package org.opensaml.xmlsec.encryption.support;

import com.google.common.collect.Sets;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Collection;
import java.util.Collections;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBaseTestCase;
import org.opensaml.security.SecurityProviderTestSupport;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.mock.SignableSimpleXMLObject;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.w3c.dom.Document;

/* loaded from: input_file:org/opensaml/xmlsec/encryption/support/SimpleDecryptionTest.class */
public class SimpleDecryptionTest extends XMLObjectBaseTestCase {
    private KeyInfoCredentialResolver keyResolver;
    private KeyInfoCredentialResolver kekResolver;
    private Key encKey;
    private DataEncryptionParameters encParams;
    private EncryptedData encryptedData;
    private EncryptedData encryptedContent;
    private Credential encCred;
    private KeyEncryptionParameters kekParams;
    private EncryptedKey encryptedKey;
    private Credential kekCred;
    private Document targetDOM;
    private SignableSimpleXMLObject targetObject;
    private SecurityProviderTestSupport providerSupport = new SecurityProviderTestSupport();
    private String encURI = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    private String kekURI = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    private String targetFile = "/data/org/opensaml/xmlsec/encryption/support/SimpleDecryptionTest.xml";

    @BeforeMethod
    protected void setUp() throws Exception {
        this.encCred = AlgorithmSupport.generateSymmetricKeyAndCredential(this.encURI);
        this.encKey = this.encCred.getSecretKey();
        this.keyResolver = new StaticKeyInfoCredentialResolver(this.encCred);
        this.encParams = new DataEncryptionParameters();
        this.encParams.setAlgorithm(this.encURI);
        this.encParams.setEncryptionCredential(this.encCred);
        this.kekCred = AlgorithmSupport.generateKeyPairAndCredential(this.kekURI, 1024, true);
        this.kekResolver = new StaticKeyInfoCredentialResolver(this.kekCred);
        this.kekParams = new KeyEncryptionParameters();
        this.kekParams.setAlgorithm(this.kekURI);
        this.kekParams.setEncryptionCredential(this.kekCred);
        Encrypter encrypter = new Encrypter();
        this.encryptedKey = encrypter.encryptKey(this.encKey, this.kekParams, parserPool.newDocument());
        this.targetDOM = parserPool.parse(SimpleDecryptionTest.class.getResourceAsStream(this.targetFile));
        this.targetObject = unmarshallElement(this.targetFile);
        try {
            this.encryptedData = encrypter.encryptElement(this.targetObject, this.encParams);
            this.encryptedContent = encrypter.encryptElementContent(this.targetObject, this.encParams);
        } catch (EncryptionException e) {
            Assert.fail("Object encryption failed: " + e);
        }
    }

    @Test
    public void testEncryptedKey() {
        Key key = null;
        try {
            key = new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null).decryptKey(this.encryptedKey, this.encURI);
        } catch (DecryptionException e) {
            Assert.fail("Error on decryption of EncryptedKey: " + e);
        }
        Assert.assertEquals(this.encKey, key, "Decrypted EncryptedKey");
    }

    @Test
    public void testEncryptedElement() {
        XMLObject xMLObject = null;
        try {
            xMLObject = new Decrypter(this.keyResolver, (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null).decryptData(this.encryptedData);
        } catch (DecryptionException e) {
            Assert.fail("Error on decryption of EncryptedData to element: " + e);
        }
        assertXMLEquals(this.targetDOM, xMLObject);
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedDataAlgorithmBlacklistFail() throws DecryptionException {
        new Decrypter(this.keyResolver, (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null, (Collection) null, Collections.singleton(this.encURI)).decryptData(this.encryptedData);
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedDataAlgorithmWhitelistFail() throws DecryptionException {
        new Decrypter(this.keyResolver, (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null, Collections.singleton("urn-x:some:bogus:algo"), (Collection) null).decryptData(this.encryptedData);
    }

