package org.opensaml.saml.security.impl;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.saml.common.testing.SAMLTestSupport;
import org.opensaml.saml.criterion.RoleDescriptorCriterion;
import org.opensaml.saml.saml2.metadata.EncryptionMethod;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.security.SAMLMetadataKeyAgreementEncryptionConfiguration;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.testing.SecurityProviderTestSupport;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.EncryptionParameters;
import org.opensaml.xmlsec.KeyTransportAlgorithmPredicate;
import org.opensaml.xmlsec.agreement.KeyAgreementCredential;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer;
import org.opensaml.xmlsec.criterion.EncryptionConfigurationCriterion;
import org.opensaml.xmlsec.criterion.KeyInfoGenerationProfileCriterion;
import org.opensaml.xmlsec.derivation.impl.ConcatKDF;
import org.opensaml.xmlsec.derivation.impl.PBKDF2;
import org.opensaml.xmlsec.encryption.MGF;
import org.opensaml.xmlsec.encryption.OAEPparams;
import org.opensaml.xmlsec.encryption.support.KeyAgreementEncryptionConfiguration;
import org.opensaml.xmlsec.encryption.support.RSAOAEPParameters;
import org.opensaml.xmlsec.impl.BasicEncryptionConfiguration;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xmlsec.keyinfo.impl.BasicKeyInfoGeneratorFactory;
import org.opensaml.xmlsec.keyinfo.impl.KeyAgreementKeyInfoGeneratorFactory;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.DigestMethod;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/security/impl/SAMLMetadataEncryptionParametersResolverTest.class */
public class SAMLMetadataEncryptionParametersResolverTest extends XMLObjectBaseTestCase {
    private MetadataCredentialResolver mdCredResolver;
    private SAMLMetadataEncryptionParametersResolver resolver;
    private CriteriaSet criteriaSet;
    private EncryptionConfigurationCriterion configCriterion;
    private BasicEncryptionConfiguration config1;
    private BasicEncryptionConfiguration config2;
    private BasicEncryptionConfiguration config3;
    private Credential rsaCred1;
    private Credential dsaCred1;
    private Credential ecCred1;
    private RoleDescriptorCriterion roleDescCriterion;
    private RoleDescriptor roleDesc;
    private String rsaCred1KeyName = "RSACred1";
    private String dsaCred1KeyName = "DSACred1";
    private String ecCred1KeyName = "ECCred1";
    private String defaultRSAKeyTransportAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    private String defaultAES128DataAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    private String defaultAES192DataAlgo = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
    private String defaultAES256DataAlgo = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
    private NamedKeyInfoGeneratorManager defaultKeyTransportKeyInfoGeneratorManager = new NamedKeyInfoGeneratorManager();
    private NamedKeyInfoGeneratorManager defaultDataEncryptionKeyInfoGeneratorManager = new NamedKeyInfoGeneratorManager();
    private String targetEntityID = "urn:test:foo";
    private SecurityProviderTestSupport providerSupport = new SecurityProviderTestSupport();

    /* loaded from: input_file:org/opensaml/saml/security/impl/SAMLMetadataEncryptionParametersResolverTest$MapBasedKeyTransportAlgorithmPredicate.class */
    public class MapBasedKeyTransportAlgorithmPredicate implements KeyTransportAlgorithmPredicate {
        private Map<String, String> algoMap;

        public MapBasedKeyTransportAlgorithmPredicate(Map<String, String> map) {
            this.algoMap = map;
        }

        public boolean test(@Nullable KeyTransportAlgorithmPredicate.SelectionInput selectionInput) {
            return this.algoMap.get(selectionInput.getDataEncryptionAlgorithm()).equals(selectionInput.getKeyTransportAlgorithm());
        }
    }

