStoreBuilder().build();
        Mockito.when(this.properties.getProperty("nifi.security.keystore")).thenReturn(build.getKeystorePath());
        Mockito.when(this.properties.getProperty("nifi.security.keystorePasswd")).thenReturn(build.getKeystorePassword());
        Mockito.when(this.properties.getProperty("nifi.security.keyPasswd")).thenReturn(build.getKeyPassword());
        Mockito.when(this.properties.getProperty("nifi.security.keystoreType")).thenReturn(build.getKeystoreType().getType());
        Mockito.when(this.properties.getProperty("nifi.security.truststore")).thenReturn(build.getTruststorePath());
        Mockito.when(this.properties.getProperty("nifi.security.truststorePasswd")).thenReturn(build.getTruststorePassword());
        Mockito.when(this.properties.getProperty("nifi.security.truststoreType")).thenReturn(build.getTruststoreType().getType());
        Mockito.when(this.properties.getPropertyKeys()).thenReturn(new HashSet(Arrays.asList("nifi.security.keystore", "nifi.security.keystorePasswd", "nifi.security.keyPasswd", "nifi.security.keystoreType", "nifi.security.truststore", "nifi.security.truststorePasswd", "nifi.security.truststoreType")));
        Mockito.when(Boolean.valueOf(this.properties.isSamlEnabled())).thenReturn(true);
        Mockito.when(this.properties.getSamlServiceProviderEntityId()).thenReturn("org:apache:nifi");
        Mockito.when(this.properties.getSamlIdentityProviderMetadataUrl()).thenReturn("file://" + file.getAbsolutePath());
        Mockito.when(this.properties.getSamlAuthenticationExpiration()).thenReturn("12 hours");
        Mockito.when(this.properties.getSamlHttpClientTruststoreStrategy()).thenReturn(TruststoreStrategy.JDK.name());
        this.samlService.initialize();
        Assert.assertTrue(this.samlService.isSamlEnabled());
        Assert.assertFalse(this.samlService.isServiceProviderInitialized());
        this.samlService.initializeServiceProvider("https://localhost:8443/nifi-api");
        Assert.assertTrue(this.samlService.isServiceProviderInitialized());
        String serviceProviderMetadata = this.samlService.getServiceProviderMetadata();
        Assert.assertTrue(serviceProviderMetadata.contains("entityID=\"org:apache:nifi\""));
        Assert.assertTrue(serviceProviderMetadata.contains("<md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost:8443/nifi-api/access/saml/login/consumer\""));
        Assert.assertTrue(serviceProviderMetadata.contains("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost:8443/nifi-api/access/saml/single-logout/consumer\"/>"));
        Assert.assertTrue(serviceProviderMetadata.contains("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://localhost:8443/nifi-api/access/saml/single-logout/consumer\"/>"));
    }

    @Test
    public void testInitializeWhenSamlNotEnabled() {
        Mockito.when(Boolean.valueOf(this.properties.isSamlEnabled())).thenReturn(false);
        this.samlService.initialize();
        Assert.assertFalse(this.samlService.isSamlEnabled());
        Assert.assertThrows(IllegalStateException.class, () -> {
            this.samlService.initializeServiceProvider("https://localhost:8443/nifi-api");
        });
        Assert.assertThrows(IllegalStateException.class, () -> {
            this.samlService.getServiceProviderMetadata();
        });
    }
}
