package org.opensaml.saml.saml2.encryption;

import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.List;
import org.opensaml.core.xml.XMLObjectBaseTestCase;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.EncryptedAttribute;
import org.opensaml.saml.saml2.encryption.Encrypter;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.DataReference;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoGenerator;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.KeyName;
import org.opensaml.xmlsec.signature.RetrievalMethod;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/encryption/ComplexEncryptionTest.class */
public class ComplexEncryptionTest extends XMLObjectBaseTestCase {
    private Encrypter encrypter;
    private DataEncryptionParameters encParams;
    private List<KeyEncryptionParameters> kekParamsList;
    private KeyEncryptionParameters kekParamsRSA;
    private KeyEncryptionParameters kekParamsAES;
    private KeyInfo keyInfo;
    private KeyInfo kekKeyInfoRSA;
    private String expectedKeyNameRSA = "RSAKeyWrapper";
    private String expectedRecipientRSA = "RSARecipient";
    private String expectedRecipientAES = "AESRecipient";
    private String algoURI = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    private String kekURIRSA = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
    private String kekURIAES = "http://www.w3.org/2001/04/xmlenc#kw-aes128";

    @BeforeMethod
    protected void setUp() throws Exception {
        Credential generateSymmetricKeyAndCredential = AlgorithmSupport.generateSymmetricKeyAndCredential(this.algoURI);
        Credential generateSymmetricKeyAndCredential2 = AlgorithmSupport.generateSymmetricKeyAndCredential(this.kekURIAES);
        Credential generateKeyPairAndCredential = AlgorithmSupport.generateKeyPairAndCredential(this.kekURIRSA, 2048, false);
        this.encParams = new DataEncryptionParameters();
        this.encParams.setAlgorithm(this.algoURI);
        this.encParams.setEncryptionCredential(generateSymmetricKeyAndCredential);
        this.kekParamsAES = new KeyEncryptionParameters();
        this.kekParamsAES.setAlgorithm(this.kekURIAES);
        this.kekParamsAES.setEncryptionCredential(generateSymmetricKeyAndCredential2);
        this.kekParamsRSA = new KeyEncryptionParameters();
        this.kekParamsRSA.setAlgorithm(this.kekURIRSA);
        this.kekParamsRSA.setEncryptionCredential(generateKeyPairAndCredential);
        this.kekParamsList = new ArrayList();
        this.keyInfo = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        this.kekKeyInfoRSA = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    }

    @Test
    public void testSingleKEKInline() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml/saml2/encryption/Assertion.xml");
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue(this.expectedKeyNameRSA);
        this.kekKeyInfoRSA.getKeyNames().add(buildXMLObject);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsRSA);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
        EncryptedAssertion encryptedAssertion = null;
        try {
            encryptedAssertion = this.encrypter.encrypt(unmarshallElement);
        } catch (EncryptionException e) {
            Assert.fail("Object encryption failed: " + e);
        }
        Assert.assertNotNull(encryptedAssertion, "Encrypted object was null");
        Assert.assertTrue(encryptedAssertion instanceof EncryptedAssertion, "Encrypted object was not an instance of the expected type");
        EncryptedAssertion encryptedAssertion2 = encryptedAssertion;
        Assert.assertEquals(encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().size(), 1, "Number of inline EncryptedKeys");
        Assert.assertEquals(encryptedAssertion2.getEncryptedKeys().size(), 0, "Number of peer EncryptedKeys");
        EncryptedKey encryptedKey = (EncryptedKey) encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0);
        Assert.assertNotNull(encryptedKey, "EncryptedKey was null");
        Assert.assertEquals(encryptedKey.getEncryptionMethod().getAlgorithm(), this.kekURIRSA, "Algorithm attribute");
        Assert.assertNotNull(encryptedKey.getKeyInfo(), "KeyInfo");
        Assert.assertEquals(((KeyName) encryptedKey.getKeyInfo().getKeyNames().get(0)).getValue(), this.expectedKeyNameRSA, "KeyName");
        Assert.assertFalse(Strings.isNullOrEmpty(encryptedKey.getID()), "EncryptedKey ID attribute was empty");
        EncryptedData encryptedData = encryptedAssertion2.getEncryptedData();
        Assert.assertNotNull(encryptedData.getKeyInfo(), "EncryptedData KeyInfo wasn't null");
        Assert.assertEquals(encryptedData.getKeyInfo().getRetrievalMethods().size(), 0, "EncryptedData improperly contained a RetrievalMethod");
        Assert.assertNull(encryptedKey.getReferenceList(), "EncryptedKey ReferenceList wasn't null");
        Assert.assertNull(encryptedKey.getCarriedKeyName(), "EncryptedKey CarriedKeyName wasn't null");
    }