    @BeforeClass
    public void buildCredentials() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        this.rsaCred1 = CredentialSupport.getSimpleCredential(KeySupport.generateKeyPair("RSA", 2048, (String) null).getPublic(), (PrivateKey) null);
        this.rsaCred1.getKeyNames().add(this.rsaCred1KeyName);
        this.dsaCred1 = CredentialSupport.getSimpleCredential(KeySupport.generateKeyPair("DSA", 1024, (String) null).getPublic(), (PrivateKey) null);
        this.dsaCred1.getKeyNames().add(this.dsaCred1KeyName);
        KeyPair generateKeyPair = KeySupport.generateKeyPair("EC", new ECGenParameterSpec("secp256r1"), (String) null);
        this.ecCred1 = CredentialSupport.getSimpleCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate());
        this.ecCred1.getKeyNames().add(this.ecCred1KeyName);
    }

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.mdCredResolver = new MetadataCredentialResolver();
        this.mdCredResolver.setKeyInfoCredentialResolver(SAMLTestSupport.buildBasicInlineKeyInfoResolver());
        this.mdCredResolver.initialize();
        this.resolver = new SAMLMetadataEncryptionParametersResolver(this.mdCredResolver);
        this.config1 = new BasicEncryptionConfiguration();
        this.config2 = new BasicEncryptionConfiguration();
        this.config3 = new BasicEncryptionConfiguration();
        this.config3.setDataEncryptionAlgorithms(List.of(this.defaultAES128DataAlgo, this.defaultAES192DataAlgo, this.defaultAES256DataAlgo, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", "http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2009/xmlenc11#aes192-gcm", "http://www.w3.org/2009/xmlenc11#aes256-gcm"));
        this.config3.setKeyTransportEncryptionAlgorithms(List.of(this.defaultRSAKeyTransportAlgo, "http://www.w3.org/2001/04/xmlenc#rsa-1_5", "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#kw-aes128", "http://www.w3.org/2001/04/xmlenc#kw-aes192", "http://www.w3.org/2001/04/xmlenc#kw-aes256", "http://www.w3.org/2001/04/xmlenc#kw-tripledes"));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Default);
        sAMLMetadataKeyAgreementEncryptionConfiguration.setAlgorithm("http://www.w3.org/2009/xmlenc11#ECDH-ES");
        ConcatKDF concatKDF = new ConcatKDF();
        concatKDF.setAlgorithmID("00");
        concatKDF.setPartyUInfo("00");
        concatKDF.setPartyVInfo("00");
        sAMLMetadataKeyAgreementEncryptionConfiguration.setParameters(Set.of(concatKDF));
        this.config3.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        BasicKeyInfoGeneratorFactory basicKeyInfoGeneratorFactory = new BasicKeyInfoGeneratorFactory();
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        KeyAgreementKeyInfoGeneratorFactory keyAgreementKeyInfoGeneratorFactory = new KeyAgreementKeyInfoGeneratorFactory();
        this.defaultKeyTransportKeyInfoGeneratorManager = new NamedKeyInfoGeneratorManager();
        this.defaultKeyTransportKeyInfoGeneratorManager.registerDefaultFactory(basicKeyInfoGeneratorFactory);
        this.defaultKeyTransportKeyInfoGeneratorManager.registerDefaultFactory(x509KeyInfoGeneratorFactory);
        this.defaultKeyTransportKeyInfoGeneratorManager.registerDefaultFactory(keyAgreementKeyInfoGeneratorFactory);
        this.config3.setKeyTransportKeyInfoGeneratorManager(this.defaultKeyTransportKeyInfoGeneratorManager);
        BasicKeyInfoGeneratorFactory basicKeyInfoGeneratorFactory2 = new BasicKeyInfoGeneratorFactory();
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory2 = new X509KeyInfoGeneratorFactory();
        KeyAgreementKeyInfoGeneratorFactory keyAgreementKeyInfoGeneratorFactory2 = new KeyAgreementKeyInfoGeneratorFactory();
        this.defaultDataEncryptionKeyInfoGeneratorManager = new NamedKeyInfoGeneratorManager();
        this.defaultDataEncryptionKeyInfoGeneratorManager.registerDefaultFactory(basicKeyInfoGeneratorFactory2);
        this.defaultDataEncryptionKeyInfoGeneratorManager.registerDefaultFactory(x509KeyInfoGeneratorFactory2);
        this.defaultDataEncryptionKeyInfoGeneratorManager.registerDefaultFactory(keyAgreementKeyInfoGeneratorFactory2);
        this.config3.setDataKeyInfoGeneratorManager(this.defaultDataEncryptionKeyInfoGeneratorManager);
        this.configCriterion = new EncryptionConfigurationCriterion(new EncryptionConfiguration[]{this.config1, this.config2, this.config3});
        this.roleDesc = buildRoleDescriptorSkeleton();
        this.roleDescCriterion = new RoleDescriptorCriterion(this.roleDesc);
        this.criteriaSet = new CriteriaSet(new Criterion[]{this.configCriterion, this.roleDescCriterion});
    }

