package org.opensaml.xmlsec.signature.support.impl;

import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.xml.XMLObjectBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.PKIXValidationInformation;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509Support;
import org.opensaml.security.x509.impl.BasicPKIXValidationInformation;
import org.opensaml.security.x509.impl.StaticPKIXValidationInformationResolver;
import org.opensaml.xmlsec.SignatureValidationParameters;
import org.opensaml.xmlsec.XMLSecurityTestingSupport;
import org.opensaml.xmlsec.crypto.XMLSigningUtil;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.mock.SignableSimpleXMLObject;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.SignableXMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.DocumentInternalIDContentReference;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidationParametersCriterion;
import org.opensaml.xmlsec.signature.support.Signer;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.w3c.dom.Element;

/* loaded from: input_file:org/opensaml/xmlsec/signature/support/impl/PKIXSignatureTrustEngineTest.class */
public class PKIXSignatureTrustEngineTest extends XMLObjectBaseTestCase {
    private static final String DATA_PATH = "/org/opensaml/xmlsec/signature/support/";
    private static final Set<X509CRL> EMPTY_CRLS = new HashSet();
    private static final Set<X509Certificate> EMPTY_ANCHORS = new HashSet();
    private static final Integer MAX_DEPTH = 10;
    private PKIXSignatureTrustEngine engine;
    private Signature signature;
    private CriteriaSet criteriaSet;
    private String subjectCN;
    private boolean tamperDocumentPostSigning;
    private boolean emitKeyInfo;
    private boolean emitKeyValueOnly;
    private String rawData;
    private byte[] rawSignedContent;
    private String rawAlgorithmURI;
    private byte[] rawSignature;
    private Credential rawCandidateCred;

    @BeforeMethod
    protected void setUp() throws Exception {
        this.subjectCN = "foo.example.org";
        this.criteriaSet = new CriteriaSet(new Criterion[]{new EntityIdCriterion("dummy-entity-id")});
        this.tamperDocumentPostSigning = false;
        this.emitKeyInfo = true;
        this.emitKeyValueOnly = false;
        this.rawData = "Hello, here is some secret data that is to be signed";
        this.rawSignedContent = this.rawData.getBytes();
        this.rawAlgorithmURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    }

    @Test
    public void testGoodPathInAnchors() {
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateSuccess("Entity cert was good, path in trust anchors set");
    }

    @Test
    public void testGoodPathInCred() {
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateSuccess("Entity cert was good, full path in cred");
    }

    @Test
    public void testGoodPathNoTrustedNames() {
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, new String[0]);
        testValidateFailure("Entity cert was good, full path in cred, no trusted names");
    }

    @Test
    public void testGoodPathBadTrustedName() {
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, "NOT" + this.subjectCN);
        testValidateFailure("Entity cert was good, full path in cred, bad trusted names");
    }

    @Test
    public void testCertRevoked() {
        this.signature = getSignature("foo-1A1-revoked.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.engine = getEngine(getCertificates("root1-ca.crt"), getCRLS("inter1A1-v1.crl"), MAX_DEPTH, this.subjectCN);
        testValidateFailure("Entity cert was revoked");
    }

    @Test
    public void testCertExpired() {
        this.signature = getSignature("foo-1A1-expired.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("Entity cert was expired");
    }

    @Test
    public void testMissingAnchor() {
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.engine = getEngine(getCertificates("root2-ca.crt", "inter2A-ca.crt", "inter2B-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("No path to entity cert, root CA trust anchor missing");
    }

    @Test
    public void testNoAnchors() {
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.engine = getEngine(EMPTY_ANCHORS, EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("No trust anchors at all in validation set");
    }

    @Test
    public void testTamperedData() throws SecurityException {
        this.tamperDocumentPostSigning = true;
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("Entity cert was good, data was tampered with");
    }

    @Test
    public void testNoCandidateCred() throws SecurityException {
        this.emitKeyInfo = false;
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("Entity cert was good, but validation credential was not present in Signature's KeyInfo");
    }

    @Test
    public void testWrongCredType() throws SecurityException {
        this.emitKeyValueOnly = true;
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("Entity cert was good, but validation credential in KeyInfo was not an X509Credential");
    }

    @Test
    public void testWhitelistedAlgorithms() {
        HashSet hashSet = new HashSet();
        hashSet.add("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        hashSet.add("http://www.w3.org/2000/09/xmldsig#sha1");
        SignatureValidationParameters signatureValidationParameters = new SignatureValidationParameters();
        signatureValidationParameters.setWhitelistedAlgorithms(hashSet);
        this.criteriaSet.add(new SignatureValidationParametersCriterion(signatureValidationParameters));
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateSuccess("Signature was valid with whitelisted algorithms");
    }

    @Test
    public void testBlacklistedSignatureAlgorithm() {
        HashSet hashSet = new HashSet();
        hashSet.add("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        SignatureValidationParameters signatureValidationParameters = new SignatureValidationParameters();
        signatureValidationParameters.setBlacklistedAlgorithms(hashSet);
        this.criteriaSet.add(new SignatureValidationParametersCriterion(signatureValidationParameters));
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("Signature algorithm was blacklisted");
    }

