package net.shibboleth.metadata.dom;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import javax.xml.namespace.QName;
import net.shibboleth.metadata.Item;
import net.shibboleth.metadata.dom.XMLSignatureSigningStage;
import net.shibboleth.metadata.dom.ds.XMLDSIGSupport;
import net.shibboleth.metadata.dom.testing.BaseDOMTest;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.logic.ConstraintViolationException;
import net.shibboleth.shared.xml.ElementSupport;
import net.shibboleth.shared.xml.SerializeSupport;
import net.shibboleth.shared.xml.XMLParserException;
import org.cryptacular.util.CertUtil;
import org.cryptacular.util.KeyPairUtil;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xmlunit.builder.DiffBuilder;
import org.xmlunit.builder.Input;
import org.xmlunit.diff.Diff;
import org.xmlunit.input.NormalizedSource;

/* loaded from: input_file:net/shibboleth/metadata/dom/XMLSignatureSigningStageTest.class */
public class XMLSignatureSigningStageTest extends BaseDOMTest {
    private static List<QName> noQNames;
    static final /* synthetic */ boolean $assertionsDisabled;

    public XMLSignatureSigningStageTest() {
        super(XMLSignatureSigningStage.class);
    }

    @Nonnull
    private List<Item<Element>> getInput(@Nonnull String str) throws XMLParserException {
        Element readXMLData = readXMLData(str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DOMElementItem(readXMLData));
        return arrayList;
    }

    private boolean containsCRs(@Nonnull Element element) {
        return SerializeSupport.nodeToString(element).contains("&#13;");
    }

    @Test
    public void testSigning() throws Exception {
        Element readXMLData = readXMLData("input.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DOMElementItem(readXMLData));
        PrivateKey readPrivateKey = KeyPairUtil.readPrivateKey(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingKey.pem")));
        if (!$assertionsDisabled && readPrivateKey == null) {
            throw new AssertionError();
        }
        X509Certificate readCertificate = CertUtil.readCertificate(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingCert.pem")));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(readCertificate);
        XMLSignatureSigningStage xMLSignatureSigningStage = new XMLSignatureSigningStage();
        xMLSignatureSigningStage.setId("test");
        xMLSignatureSigningStage.setIncludeKeyValue(false);
        xMLSignatureSigningStage.setIncludeX509IssuerSerial(true);
        xMLSignatureSigningStage.setPrivateKey(readPrivateKey);
        xMLSignatureSigningStage.setCertificates(arrayList2);
        xMLSignatureSigningStage.initialize();
        xMLSignatureSigningStage.execute(arrayList);
        xMLSignatureSigningStage.destroy();
        Assert.assertEquals(arrayList.size(), 1);
        assertXMLIdentical(readXMLData("output.xml"), (Node) ((Item) arrayList.iterator().next()).unwrap());
    }

    @Test
    public void testMDA196() throws Exception {
        Element readXMLData = readXMLData("input.xml");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DOMElementItem(readXMLData));
        PrivateKey readPrivateKey = KeyPairUtil.readPrivateKey(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingKey.pem")));
        if (!$assertionsDisabled && readPrivateKey == null) {
            throw new AssertionError();
        }
        X509Certificate readCertificate = CertUtil.readCertificate(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingCert.pem")));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(readCertificate);
        XMLSignatureSigningStage xMLSignatureSigningStage = new XMLSignatureSigningStage();
        xMLSignatureSigningStage.setId("test");
        xMLSignatureSigningStage.setIncludeKeyValue(false);
        xMLSignatureSigningStage.setIncludeX509IssuerSerial(true);
        xMLSignatureSigningStage.setIncludeX509SubjectName(true);
        xMLSignatureSigningStage.setPrivateKey(readPrivateKey);
        xMLSignatureSigningStage.setCertificates(arrayList2);
        xMLSignatureSigningStage.initialize();
        xMLSignatureSigningStage.execute(arrayList);
        xMLSignatureSigningStage.destroy();
        Assert.assertEquals(arrayList.size(), 1);
        assertXMLIdentical(readXMLData("mda196.xml"), (Node) ((Item) arrayList.iterator().next()).unwrap());
    }

    @Test
    public void testSetIdAttributeNamesNull() throws Exception {
        XMLSignatureSigningStage xMLSignatureSigningStage = new XMLSignatureSigningStage();
        xMLSignatureSigningStage.setId("test");
        try {
            xMLSignatureSigningStage.setIdAttributeNames(noQNames);
            Assert.fail("expected a constraint exception");
        } catch (ConstraintViolationException e) {
        }
    }

    @Test
    public void mda216Default() throws Exception {
        Assert.assertTrue(new XMLSignatureSigningStage().isRemovingCRsFromSignature());
    }