    @Test
    public void testSingleKEKPeer() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml/saml2/encryption/Assertion.xml");
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue(this.expectedKeyNameRSA);
        this.kekKeyInfoRSA.getKeyNames().add(buildXMLObject);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsRSA);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
        EncryptedAssertion encryptedAssertion = null;
        try {
            encryptedAssertion = this.encrypter.encrypt(unmarshallElement);
        } catch (EncryptionException e) {
            Assert.fail("Object encryption failed: " + e);
        }
        Assert.assertNotNull(encryptedAssertion, "Encrypted object was null");
        Assert.assertTrue(encryptedAssertion instanceof EncryptedAssertion, "Encrypted object was not an instance of the expected type");
        EncryptedAssertion encryptedAssertion2 = encryptedAssertion;
        Assert.assertEquals(encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().size(), 0, "Number of inline EncryptedKeys");
        Assert.assertEquals(encryptedAssertion2.getEncryptedKeys().size(), 1, "Number of peer EncryptedKeys");
        EncryptedKey encryptedKey = (EncryptedKey) encryptedAssertion2.getEncryptedKeys().get(0);
        Assert.assertNotNull(encryptedKey, "EncryptedKey was null");
        Assert.assertEquals(encryptedKey.getEncryptionMethod().getAlgorithm(), this.kekURIRSA, "Algorithm attribute");
        Assert.assertNotNull(encryptedKey.getKeyInfo(), "KeyInfo");
        Assert.assertEquals(((KeyName) encryptedKey.getKeyInfo().getKeyNames().get(0)).getValue(), this.expectedKeyNameRSA, "KeyName");
        Assert.assertFalse(Strings.isNullOrEmpty(encryptedKey.getID()), "EncryptedKey ID attribute was empty");
        EncryptedData encryptedData = encryptedAssertion2.getEncryptedData();
        Assert.assertNotNull(encryptedData.getKeyInfo(), "EncryptedData KeyInfo wasn't null");
        Assert.assertEquals(encryptedData.getKeyInfo().getRetrievalMethods().size(), 1, "EncryptedData contained invalid number RetrievalMethods");
        RetrievalMethod retrievalMethod = (RetrievalMethod) encryptedData.getKeyInfo().getRetrievalMethods().get(0);
        Assert.assertEquals(retrievalMethod.getType(), "http://www.w3.org/2001/04/xmlenc#EncryptedKey", "EncryptedData RetrievalMethod had incorrect type attribute");
        Assert.assertEquals(retrievalMethod.getURI(), "#" + encryptedKey.getID(), "EncryptedData RetrievalMethod had incorrect URI value");
        Assert.assertNotNull(encryptedKey.getReferenceList(), "EncryptedKey ReferenceList was null");
        Assert.assertEquals(encryptedKey.getReferenceList().getDataReferences().size(), 1, "EncryptedKey contained invalid number DataReferences");
        Assert.assertEquals(((DataReference) encryptedKey.getReferenceList().getDataReferences().get(0)).getURI(), "#" + encryptedData.getID(), "EncryptedKey DataReference had incorrect URI value");
        Assert.assertNull(encryptedKey.getCarriedKeyName(), "EncryptedKey CarriedKeyName wasn't null");
    }