    @Test
    public void testBlacklistedDigestAlgorithm() {
        HashSet hashSet = new HashSet();
        hashSet.add("http://www.w3.org/2000/09/xmldsig#sha1");
        SignatureValidationParameters signatureValidationParameters = new SignatureValidationParameters();
        signatureValidationParameters.setBlacklistedAlgorithms(hashSet);
        this.criteriaSet.add(new SignatureValidationParametersCriterion(signatureValidationParameters));
        this.signature = getSignature("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testValidateFailure("Digest algorithm was blacklisted");
    }

    @Test
    public void testRawGoodPathInAnchors() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateSuccess("Entity cert was good, path in trust anchors set");
    }

    @Test
    public void testRawGoodPathInCred() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateSuccess("Entity cert was good, path in cred set");
    }

    @Test
    public void testRawGoodPathNoTrustedNames() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, new String[0]);
        testRawValidateFailure("Entity cert was good, empty trusted names");
    }

    @Test
    public void testRawGoodPathBadTrustedName() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, "NOT" + this.subjectCN);
        testRawValidateFailure("Entity cert was good, bad trusted names");
    }

    @Test
    public void testRawCertRevoked() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-revoked.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt"), getCRLS("inter1A1-v1.crl"), MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("Entity cert was revoked");
    }

    @Test
    public void testRawCertExpired() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-expired.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("Entity cert was expired");
    }

    @Test
    public void testRawCertMissingAnchor() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root2-ca.crt", "inter2A-ca.crt", "inter2B-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("No path to entity cert, root CA trust anchor missing");
    }

    @Test
    public void testRawCertNoAnchors() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", "inter1A-ca.crt", "inter1A1-ca.crt");
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(EMPTY_ANCHORS, EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("No trust anchors at all in validation set");
    }

    @Test
    public void testRawTamperedData() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.rawSignedContent = (this.rawData + "HAHA All your base are belong to us").getBytes();
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("Entity cert was good, data was tampered with");
    }

    @Test
    public void testRawNoCandidateCred() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.rawCandidateCred = null;
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("Entity cert was good, but candidate credential was not supplied to engine");
    }

    @Test
    public void testRawWrongCredType() throws SecurityException {
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.rawCandidateCred = CredentialSupport.getSimpleCredential(this.rawCandidateCred.getPublicKey(), (PrivateKey) null);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("Entity cert was good, but candidate credential was not an X509Credential");
    }

    @Test
    public void testRawWhitelistedAlgorithm() throws SecurityException {
        HashSet hashSet = new HashSet();
        hashSet.add(this.rawAlgorithmURI);
        SignatureValidationParameters signatureValidationParameters = new SignatureValidationParameters();
        signatureValidationParameters.setWhitelistedAlgorithms(hashSet);
        this.criteriaSet.add(new SignatureValidationParametersCriterion(signatureValidationParameters));
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateSuccess("Signature was valid with whitelisted algorithm");
    }

    @Test
    public void testRawBlacklistedAlgorithm() throws SecurityException {
        HashSet hashSet = new HashSet();
        hashSet.add(this.rawAlgorithmURI);
        SignatureValidationParameters signatureValidationParameters = new SignatureValidationParameters();
        signatureValidationParameters.setBlacklistedAlgorithms(hashSet);
        this.criteriaSet.add(new SignatureValidationParametersCriterion(signatureValidationParameters));
        this.rawCandidateCred = getCredential("foo-1A1-good.crt", "foo-1A1-good.key", new String[0]);
        this.rawSignature = XMLSigningUtil.signWithURI(this.rawCandidateCred, this.rawAlgorithmURI, this.rawSignedContent);
        this.engine = getEngine(getCertificates("root1-ca.crt", "inter1A-ca.crt", "inter1A1-ca.crt"), EMPTY_CRLS, MAX_DEPTH, this.subjectCN);
        testRawValidateFailure("Signature was invalid with blacklisted algorithm");
    }

    @Test(enabled = false)
    private void testValidateSuccess(String str) {
        try {
            if (!this.engine.validate(this.signature, this.criteriaSet)) {
                Assert.fail("Evaluation of Signature failed, success was expected: " + str);
            }
        } catch (SecurityException e) {
            Assert.fail("Evaluation failed due to processing exception: " + e.getMessage());
        }
    }