    @Test
    public void testBasic() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), this.defaultRSAKeyTransportAlgo);
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getRSAOAEPParameters());
        Assert.assertTrue(resolveSingle.getRSAOAEPParameters().isEmpty());
    }

    @Test
    public void testWithRSAOAEPParametersFromConfig() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.config3.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", (String) null, "oaep-params-3"));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), this.defaultRSAKeyTransportAlgo);
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getRSAOAEPParameters());
        Assert.assertEquals(resolveSingle.getRSAOAEPParameters().getDigestMethod(), "http://www.w3.org/2001/04/xmlenc#sha256");
        Assert.assertNull(resolveSingle.getRSAOAEPParameters().getMaskGenerationFunction());
        Assert.assertEquals(resolveSingle.getRSAOAEPParameters().getOAEPParams(), "oaep-params-3");
    }

    @Test
    public void testWithAlgorithmOverrides() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.config2.setDataEncryptionAlgorithms(Collections.singletonList("http://www.w3.org/2001/04/xmlenc#aes256-cbc"));
        this.config2.setKeyTransportEncryptionAlgorithms(Collections.singletonList("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testWithBlacklist() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.config1.setExcludedAlgorithms(List.of(this.defaultRSAKeyTransportAlgo, this.defaultAES128DataAlgo, this.defaultAES192DataAlgo));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES256DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testWithWhitelist() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.config1.setIncludedAlgorithms(List.of("http://www.w3.org/2001/04/xmlenc#aes256-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testGeneratedDataCredential() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.resolver.setAutoGenerateDataEncryptionCredential(true);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), this.defaultRSAKeyTransportAlgo);
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getDataEncryptionCredential().getSecretKey()), 128);
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testEncryptionMethod() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes256-cbc"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testEncryptionMethodWithRSAOAEPParameters() throws ResolverException, InitializationException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey());
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        EncryptionMethod buildEncryptionMethod = buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        buildKeyDescriptor.getEncryptionMethods().clear();
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod);
        Assert.assertNull(this.resolver.resolveSingle(this.criteriaSet).getRSAOAEPParameters());
        EncryptionMethod buildEncryptionMethod2 = buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        buildKeyDescriptor.getEncryptionMethods().clear();
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod2);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle.getRSAOAEPParameters());
        Assert.assertTrue(resolveSingle.getRSAOAEPParameters().isEmpty());
        AlgorithmRegistry globalAlgorithmRegistry = AlgorithmSupport.getGlobalAlgorithmRegistry();
        Assert.assertNotNull(globalAlgorithmRegistry);
        this.providerSupport.loadBC();
        new GlobalAlgorithmRegistryInitializer().init();
        this.resolver.setAlgorithmRegistry(AlgorithmSupport.getGlobalAlgorithmRegistry());
        try {
            EncryptionMethod buildEncryptionMethod3 = buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            DigestMethod buildXMLObject = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
            buildEncryptionMethod3.getUnknownXMLObjects().add(buildXMLObject);
            buildKeyDescriptor.getEncryptionMethods().clear();
            buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod3);
            EncryptionParameters resolveSingle2 = this.resolver.resolveSingle(this.criteriaSet);
            Assert.assertNotNull(resolveSingle2.getRSAOAEPParameters());
            Assert.assertEquals(resolveSingle2.getRSAOAEPParameters().getDigestMethod(), "http://www.w3.org/2001/04/xmlenc#sha256");