    @Test
    public void setRemovingCRsFromSignature() throws Exception {
        PrivateKey readPrivateKey = KeyPairUtil.readPrivateKey(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingKey.pem")));
        if (!$assertionsDisabled && readPrivateKey == null) {
            throw new AssertionError();
        }
        X509Certificate readCertificate = CertUtil.readCertificate(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingCert.pem")));
        ArrayList arrayList = new ArrayList();
        arrayList.add(readCertificate);
        List<Item<Element>> input = getInput("input.xml");
        XMLSignatureSigningStage xMLSignatureSigningStage = new XMLSignatureSigningStage();
        xMLSignatureSigningStage.setId("test");
        xMLSignatureSigningStage.setIncludeKeyValue(false);
        xMLSignatureSigningStage.setIncludeX509IssuerSerial(true);
        xMLSignatureSigningStage.setPrivateKey(readPrivateKey);
        xMLSignatureSigningStage.setCertificates(arrayList);
        xMLSignatureSigningStage.initialize();
        xMLSignatureSigningStage.execute(input);
        xMLSignatureSigningStage.destroy();
        Assert.assertEquals(input.size(), 1);
        Item<Element> next = input.iterator().next();
        Assert.assertFalse(containsCRs((Element) next.unwrap()));
        List<Item<Element>> input2 = getInput("input.xml");
        XMLSignatureSigningStage xMLSignatureSigningStage2 = new XMLSignatureSigningStage();
        xMLSignatureSigningStage2.setId("test");
        xMLSignatureSigningStage2.setIncludeKeyValue(false);
        xMLSignatureSigningStage2.setIncludeX509IssuerSerial(true);
        xMLSignatureSigningStage2.setPrivateKey(readPrivateKey);
        xMLSignatureSigningStage2.setCertificates(arrayList);
        xMLSignatureSigningStage2.setRemovingCRsFromSignature(false);
        xMLSignatureSigningStage2.initialize();
        xMLSignatureSigningStage2.execute(input2);
        xMLSignatureSigningStage2.destroy();
        Assert.assertEquals(input2.size(), 1);
        Item<Element> next2 = input2.iterator().next();
        NormalizedSource normalizedSource = new NormalizedSource(Input.fromNode((Node) next.unwrap()).build());
        Diff build = DiffBuilder.compare(normalizedSource).withTest(new NormalizedSource(Input.fromNode((Node) next2.unwrap()).build())).checkForIdentical().build();
        Assert.assertTrue(containsCRs((Element) next2.unwrap()), "expected CRs in result");
        Assert.assertTrue(build.hasDifferences(), "results were same, expected different");
    }

    @Test
    public void mda224defaultingPublicKeyFromCertificate() throws Exception {
        PrivateKey readPrivateKey = KeyPairUtil.readPrivateKey(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingKey.pem")));
        if (!$assertionsDisabled && readPrivateKey == null) {
            throw new AssertionError();
        }
        List<Item<Element>> input = getInput("input.xml");
        XMLSignatureSigningStage xMLSignatureSigningStage = new XMLSignatureSigningStage();
        X509Certificate readCertificate = CertUtil.readCertificate(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingCert.pem")));
        if (!$assertionsDisabled && readCertificate == null) {
            throw new AssertionError();
        }
        List listOf = CollectionSupport.listOf(readCertificate);
        xMLSignatureSigningStage.setId("test");
        xMLSignatureSigningStage.setIncludeKeyValue(true);
        xMLSignatureSigningStage.setPrivateKey(readPrivateKey);
        xMLSignatureSigningStage.setCertificates(listOf);
        xMLSignatureSigningStage.initialize();
        xMLSignatureSigningStage.execute(input);
        xMLSignatureSigningStage.destroy();
        Assert.assertEquals(input.size(), 1);
        Element extractKeyInfo = extractKeyInfo((Element) input.get(0).unwrap());
        if (!$assertionsDisabled && extractKeyInfo == null) {
            throw new AssertionError();
        }
        Assert.assertTrue(hasChildNamed(extractKeyInfo, new QName("http://www.w3.org/2000/09/xmldsig#", "X509Data")));
        Assert.assertTrue(hasChildNamed(extractKeyInfo, new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue")));
    }

    @Test
    public void mda224defaultingPublicKeyFromAbsentCertificate() throws Exception {
        PrivateKey readPrivateKey = KeyPairUtil.readPrivateKey(XMLSignatureSigningStageTest.class.getResourceAsStream(classRelativeResource("signingKey.pem")));
        if (!$assertionsDisabled && readPrivateKey == null) {
            throw new AssertionError();
        }
        List<Item<Element>> input = getInput("input.xml");
        XMLSignatureSigningStage xMLSignatureSigningStage = new XMLSignatureSigningStage();
        xMLSignatureSigningStage.setId("test");
        xMLSignatureSigningStage.setIncludeKeyValue(true);
        xMLSignatureSigningStage.setPrivateKey(readPrivateKey);
        xMLSignatureSigningStage.initialize();
        xMLSignatureSigningStage.execute(input);
        xMLSignatureSigningStage.destroy();
        Assert.assertEquals(input.size(), 1);
        Assert.assertNull(extractKeyInfo((Element) input.get(0).unwrap()));
    }

    @Test
    public final void testDefaultHash() {
        Assert.assertEquals(new XMLSignatureSigningStage().getSHAVariant(), XMLSignatureSigningStage.SHAVariant.SHA256);
    }

    private boolean hasChildNamed(@Nonnull Element element, @Nonnull QName qName) {
        return !ElementSupport.getChildElements(element, qName).isEmpty();
    }

    private Element extractKeyInfo(@Nonnull Element element) {
        Element firstChildElement = ElementSupport.getFirstChildElement(element, XMLDSIGSupport.SIGNATURE_NAME);
        if (!$assertionsDisabled && firstChildElement == null) {
            throw new AssertionError();
        }
        NodeList elementsByTagNameNS = firstChildElement.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
        Assert.assertNotNull(elementsByTagNameNS);
        if (elementsByTagNameNS.getLength() != 0) {
            return (Element) elementsByTagNameNS.item(0);
        }
        return null;
    }

    static {
        $assertionsDisabled = !XMLSignatureSigningStageTest.class.desiredAssertionStatus();
    }
}
