package org.opensaml.saml.saml2.encryption;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBaseTestCase;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.DecryptionException;
import org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureSupport;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.opensaml.xmlsec.signature.support.Signer;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/opensaml/saml/saml2/encryption/DecryptionPlusSigningTest.class */
public class DecryptionPlusSigningTest extends XMLObjectBaseTestCase {
    private KeyInfoCredentialResolver keyResolver;
    private String encURI = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    private DataEncryptionParameters encParams;
    private Encrypter encrypter;
    private Credential signingCred;

    @BeforeMethod
    protected void setUp() throws Exception {
        Credential generateSymmetricKeyAndCredential = AlgorithmSupport.generateSymmetricKeyAndCredential(this.encURI);
        generateSymmetricKeyAndCredential.getSecretKey();
        this.keyResolver = new StaticKeyInfoCredentialResolver(generateSymmetricKeyAndCredential);
        this.encParams = new DataEncryptionParameters();
        this.encParams.setAlgorithm(this.encURI);
        this.encParams.setEncryptionCredential(generateSymmetricKeyAndCredential);
        this.encrypter = new Encrypter(this.encParams);
        KeyPair generateKeyPair = KeySupport.generateKeyPair("RSA", 1024, (String) null);
        this.signingCred = CredentialSupport.getSimpleCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate());
    }

    @Test
    public void testEncryptedAssertionInResponse() throws XMLParserException, EncryptionException, NoSuchAlgorithmException, NoSuchProviderException, SecurityException, MarshallingException, SignatureException, UnmarshallingException {
        Document dom = getDOM("/data/org/opensaml/saml/saml2/encryption/Assertion.xml");
        EncryptedAssertion encrypt = this.encrypter.encrypt(unmarshallElement("/data/org/opensaml/saml/saml2/encryption/Assertion.xml"));
        Response buildXMLObject = buildXMLObject(Response.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setID("def456");
        buildXMLObject.setIssueInstant(new DateTime());
        Issuer buildXMLObject2 = buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setValue("urn:string:issuer");
        buildXMLObject.setIssuer(buildXMLObject2);
        buildXMLObject.getEncryptedAssertions().add(encrypt);
        Signature buildXMLObject3 = buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setSignature(buildXMLObject3);
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(this.signingCred);
        signatureSigningParameters.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        signatureSigningParameters.setSignatureReferenceDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256");
        signatureSigningParameters.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        SignatureSupport.prepareSignatureParams(buildXMLObject3, signatureSigningParameters);
        marshallerFactory.getMarshaller(buildXMLObject).marshall(buildXMLObject);
        Signer.signObject(buildXMLObject3);
        Element marshall = marshallerFactory.getMarshaller(buildXMLObject).marshall(buildXMLObject);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SerializeSupport.writeNode(marshall, byteArrayOutputStream);
        Element documentElement = parserPool.parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getDocumentElement();
        Response unmarshall = unmarshallerFactory.getUnmarshaller(documentElement).unmarshall(documentElement);
        try {
            SignatureValidator.validate(unmarshall.getSignature(), this.signingCred);
        } catch (SignatureException e) {
            Assert.fail("First Response signature validation failed");
        }
        EncryptedAssertion encryptedAssertion = (EncryptedAssertion) unmarshall.getEncryptedAssertions().get(0);
        Decrypter decrypter = new Decrypter(this.keyResolver, (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null);
        decrypter.setRootInNewDocument(true);
        Assertion assertion = null;
        try {
            assertion = decrypter.decrypt(encryptedAssertion);
        } catch (DecryptionException e2) {
            Assert.fail("Error on decryption of EncryptedAssertion: " + e2);
        }
        Assert.assertNotNull(assertion, "Decrypted Assertion was null");
        assertXMLEquals(dom, assertion);
        try {
            SignatureValidator.validate(unmarshall.getSignature(), this.signingCred);
        } catch (SignatureException e3) {
            Assert.fail("Second Response signature validation failed");
        }
    }

    private Document getDOM(String str) throws XMLParserException {
        return parserPool.parse(DecryptionPlusSigningTest.class.getResourceAsStream(str));
    }
}