            Assert.assertNull(resolveSingle2.getRSAOAEPParameters().getMaskGenerationFunction());
            Assert.assertNull(resolveSingle2.getRSAOAEPParameters().getOAEPParams());
            EncryptionMethod buildEncryptionMethod4 = buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            DigestMethod buildXMLObject2 = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME);
            buildXMLObject2.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
            buildEncryptionMethod4.getUnknownXMLObjects().add(buildXMLObject2);
            MGF buildXMLObject3 = buildXMLObject(MGF.DEFAULT_ELEMENT_NAME);
            buildXMLObject3.setAlgorithm("http://www.w3.org/2009/xmlenc11#mgf1sha256");
            buildEncryptionMethod4.getUnknownXMLObjects().add(buildXMLObject3);
            OAEPparams buildXMLObject4 = buildXMLObject(OAEPparams.DEFAULT_ELEMENT_NAME);
            buildXMLObject4.setValue("oaep-params-md");
            buildEncryptionMethod4.setOAEPparams(buildXMLObject4);
            buildKeyDescriptor.getEncryptionMethods().clear();
            buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod4);
            EncryptionParameters resolveSingle3 = this.resolver.resolveSingle(this.criteriaSet);
            Assert.assertNotNull(resolveSingle3.getRSAOAEPParameters());
            Assert.assertEquals(resolveSingle3.getRSAOAEPParameters().getDigestMethod(), "http://www.w3.org/2001/04/xmlenc#sha256");
            Assert.assertEquals(resolveSingle3.getRSAOAEPParameters().getMaskGenerationFunction(), "http://www.w3.org/2009/xmlenc11#mgf1sha256");
            Assert.assertEquals(resolveSingle3.getRSAOAEPParameters().getOAEPParams(), "oaep-params-md");
            this.config3.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2000/09/xmldsig#sha1", (String) null, "oaep-params-3"));
            EncryptionMethod buildEncryptionMethod5 = buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            DigestMethod buildXMLObject5 = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME);
            buildXMLObject5.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
            buildEncryptionMethod5.getUnknownXMLObjects().add(buildXMLObject5);
            buildKeyDescriptor.getEncryptionMethods().clear();
            buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod5);
            EncryptionParameters resolveSingle4 = this.resolver.resolveSingle(this.criteriaSet);
            Assert.assertNotNull(resolveSingle4.getRSAOAEPParameters());
            Assert.assertEquals(resolveSingle4.getRSAOAEPParameters().getDigestMethod(), "http://www.w3.org/2001/04/xmlenc#sha256");
            Assert.assertNull(resolveSingle4.getRSAOAEPParameters().getMaskGenerationFunction());
            Assert.assertNull(resolveSingle4.getRSAOAEPParameters().getOAEPParams());
            this.config3.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2000/09/xmldsig#sha1", (String) null, "oaep-params-3"));
            this.resolver.setMergeMetadataRSAOAEPParametersWithConfig(true);
            EncryptionMethod buildEncryptionMethod6 = buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            DigestMethod buildXMLObject6 = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME);
            buildXMLObject6.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
            buildEncryptionMethod6.getUnknownXMLObjects().add(buildXMLObject6);
            buildKeyDescriptor.getEncryptionMethods().clear();
            buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod6);
            EncryptionParameters resolveSingle5 = this.resolver.resolveSingle(this.criteriaSet);
            Assert.assertNotNull(resolveSingle5.getRSAOAEPParameters());
            Assert.assertEquals(resolveSingle5.getRSAOAEPParameters().getDigestMethod(), "http://www.w3.org/2001/04/xmlenc#sha256");
            Assert.assertNull(resolveSingle5.getRSAOAEPParameters().getMaskGenerationFunction());
            Assert.assertEquals(resolveSingle5.getRSAOAEPParameters().getOAEPParams(), "oaep-params-3");
            this.providerSupport.unloadBC();
            ConfigurationService.register(AlgorithmRegistry.class, globalAlgorithmRegistry);
        } catch (Throwable th) {
            this.providerSupport.unloadBC();
            ConfigurationService.register(AlgorithmRegistry.class, globalAlgorithmRegistry);
            throw th;
        }
    }

