package org.opensaml.saml2.binding.security;

import org.opensaml.common.binding.security.BaseSAMLSecurityPolicyRuleTestCase;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.provider.DOMMetadataProvider;
import org.opensaml.ws.transport.InTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.springframework.mock.web.MockHttpServletRequest;

/* loaded from: input_file:org/opensaml/saml2/binding/security/SAML2AuthnRequestsSignedSecurityPolicyRuleTest.class */
public class SAML2AuthnRequestsSignedSecurityPolicyRuleTest extends BaseSAMLSecurityPolicyRuleTestCase<AuthnRequest, Response, NameID> {
    private final String issuerSigningRequired = "urn:test:issuer:required";
    private final String issuerSigningNotRequired = "urn:test:issuer:notrequired";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.common.binding.security.BaseSAMLSecurityPolicyRuleTestCase, org.opensaml.common.BaseTestCase
    public void setUp() throws Exception {
        super.setUp();
        DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(parser.parse(SAML2AuthnRequestsSignedSecurityPolicyRuleTest.class.getResourceAsStream("/data/org/opensaml/saml2/binding/Metadata-AuthnRequestsSigned.xml")).getDocumentElement());
        dOMMetadataProvider.initialize();
        this.messageContext.setMetadataProvider(dOMMetadataProvider);
        this.rule = new SAML2AuthnRequestsSignedRule();
    }

    public void testNotSignedAndNotRequired() {
        this.messageContext.setInboundSAMLMessage(unmarshallElement("/data/org/opensaml/saml2/binding/AuthnRequest.xml"));
        this.messageContext.setInboundMessageIssuer("urn:test:issuer:notrequired");
        assertRuleSuccess("Protocol message was not signed and was not required to be signed");
    }

    public void testNotSignedAndRequired() {
        this.messageContext.setInboundSAMLMessage(unmarshallElement("/data/org/opensaml/saml2/binding/AuthnRequest.xml"));
        this.messageContext.setInboundMessageIssuer("urn:test:issuer:required");
        assertRuleFailure("Protocol message signature was not signed but was required to be signed");
    }

    public void testSignedAndNotRequired() {
        this.messageContext.setInboundSAMLMessage(unmarshallElement("/data/org/opensaml/saml2/binding/AuthnRequest-Signed.xml"));
        this.messageContext.setInboundMessageIssuer("urn:test:issuer:notrequired");
        assertRuleSuccess("Protocol message was signed and was not required to be signed");
    }

    public void testSignedAndRequired() {
        this.messageContext.setInboundSAMLMessage(unmarshallElement("/data/org/opensaml/saml2/binding/AuthnRequest-Signed.xml"));
        this.messageContext.setInboundMessageIssuer("urn:test:issuer:required");
        assertRuleSuccess("Protocol message signature was signed but was required to be signed");
    }

    public void testSimpleSignedAndRequired() {
        this.messageContext.setInboundSAMLMessage(unmarshallElement("/data/org/opensaml/saml2/binding/AuthnRequest.xml"));
        this.messageContext.setInboundMessageIssuer("urn:test:issuer:required");
        this.messageContext.getInboundMessageTransport().getWrappedRequest().setParameter("Signature", "some-signature-value");
        assertRuleSuccess("Protocol message was simple signed and was required to be signed");
    }

    @Override // org.opensaml.common.binding.security.BaseSAMLSecurityPolicyRuleTestCase
    protected InTransport buildInTransport() {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        HttpServletRequestAdapter httpServletRequestAdapter = new HttpServletRequestAdapter(mockHttpServletRequest);
        mockHttpServletRequest.setMethod("POST");
        return httpServletRequestAdapter;
    }
}