    @Test
    public void testMulticastKEKPeer() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml/saml2/encryption/Assertion.xml");
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue("MulticastDataEncryptionKeyName");
        this.keyInfo.getKeyNames().add(buildXMLObject);
        this.encParams.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.keyInfo));
        this.kekParamsRSA.setRecipient(this.expectedRecipientRSA);
        this.kekParamsList.add(this.kekParamsRSA);
        this.kekParamsAES.setRecipient(this.expectedRecipientAES);
        this.kekParamsList.add(this.kekParamsAES);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
        EncryptedAssertion encryptedAssertion = null;
        try {
            encryptedAssertion = this.encrypter.encrypt(unmarshallElement);
        } catch (EncryptionException e) {
            Assert.fail("Object encryption failed: " + e);
        }
        Assert.assertNotNull(encryptedAssertion, "Encrypted object was null");
        Assert.assertTrue(encryptedAssertion instanceof EncryptedAssertion, "Encrypted object was not an instance of the expected type");
        EncryptedAssertion encryptedAssertion2 = encryptedAssertion;
        Assert.assertEquals(encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().size(), 0, "Number of inline EncryptedKeys");
        Assert.assertEquals(encryptedAssertion2.getEncryptedKeys().size(), 2, "Number of peer EncryptedKeys");
        EncryptedKey encryptedKey = (EncryptedKey) encryptedAssertion2.getEncryptedKeys().get(0);
        EncryptedKey encryptedKey2 = (EncryptedKey) encryptedAssertion2.getEncryptedKeys().get(1);
        Assert.assertNotNull(encryptedKey, "EncryptedKey was null");
        Assert.assertNotNull(encryptedKey2, "EncryptedKey was null");
        Assert.assertEquals(encryptedKey.getEncryptionMethod().getAlgorithm(), this.kekURIRSA, "Algorithm attribute");
        Assert.assertEquals(encryptedKey2.getEncryptionMethod().getAlgorithm(), this.kekURIAES, "Algorithm attribute");
        Assert.assertFalse(Strings.isNullOrEmpty(encryptedKey.getID()), "EncryptedKey ID attribute was empty");
        Assert.assertFalse(Strings.isNullOrEmpty(encryptedKey2.getID()), "EncryptedKey ID attribute was empty");
        EncryptedData encryptedData = encryptedAssertion2.getEncryptedData();
        Assert.assertNotNull(encryptedData.getKeyInfo(), "EncryptedData KeyInfo wasn't null");
        Assert.assertEquals(encryptedData.getKeyInfo().getRetrievalMethods().size(), 0, "EncryptedData contained invalid number RetrievalMethods");
        Assert.assertEquals(encryptedData.getKeyInfo().getKeyNames().size(), 1, "EncryptedData contained invalid number KeyNames");
        Assert.assertEquals(((KeyName) encryptedData.getKeyInfo().getKeyNames().get(0)).getValue(), "MulticastDataEncryptionKeyName", "EncryptedData KeyName value");
        Assert.assertEquals(encryptedKey.getRecipient(), this.expectedRecipientRSA, "EncryptedKey recipient attribute had invalid value");
        Assert.assertNotNull(encryptedKey.getReferenceList(), "EncryptedKey ReferenceList was null");
        Assert.assertEquals(encryptedKey.getReferenceList().getDataReferences().size(), 1, "EncryptedKey contained invalid number DataReferences");
        Assert.assertEquals(((DataReference) encryptedKey.getReferenceList().getDataReferences().get(0)).getURI(), "#" + encryptedData.getID(), "EncryptedKey DataReference had incorrect URI value");
        Assert.assertNotNull(encryptedKey.getCarriedKeyName(), "EncryptedKey CarriedKeyName wasn't null");
        Assert.assertEquals(encryptedKey.getCarriedKeyName().getValue(), "MulticastDataEncryptionKeyName", "EncrypteKey CarriedKeyName had incorrect value");
        Assert.assertEquals(encryptedKey2.getRecipient(), this.expectedRecipientAES, "EncryptedKey recipient attribute had invalid value");
        Assert.assertNotNull(encryptedKey2.getReferenceList(), "EncryptedKey ReferenceList was null");
        Assert.assertEquals(encryptedKey2.getReferenceList().getDataReferences().size(), 1, "EncryptedKey contained invalid number DataReferences");
        Assert.assertEquals(((DataReference) encryptedKey2.getReferenceList().getDataReferences().get(0)).getURI(), "#" + encryptedData.getID(), "EncryptedKey DataReference had incorrect URI value");
        Assert.assertNotNull(encryptedKey2.getCarriedKeyName(), "EncryptedKey CarriedKeyName wasn't null");
        Assert.assertEquals(encryptedKey2.getCarriedKeyName().getValue(), "MulticastDataEncryptionKeyName", "EncrypteKey CarriedKeyName had incorrect value");
    }

    @Test
    public void testReuse() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml/saml2/encryption/Assertion.xml");
        Attribute attribute = (Attribute) ((AttributeStatement) unmarshallElement.getAttributeStatements().get(0)).getAttributes().get(0);
        Attribute attribute2 = (Attribute) ((AttributeStatement) unmarshallElement.getAttributeStatements().get(0)).getAttributes().get(1);
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue(this.expectedKeyNameRSA);
        this.kekKeyInfoRSA.getKeyNames().add(buildXMLObject);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsRSA);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
        EncryptedAttribute encryptedAttribute = null;
        try {
            encryptedAttribute = this.encrypter.encrypt(attribute);
        } catch (EncryptionException e) {
            Assert.fail("Object encryption failed: " + e);
        }
        Assert.assertNotNull(encryptedAttribute, "Encrypted object was null");
        Assert.assertTrue(encryptedAttribute instanceof EncryptedAttribute, "Encrypted object was not an instance of the expected type");
        EncryptedAttribute encryptedAttribute2 = null;
        try {
            encryptedAttribute2 = this.encrypter.encrypt(attribute2);
        } catch (EncryptionException e2) {
            Assert.fail("Object encryption failed: " + e2);
        }
        Assert.assertNotNull(encryptedAttribute2, "Encrypted object was null");
        Assert.assertTrue(encryptedAttribute2 instanceof EncryptedAttribute, "Encrypted object was not an instance of the expected type");
    }
}