    @Test
    public void testKeyTransportAlgorithmPredicate() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes256-cbc"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes192-cbc"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes128-cbc"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        HashMap hashMap = new HashMap();
        hashMap.put("http://www.w3.org/2001/04/xmlenc#aes256-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        hashMap.put("http://www.w3.org/2001/04/xmlenc#aes192-cbc", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        MapBasedKeyTransportAlgorithmPredicate mapBasedKeyTransportAlgorithmPredicate = new MapBasedKeyTransportAlgorithmPredicate(hashMap);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        this.config1.setKeyTransportAlgorithmPredicate(mapBasedKeyTransportAlgorithmPredicate);
        EncryptionParameters resolveSingle2 = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertEquals(resolveSingle2.getDataEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
        Assert.assertEquals(resolveSingle2.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        buildKeyDescriptor.getEncryptionMethods().clear();
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes192-cbc"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes128-cbc"));
        EncryptionParameters resolveSingle3 = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertEquals(resolveSingle3.getDataEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
        Assert.assertEquals(resolveSingle3.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
    }

    @Test
    public void testEncryptionMethodWithBlacklist() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        this.config1.setExcludedAlgorithms(List.of("http://www.w3.org/2001/04/xmlenc#rsa-1_5", "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), this.defaultRSAKeyTransportAlgo);
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testEncryptionMethodWithWhitelist() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        this.config1.setIncludedAlgorithms(List.of("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2001/04/xmlenc#aes192-cbc"));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes192-cbc");
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testEncryptionMethodWithBlacklistedDigest() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey());
        EncryptionMethod buildEncryptionMethod = buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        DigestMethod buildXMLObject = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
        buildEncryptionMethod.getUnknownXMLObjects().add(buildXMLObject);
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod);
        EncryptionMethod buildEncryptionMethod2 = buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        DigestMethod buildXMLObject2 = buildXMLObject(DigestMethod.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
        buildEncryptionMethod2.getUnknownXMLObjects().add(buildXMLObject2);
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod2);
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        this.config1.setExcludedAlgorithms(List.of("http://www.w3.org/2000/09/xmldsig#sha1"));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getRSAOAEPParameters());
        Assert.assertEquals(resolveSingle.getRSAOAEPParameters().getDigestMethod(), "http://www.w3.org/2001/04/xmlenc#sha256");
        Assert.assertNull(resolveSingle.getRSAOAEPParameters().getMaskGenerationFunction());
        Assert.assertNull(resolveSingle.getRSAOAEPParameters().getOAEPParams());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testECDHWithNoEncryptionMethodsAndKeyWrapDefault() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey()));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionAlgorithm());
        Assert.assertNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getDataEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getDataEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getDataEncryptionCredential().getSecretKey()), 128);
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getDataKeyInfoGenerator()));
    }

    @Test
    public void testECDHWithNoEncryptionMethodsAndKeyWrapAlways() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey()));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
        this.config2.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getKeyTransportEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey()), 128);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#kw-aes128");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getKeyTransportKeyInfoGenerator()));
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testECDHWithNoEncryptionMethodsAndKeyWrapNever() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey()));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Never);
        this.config2.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionAlgorithm());
        Assert.assertNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getDataEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getDataEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getDataEncryptionCredential().getSecretKey()), 128);
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getDataKeyInfoGenerator()));
    }

    @Test
    public void testECDHWithNoEncryptionMethodsAndKeyWrapIfNotIndicated() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey()));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.IfNotIndicated);
        this.config2.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getKeyTransportEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey()), 128);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#kw-aes128");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getKeyTransportKeyInfoGenerator()));
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testECDHWithBlockEncryptionMethodAndKeyWrapDefault() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#aes256-gcm"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionAlgorithm());
        Assert.assertNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getDataEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getDataEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getDataEncryptionCredential().getSecretKey()), 256);
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2009/xmlenc11#aes256-gcm");
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getDataKeyInfoGenerator()));
    }