    @Test
    public void testEncryptedDataAlgorithmWhitelistPass() throws DecryptionException {
        new Decrypter(this.keyResolver, (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null, Collections.singleton(this.encURI), (Collection) null).decryptData(this.encryptedData);
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedKeyAlgorithmBlacklistFail() throws DecryptionException {
        new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, (Collection) null, Collections.singleton(this.kekURI)).decryptKey(this.encryptedKey, this.encURI);
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedKeyDigestMethodBlacklistFail() throws DecryptionException, EncryptionException, XMLParserException {
        this.providerSupport.loadBC();
        try {
            KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
            keyEncryptionParameters.setAlgorithm("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            keyEncryptionParameters.setEncryptionCredential(this.kekCred);
            keyEncryptionParameters.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2009/xmlenc11#mgf1sha256", (String) null));
            this.encryptedKey = new Encrypter().encryptKey(this.encKey, keyEncryptionParameters, parserPool.newDocument());
            new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, (Collection) null, Collections.singleton("http://www.w3.org/2001/04/xmlenc#sha256")).decryptKey(this.encryptedKey, this.encURI);
            this.providerSupport.unloadBC();
        } catch (Throwable th) {
            this.providerSupport.unloadBC();
            throw th;
        }
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedKeyMGFBlacklistFail() throws DecryptionException, EncryptionException, XMLParserException {
        this.providerSupport.loadBC();
        try {
            KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
            keyEncryptionParameters.setAlgorithm("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            keyEncryptionParameters.setEncryptionCredential(this.kekCred);
            keyEncryptionParameters.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2009/xmlenc11#mgf1sha256", (String) null));
            this.encryptedKey = new Encrypter().encryptKey(this.encKey, keyEncryptionParameters, parserPool.newDocument());
            new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, (Collection) null, Collections.singleton("http://www.w3.org/2009/xmlenc11#mgf1sha256")).decryptKey(this.encryptedKey, this.encURI);
            this.providerSupport.unloadBC();
        } catch (Throwable th) {
            this.providerSupport.unloadBC();
            throw th;
        }
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedKeyAlgorithmWhitelistFail() throws DecryptionException, EncryptionException, XMLParserException {
        new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, Collections.singleton("urn-x:some:bogus:algo"), (Collection) null).decryptKey(this.encryptedKey, this.encURI);
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedKeyDigestMethodWhitelistFail() throws DecryptionException, EncryptionException, XMLParserException {
        this.providerSupport.loadBC();
        try {
            KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
            keyEncryptionParameters.setAlgorithm("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            keyEncryptionParameters.setEncryptionCredential(this.kekCred);
            keyEncryptionParameters.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2009/xmlenc11#mgf1sha256", (String) null));
            this.encryptedKey = new Encrypter().encryptKey(this.encKey, keyEncryptionParameters, parserPool.newDocument());
            new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, Sets.newHashSet(new String[]{"http://www.w3.org/2009/xmlenc11#rsa-oaep", "urn-x:some:bogus:algo", "http://www.w3.org/2009/xmlenc11#mgf1sha256"}), (Collection) null).decryptKey(this.encryptedKey, this.encURI);
            this.providerSupport.unloadBC();
        } catch (Throwable th) {
            this.providerSupport.unloadBC();
            throw th;
        }
    }

    @Test(expectedExceptions = {DecryptionException.class})
    public void testEncryptedKeyMGFWhitelistFail() throws DecryptionException, EncryptionException, XMLParserException {
        this.providerSupport.loadBC();
        try {
            KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
            keyEncryptionParameters.setAlgorithm("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            keyEncryptionParameters.setEncryptionCredential(this.kekCred);
            keyEncryptionParameters.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2009/xmlenc11#mgf1sha256", (String) null));
            this.encryptedKey = new Encrypter().encryptKey(this.encKey, keyEncryptionParameters, parserPool.newDocument());
            new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, Sets.newHashSet(new String[]{"http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#sha256", "urn-x:some:bogus:algo"}), (Collection) null).decryptKey(this.encryptedKey, this.encURI);
            this.providerSupport.unloadBC();
        } catch (Throwable th) {
            this.providerSupport.unloadBC();
            throw th;
        }
    }

