package net.shibboleth.metadata.dom;

import java.io.IOException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import net.shibboleth.metadata.AssertSupport;
import net.shibboleth.metadata.ErrorStatus;
import net.shibboleth.metadata.Item;
import net.shibboleth.metadata.WarningStatus;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.cryptacular.util.CertUtil;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/metadata/dom/XMLSignatureValidationStageTest.class */
public class XMLSignatureValidationStageTest extends BaseDOMTest {
    private final Certificate signingCert;

    public XMLSignatureValidationStageTest() throws IOException {
        super(XMLSignatureValidationStage.class);
        this.signingCert = CertUtil.readCertificate(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingCert.pem")));
    }

    private DOMElementItem makeItem(String str) throws XMLParserException {
        return new DOMElementItem(readXMLData(str));
    }

    @Test
    public void testValidSignature() throws Exception {
        DOMElementItem makeItem = makeItem("signed.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeItem);
        XMLSignatureValidationStage xMLSignatureValidationStage = new XMLSignatureValidationStage();
        xMLSignatureValidationStage.setId("test");
        xMLSignatureValidationStage.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage.initialize();
        xMLSignatureValidationStage.execute(arrayList);
        Assert.assertEquals(arrayList.size(), 1);
        Item item = (Item) arrayList.iterator().next();
        AssertSupport.assertValidComponentInfo(item, 1, XMLSignatureValidationStage.class, "test");
        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0);
        Assert.assertEquals(item.getItemMetadata().get(WarningStatus.class).size(), 0);
    }

    @Test
    public void testInvalidSignature() throws Exception {
        DOMElementItem makeItem = makeItem("badSignature.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeItem);
        XMLSignatureValidationStage xMLSignatureValidationStage = new XMLSignatureValidationStage();
        xMLSignatureValidationStage.setId("test");
        xMLSignatureValidationStage.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage.initialize();
        xMLSignatureValidationStage.execute(arrayList);
        Assert.assertTrue(makeItem.getItemMetadata().containsKey(ErrorStatus.class));
    }

    @Test
    public void testRequiredSignature() throws Exception {
        DOMElementItem makeItem = makeItem("entities2.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeItem);
        XMLSignatureValidationStage xMLSignatureValidationStage = new XMLSignatureValidationStage();
        xMLSignatureValidationStage.setId("test");
        xMLSignatureValidationStage.setSignatureRequired(false);
        xMLSignatureValidationStage.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage.initialize();
        xMLSignatureValidationStage.execute(arrayList);
        Assert.assertEquals(arrayList.size(), 1);
        AssertSupport.assertValidComponentInfo((Item) arrayList.iterator().next(), 1, XMLSignatureValidationStage.class, "test");
        DOMElementItem makeItem2 = makeItem("entities2.xml");
        arrayList.clear();
        arrayList.add(makeItem2);
        XMLSignatureValidationStage xMLSignatureValidationStage2 = new XMLSignatureValidationStage();
        xMLSignatureValidationStage2.setId("test");
        xMLSignatureValidationStage2.setSignatureRequired(true);
        xMLSignatureValidationStage2.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage2.initialize();
        xMLSignatureValidationStage2.execute(arrayList);
        Assert.assertTrue(makeItem2.getItemMetadata().containsKey(ErrorStatus.class));
    }

    @Test
    public void testDigestBlacklist() throws Exception {
        DOMElementItem makeItem = makeItem("signed.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeItem);
        HashSet hashSet = new HashSet();
        hashSet.add("http://www.w3.org/2001/04/xmlenc#sha256");
        XMLSignatureValidationStage xMLSignatureValidationStage = new XMLSignatureValidationStage();
        xMLSignatureValidationStage.setId("test");
        xMLSignatureValidationStage.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage.setBlacklistedDigests(hashSet);
        xMLSignatureValidationStage.initialize();
        xMLSignatureValidationStage.execute(arrayList);
        Assert.assertEquals(arrayList.size(), 1);
        List list = ((Item) arrayList.iterator().next()).getItemMetadata().get(ErrorStatus.class);
        Assert.assertEquals(list.size(), 1);
        Assert.assertTrue(((ErrorStatus) list.get(0)).getStatusMessage().contains("blacklist"));
    }

    @Test
    public void testSignatureMethodBlacklist() throws Exception {
        DOMElementItem makeItem = makeItem("signed.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeItem);
        HashSet hashSet = new HashSet();
        hashSet.add("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        XMLSignatureValidationStage xMLSignatureValidationStage = new XMLSignatureValidationStage();
        xMLSignatureValidationStage.setId("test");
        xMLSignatureValidationStage.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage.setBlacklistedSignatureMethods(hashSet);
        xMLSignatureValidationStage.initialize();
        xMLSignatureValidationStage.execute(arrayList);
        Assert.assertEquals(arrayList.size(), 1);
        List list = ((Item) arrayList.iterator().next()).getItemMetadata().get(ErrorStatus.class);
        Assert.assertEquals(list.size(), 1);
        Assert.assertTrue(((ErrorStatus) list.get(0)).getStatusMessage().contains("blacklist"));
    }

    @Test
    public void testEmptyRefPermitted() throws Exception {
        DOMElementItem makeItem = makeItem("emptyref.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeItem);
        XMLSignatureValidationStage xMLSignatureValidationStage = new XMLSignatureValidationStage();
        xMLSignatureValidationStage.setId("test");
        xMLSignatureValidationStage.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage.initialize();
        xMLSignatureValidationStage.execute(arrayList);
        Assert.assertEquals(arrayList.size(), 1);
        Item item = (Item) arrayList.iterator().next();
        AssertSupport.assertValidComponentInfo(item, 1, XMLSignatureValidationStage.class, "test");
        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0);
        Assert.assertEquals(item.getItemMetadata().get(WarningStatus.class).size(), 0);
    }

    @Test
    public void testEmptyRefNotPermitted() throws Exception {
        DOMElementItem makeItem = makeItem("emptyref.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(makeItem);
        XMLSignatureValidationStage xMLSignatureValidationStage = new XMLSignatureValidationStage();
        xMLSignatureValidationStage.setId("test");
        xMLSignatureValidationStage.setVerificationCertificate(this.signingCert);
        xMLSignatureValidationStage.setPermittingEmptyReferences(false);
        xMLSignatureValidationStage.initialize();
        xMLSignatureValidationStage.execute(arrayList);
        Assert.assertEquals(arrayList.size(), 1);
        List list = ((Item) arrayList.iterator().next()).getItemMetadata().get(ErrorStatus.class);
        Assert.assertEquals(list.size(), 1);
        Assert.assertTrue(((ErrorStatus) list.get(0)).getStatusMessage().contains("reference"));
    }
}