    @Test
    public void testECDHWithBlockEncryptionMethodAndKeyWrapAlways() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#aes256-gcm"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
        this.config2.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getKeyTransportEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey()), 128);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#kw-aes128");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getKeyTransportKeyInfoGenerator()));
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2009/xmlenc11#aes256-gcm");
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testECDHWithKeyWrapEncryptionMethodAndKeyWrapDefault() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#kw-aes256"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getKeyTransportEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey()), 256);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#kw-aes256");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getKeyTransportKeyInfoGenerator()));
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testECDHWithKeyWrapEncryptionMethodAndKeyWrapNever() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#kw-aes256"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Never);
        this.config2.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionAlgorithm());
        Assert.assertNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getDataEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getDataEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getDataEncryptionCredential().getSecretKey()), 128);
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getDataKeyInfoGenerator()));
    }

    @Test
    public void testECDHWithBlockAndKeyWrapEncryptionMethods() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#aes256-gcm"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#kw-aes256"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getKeyTransportEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey()), 256);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#kw-aes256");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getKeyTransportKeyInfoGenerator()));
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2009/xmlenc11#aes256-gcm");
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testECDHWithKeyWrapEncryptionMethodAndGeneratedDataCredential() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#kw-aes256"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        this.resolver.setAutoGenerateDataEncryptionCredential(true);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getKeyTransportEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getKeyTransportEncryptionCredential().getSecretKey()), 256);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), "http://www.w3.org/2001/04/xmlenc#kw-aes256");
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getKeyTransportKeyInfoGenerator()));
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getDataEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getDataEncryptionCredential().getSecretKey()), 128);
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testECDHWithKDFOverride() throws ResolverException {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.ecCred1KeyName, UsageType.ENCRYPTION, this.ecCred1.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#aes256-gcm"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setParameters(Set.of(new PBKDF2()));
        this.config2.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionCredential());
        Assert.assertNull(resolveSingle.getKeyTransportEncryptionAlgorithm());
        Assert.assertNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(resolveSingle.getDataEncryptionCredential()));
        Assert.assertNotNull(resolveSingle.getDataEncryptionCredential().getSecretKey());
        Assert.assertEquals(resolveSingle.getDataEncryptionCredential().getSecretKey().getAlgorithm(), "AES");
        Assert.assertEquals(KeySupport.getKeyLength(resolveSingle.getDataEncryptionCredential().getSecretKey()), 256);
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), "http://www.w3.org/2009/xmlenc11#aes256-gcm");
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertTrue(KeyAgreementKeyInfoGeneratorFactory.KeyAgreementKeyInfoGenerator.class.isInstance(resolveSingle.getDataKeyInfoGenerator()));
        KeyAgreementCredential keyAgreementCredential = (KeyAgreementCredential) KeyAgreementCredential.class.cast(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(keyAgreementCredential.getParameters().size(), 1);
        Assert.assertTrue(keyAgreementCredential.getParameters().contains(PBKDF2.class));
    }

    @Test
    public void testGetEffectiveKeyAgreementConfiguration() {
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
        this.config1.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration2 = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration2.setAlgorithm("http://www.w3.org/2009/xmlenc11#ECDH-ES");
        sAMLMetadataKeyAgreementEncryptionConfiguration2.setParameters(Set.of(new PBKDF2()));
        sAMLMetadataKeyAgreementEncryptionConfiguration2.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.IfNotIndicated);
        this.config2.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration2));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration3 = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration3.setAlgorithm("SomeAlgo");
        sAMLMetadataKeyAgreementEncryptionConfiguration3.setParameters(Set.of(new ConcatKDF()));
        sAMLMetadataKeyAgreementEncryptionConfiguration3.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Default);
        this.config3.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration3));
        SAMLMetadataKeyAgreementEncryptionConfiguration effectiveKeyAgreementConfiguration = this.resolver.getEffectiveKeyAgreementConfiguration(this.criteriaSet, this.ecCred1);
        Assert.assertEquals(effectiveKeyAgreementConfiguration.getAlgorithm(), "http://www.w3.org/2009/xmlenc11#ECDH-ES");
        Assert.assertEquals(effectiveKeyAgreementConfiguration.getMetadataUseKeyWrap(), SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
        Assert.assertEquals(effectiveKeyAgreementConfiguration.getParameters().size(), 1);
        Assert.assertTrue(PBKDF2.class.isInstance(effectiveKeyAgreementConfiguration.getParameters().iterator().next()));
    }