    @Test
    public void testEncryptedKeyAlgorithmWhitelistPass() throws DecryptionException, EncryptionException, XMLParserException {
        new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, Sets.newHashSet(new String[]{this.kekURI, "http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2009/xmlenc11#mgf1sha1"}), (Collection) null).decryptKey(this.encryptedKey, this.encURI);
        this.providerSupport.loadBC();
        try {
            KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
            keyEncryptionParameters.setAlgorithm("http://www.w3.org/2009/xmlenc11#rsa-oaep");
            keyEncryptionParameters.setEncryptionCredential(this.kekCred);
            keyEncryptionParameters.setRSAOAEPParameters(new RSAOAEPParameters("http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2009/xmlenc11#mgf1sha256", (String) null));
            this.encryptedKey = new Encrypter().encryptKey(this.encKey, keyEncryptionParameters, parserPool.newDocument());
            new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, (EncryptedKeyResolver) null, Sets.newHashSet(new String[]{"http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2009/xmlenc11#mgf1sha256"}), (Collection) null).decryptKey(this.encryptedKey, this.encURI);
            this.providerSupport.unloadBC();
        } catch (Throwable th) {
            this.providerSupport.unloadBC();
            throw th;
        }
    }

    @Test
    public void testEncryptedElementWithEncryptedKeyInline() {
        KeyInfo buildXMLObject = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        buildXMLObject.getEncryptedKeys().add(this.encryptedKey);
        this.encryptedData.setKeyInfo(buildXMLObject);
        XMLObject xMLObject = null;
        try {
            xMLObject = new Decrypter((KeyInfoCredentialResolver) null, this.kekResolver, new InlineEncryptedKeyResolver()).decryptData(this.encryptedData);
        } catch (DecryptionException e) {
            Assert.fail("Error on decryption of EncryptedData to element: " + e);
        }
        assertXMLEquals(this.targetDOM, xMLObject);
    }

    @Test
    public void testErrorNoResolvers() {
        try {
            new Decrypter((KeyInfoCredentialResolver) null, (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null).decryptData(this.encryptedData);
            Assert.fail("Decryption should have failed, no resolvers configured");
        } catch (DecryptionException e) {
        }
    }

    @Test
    public void testErrorInvalidDataDecryptionKey() throws NoSuchAlgorithmException, NoSuchProviderException, KeyException {
        try {
            new Decrypter(new StaticKeyInfoCredentialResolver(new BasicCredential(AlgorithmSupport.generateSymmetricKey(this.encURI))), (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null).decryptData(this.encryptedData);
            Assert.fail("Decryption should have failed, invalid data decryption key");
        } catch (DecryptionException e) {
        }
    }

    @Test
    public void testErrorInvalidKeyDecryptionKey() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPair generateKeyPair = AlgorithmSupport.generateKeyPair(this.kekURI, 1024);
        try {
            new Decrypter((KeyInfoCredentialResolver) null, new StaticKeyInfoCredentialResolver(new BasicCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate())), (EncryptedKeyResolver) null).decryptKey(this.encryptedKey, this.encURI);
            Assert.fail("Decryption should have failed, invalid key decryption key");
        } catch (DecryptionException e) {
        }
    }

    @Test
    public void testEncryptedContent() {
        try {
            new Decrypter(this.keyResolver, (KeyInfoCredentialResolver) null, (EncryptedKeyResolver) null).decryptData(this.encryptedContent);
            Assert.fail("This should have failed, decryption of element content not yet supported");
        } catch (DecryptionException e) {
            Assert.assertTrue(true, "Decryption of element content not yet supported");
        }
    }
}
