package org.opensaml.saml.saml2.core.tests;

import java.security.KeyPair;
import java.security.PrivateKey;
import java.time.Instant;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.security.impl.RandomIdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.core.xml.XMLObjectBuilder;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.testing.SAMLTestSupport;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.impl.StaticCredentialResolver;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/core/tests/SignedAssertionTest.class */
public class SignedAssertionTest extends XMLObjectBaseTestCase {
    private final Logger log = LoggerFactory.getLogger(SignedAssertionTest.class);
    private BasicCredential goodCredential;
    private SAMLObjectBuilder<Assertion> assertionBuilder;
    private SAMLObjectBuilder<Issuer> issuerBuilder;
    private SAMLObjectBuilder<AuthnStatement> authnStatementBuilder;
    private XMLObjectBuilder<Signature> signatureBuilder;
    private RandomIdentifierGenerationStrategy idGenerator;

    @BeforeMethod
    protected void setUp() throws Exception {
        KeyPair generateKeyPair = KeySupport.generateKeyPair("RSA", 1024, (String) null);
        this.goodCredential = CredentialSupport.getSimpleCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate());
        CredentialSupport.getSimpleCredential(KeySupport.generateKeyPair("RSA", 1024, (String) null).getPublic(), (PrivateKey) null);
        this.assertionBuilder = builderFactory.getBuilderOrThrow(Assertion.DEFAULT_ELEMENT_NAME);
        this.issuerBuilder = builderFactory.getBuilderOrThrow(Issuer.DEFAULT_ELEMENT_NAME);
        this.authnStatementBuilder = builderFactory.getBuilderOrThrow(AuthnStatement.DEFAULT_ELEMENT_NAME);
        this.signatureBuilder = builderFactory.getBuilderOrThrow(Signature.DEFAULT_ELEMENT_NAME);
        this.idGenerator = new RandomIdentifierGenerationStrategy();
    }

    @Test
    public void testAssertionSignature() throws MarshallingException, SignatureException, UnmarshallingException, SecurityException {
        Instant now = Instant.now();
        Assertion buildObject = this.assertionBuilder.buildObject();
        buildObject.setVersion(SAMLVersion.VERSION_20);
        buildObject.setID(this.idGenerator.generateIdentifier());
        buildObject.setIssueInstant(now);
        Issuer buildObject2 = this.issuerBuilder.buildObject();
        buildObject2.setValue("urn:example.org:issuer");
        buildObject.setIssuer(buildObject2);
        AuthnStatement buildObject3 = this.authnStatementBuilder.buildObject();
        buildObject3.setAuthnInstant(now);
        buildObject.getAuthnStatements().add(buildObject3);
        Signature buildObject4 = this.signatureBuilder.buildObject(Signature.DEFAULT_ELEMENT_NAME);
        buildObject4.setSigningCredential(this.goodCredential);
        buildObject4.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        buildObject4.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        buildObject.setSignature(buildObject4);
        marshallerFactory.getMarshaller(buildObject).marshall(buildObject);
        Signer.signObject(buildObject4);
        if (this.log.isDebugEnabled()) {
            this.log.debug("Marshalled signed assertion: \n" + SerializeSupport.nodeToString(buildObject.getDOM()));
        }
        Assert.assertTrue(new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(this.goodCredential), SAMLTestSupport.buildBasicInlineKeyInfoResolver()).validate(unmarshallerFactory.getUnmarshaller(buildObject.getDOM()).unmarshall(buildObject.getDOM()).getSignature(), new CriteriaSet(new Criterion[]{new EntityIdCriterion("urn:example.org:issuer")})), "Assertion signature was not valid");
    }
}