    @Test
    public void testDefaultKeyAgreementUseKeyWrap() {
        KeyAgreementEncryptionConfiguration keyAgreementEncryptionConfiguration = new KeyAgreementEncryptionConfiguration();
        keyAgreementEncryptionConfiguration.setAlgorithm("http://www.w3.org/2009/xmlenc11#ECDH-ES");
        keyAgreementEncryptionConfiguration.setParameters(Set.of());
        EncryptionConfiguration basicEncryptionConfiguration = new BasicEncryptionConfiguration();
        basicEncryptionConfiguration.setKeyAgreementConfigurations(Map.of("EC", keyAgreementEncryptionConfiguration));
        CriteriaSet criteriaSet = new CriteriaSet(new Criterion[]{new EncryptionConfigurationCriterion(new EncryptionConfiguration[]{basicEncryptionConfiguration})});
        Assert.assertEquals(this.resolver.getDefaultKeyAgreemenUseKeyWrap(), SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Default);
        Assert.assertEquals(this.resolver.getEffectiveKeyAgreementConfiguration(criteriaSet, this.ecCred1).getMetadataUseKeyWrap(), SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Default);
        this.resolver.setDefaultKeyAgreementUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
        Assert.assertEquals(this.resolver.getDefaultKeyAgreemenUseKeyWrap(), SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
        Assert.assertEquals(this.resolver.getEffectiveKeyAgreementConfiguration(criteriaSet, this.ecCred1).getMetadataUseKeyWrap(), SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
    }

    @Test
    public void testMultipleKeyDescriptors() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.dsaCred1KeyName, UsageType.SIGNING, this.dsaCred1.getPublicKey()));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), this.defaultRSAKeyTransportAlgo);
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testOnlySigningDescriptor() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.dsaCred1KeyName, UsageType.SIGNING, this.dsaCred1.getPublicKey()));
        Assert.assertNull(this.resolver.resolveSingle(this.criteriaSet));
    }

    @Test
    public void testDSACredWithUnspecifiedUse() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.dsaCred1KeyName, null, this.dsaCred1.getPublicKey()));
        Assert.assertNull(this.resolver.resolveSingle(this.criteriaSet));
    }

    @Test
    public void testRSACredWithUnspecifiedUse() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, null, this.rsaCred1.getPublicKey()));
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle);
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(resolveSingle.getKeyTransportEncryptionAlgorithm(), this.defaultRSAKeyTransportAlgo);
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(resolveSingle.getDataEncryptionCredential());
        Assert.assertEquals(resolveSingle.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(resolveSingle.getDataKeyInfoGenerator());
    }

    @Test
    public void testKeyInfoGenerationProfile() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.resolver.setAutoGenerateDataEncryptionCredential(true);
        this.criteriaSet.add(new KeyInfoGenerationProfileCriterion("testKeyInfoProfile"));
        this.defaultDataEncryptionKeyInfoGeneratorManager.setUseDefaultManager(true);
        this.defaultKeyTransportKeyInfoGeneratorManager.setUseDefaultManager(true);
        EncryptionParameters resolveSingle = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle.getDataKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle.getKeyTransportKeyInfoGenerator());
        this.defaultDataEncryptionKeyInfoGeneratorManager.setUseDefaultManager(false);
        this.defaultKeyTransportKeyInfoGeneratorManager.setUseDefaultManager(false);
        EncryptionParameters resolveSingle2 = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNull(resolveSingle2.getDataKeyInfoGenerator());
        Assert.assertNull(resolveSingle2.getKeyTransportKeyInfoGenerator());
        this.defaultDataEncryptionKeyInfoGeneratorManager.setUseDefaultManager(false);
        this.defaultKeyTransportKeyInfoGeneratorManager.setUseDefaultManager(false);
        this.defaultDataEncryptionKeyInfoGeneratorManager.registerFactory("testKeyInfoProfile", new BasicKeyInfoGeneratorFactory());
        this.defaultKeyTransportKeyInfoGeneratorManager.registerFactory("testKeyInfoProfile", new BasicKeyInfoGeneratorFactory());
        EncryptionParameters resolveSingle3 = this.resolver.resolveSingle(this.criteriaSet);
        Assert.assertNotNull(resolveSingle3.getDataKeyInfoGenerator());
        Assert.assertNotNull(resolveSingle3.getKeyTransportKeyInfoGenerator());
    }

    @Test
    public void testResolve() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        Iterable resolve = this.resolver.resolve(this.criteriaSet);
        Assert.assertNotNull(resolve);
        Iterator it = resolve.iterator();
        Assert.assertNotNull(it);
        Assert.assertTrue(it.hasNext());
        EncryptionParameters encryptionParameters = (EncryptionParameters) it.next();
        Assert.assertNotNull(encryptionParameters);
        Assert.assertEquals(encryptionParameters.getKeyTransportEncryptionCredential().getPublicKey(), this.rsaCred1.getPublicKey());
        Assert.assertEquals(encryptionParameters.getKeyTransportEncryptionAlgorithm(), this.defaultRSAKeyTransportAlgo);
        Assert.assertNotNull(encryptionParameters.getKeyTransportKeyInfoGenerator());
        Assert.assertNull(encryptionParameters.getDataEncryptionCredential());
        Assert.assertEquals(encryptionParameters.getDataEncryptionAlgorithm(), this.defaultAES128DataAlgo);
        Assert.assertNull(encryptionParameters.getDataKeyInfoGenerator());
        Assert.assertFalse(it.hasNext());
    }

    @Test
    public void testNoCredentials() throws ResolverException {
        Assert.assertNull(this.resolver.resolveSingle(this.criteriaSet));
    }

    @Test
    public void testNoKeyTransportAlgorithms() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.config3.setKeyTransportEncryptionAlgorithms(new ArrayList());
        Assert.assertNull(this.resolver.resolveSingle(this.criteriaSet));
    }

    @Test
    public void testNoDataEncryptionAlgorithmForEncrypterAutoGen() throws ResolverException {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.rsaCred1KeyName, UsageType.ENCRYPTION, this.rsaCred1.getPublicKey()));
        this.config3.setDataEncryptionAlgorithms(new ArrayList());
        Assert.assertNull(this.resolver.resolveSingle(this.criteriaSet));
    }

    @Test(expectedExceptions = {ConstraintViolationException.class})
    public void testNullCriteriaSet() throws ResolverException {
        this.resolver.resolve((CriteriaSet) null);
    }

    @Test(expectedExceptions = {ConstraintViolationException.class})
    public void testAbsentCriterion() throws ResolverException {
        this.resolver.resolve(new CriteriaSet());
    }

    private RoleDescriptor buildRoleDescriptorSkeleton() {
        EntityDescriptor buildXMLObject = buildXMLObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setEntityID(this.targetEntityID);
        SPSSODescriptor buildXMLObject2 = buildXMLObject(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setParent(buildXMLObject);
        return buildXMLObject2;
    }

    private KeyDescriptor buildKeyDescriptor(String str, UsageType usageType, Object... objArr) {
        KeyDescriptor buildXMLObject = buildXMLObject(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        for (Object obj : objArr) {
            if (obj instanceof PublicKey) {
                try {
                    KeyInfoSupport.addPublicKey(buildXMLObject2, (PublicKey) obj);
                } catch (EncodingException e) {
                    throw new RuntimeException("EncodingException adding public key to KeyInfo", e);
                }
            } else {
                if (!(obj instanceof X509Certificate)) {
                    throw new RuntimeException("Saw unknown KeyInfo content type: " + obj.getClass().getName());
                }
                try {
                    KeyInfoSupport.addCertificate(buildXMLObject2, (X509Certificate) obj);
                } catch (CertificateEncodingException e2) {
                    throw new RuntimeException("CertificateEncodingException ading cert to KeyInfo", e2);
                }
            }
        }
        if (str != null) {
            KeyInfoSupport.addKeyName(buildXMLObject2, str);
        }
        buildXMLObject.setKeyInfo(buildXMLObject2);
        if (usageType != null) {
            buildXMLObject.setUse(usageType);
        }
        return buildXMLObject;
    }

    private EncryptionMethod buildEncryptionMethod(String str) {
        EncryptionMethod buildXMLObject = buildXMLObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setAlgorithm(str);
        return buildXMLObject;
    }
}