    @Test(enabled = false)
    private void testValidateFailure(String str) {
        try {
            if (this.engine.validate(this.signature, this.criteriaSet)) {
                Assert.fail("Evaluation of Signature succeeded, failure was expected: " + str);
            }
        } catch (SecurityException e) {
            Assert.fail("Evaluation failed due to processing exception: " + e.getMessage());
        }
    }

    private Signature getSignature(String str, String str2, String... strArr) {
        SignableXMLObject signableXMLObject = null;
        try {
            signableXMLObject = buildSignedObject(getCredential(str, str2, strArr));
        } catch (SignatureException e) {
            Assert.fail("Error building signed object: " + e.getMessage());
        }
        Element dom = signableXMLObject.getDOM();
        if (this.tamperDocumentPostSigning) {
            Element createElementNS = dom.getOwnerDocument().createElementNS(SignableSimpleXMLObject.NAMESPACE, "test:SimpleElement");
            createElementNS.appendChild(dom.getOwnerDocument().createTextNode("HAHA, now you are tampered with"));
            dom.insertBefore(createElementNS, dom.getFirstChild());
        }
        SignableXMLObject signableXMLObject2 = null;
        try {
            signableXMLObject2 = (SignableXMLObject) unmarshallerFactory.getUnmarshaller(dom).unmarshall(dom);
        } catch (UnmarshallingException e2) {
            Assert.fail("Error unmarshalling new signed object: " + e2.getMessage());
        }
        return signableXMLObject2.getSignature();
    }

    private BasicX509Credential getCredential(String str, String str2, String... strArr) {
        X509Certificate certificate = getCertificate(str);
        BasicX509Credential basicX509Credential = new BasicX509Credential(certificate);
        basicX509Credential.setPrivateKey(getPrivateKey(str2));
        HashSet hashSet = new HashSet();
        hashSet.add(certificate);
        for (String str3 : strArr) {
            hashSet.add(getCertificate(str3));
        }
        basicX509Credential.setEntityCertificateChain(hashSet);
        return basicX509Credential;
    }

    private PKIXSignatureTrustEngine getEngine(Collection<X509Certificate> collection, Collection<X509CRL> collection2, Integer num, String... strArr) {
        PKIXValidationInformation pKIXInfoSet = getPKIXInfoSet(collection, collection2, num);
        ArrayList arrayList = new ArrayList();
        arrayList.add(pKIXInfoSet);
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            hashSet.add(str);
        }
        return new PKIXSignatureTrustEngine(new StaticPKIXValidationInformationResolver(arrayList, hashSet), XMLSecurityTestingSupport.buildBasicInlineKeyInfoResolver());
    }

    private PKIXValidationInformation getPKIXInfoSet(Collection<X509Certificate> collection, Collection<X509CRL> collection2, Integer num) {
        return new BasicPKIXValidationInformation(collection, collection2, num);
    }

    private Collection<X509Certificate> getCertificates(String... strArr) {
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            hashSet.add(getCertificate(str));
        }
        return hashSet;
    }

    private PrivateKey getPrivateKey(String str) {
        try {
            InputStream inputStream = getInputStream(str);
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return KeySupport.decodePrivateKey(bArr, (char[]) null);
        } catch (Exception e) {
            Assert.fail("Could not create private key from file: " + str + ": " + e.getMessage());
            return null;
        }
    }

    private X509Certificate getCertificate(String str) {
        try {
            InputStream inputStream = getInputStream(str);
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return (X509Certificate) X509Support.decodeCertificates(bArr).iterator().next();
        } catch (Exception e) {
            Assert.fail("Could not create certificate from file: " + str + ": " + e.getMessage());
            return null;
        }
    }

    private Collection<X509CRL> getCRLS(String... strArr) {
        HashSet hashSet = new HashSet();
        for (String str : strArr) {
            hashSet.add(getCRL(str));
        }
        return hashSet;
    }

    private X509CRL getCRL(String str) {
        try {
            InputStream inputStream = getInputStream(str);
            byte[] bArr = new byte[inputStream.available()];
            inputStream.read(bArr);
            return (X509CRL) X509Support.decodeCRLs(bArr).iterator().next();
        } catch (Exception e) {
            Assert.fail("Could not create CRL from file: " + str + ": " + e.getMessage());
            return null;
        }
    }

    private InputStream getInputStream(String str) {
        return PKIXSignatureTrustEngineTest.class.getResourceAsStream("/org/opensaml/xmlsec/signature/support/" + str);
    }

    private SignableXMLObject buildSignedObject(X509Credential x509Credential) throws SignatureException {
        SignableSimpleXMLObject buildXMLObject = buildXMLObject(SignableSimpleXMLObject.ELEMENT_NAME);
        buildXMLObject.setId("abc123");
        SignableSimpleXMLObject signableSimpleXMLObject = (SignableSimpleXMLObject) buildXMLObject(SignableSimpleXMLObject.ELEMENT_NAME);
        signableSimpleXMLObject.setValue("SomeSimpleValueAsTextContent");
        buildXMLObject.getSimpleXMLObjects().add(signableSimpleXMLObject);
        Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        signature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        signature.setSigningCredential(x509Credential);
        DocumentInternalIDContentReference documentInternalIDContentReference = new DocumentInternalIDContentReference(buildXMLObject.getId());
        documentInternalIDContentReference.setDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
        documentInternalIDContentReference.getTransforms().add("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        documentInternalIDContentReference.getTransforms().add("http://www.w3.org/2001/10/xml-exc-c14n#");
        signature.getContentReferences().add(documentInternalIDContentReference);
        if (this.emitKeyInfo) {
            X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
            if (this.emitKeyValueOnly) {
                x509KeyInfoGeneratorFactory.setEmitPublicKeyValue(true);
            } else {
                x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
                x509KeyInfoGeneratorFactory.setEmitEntityCertificateChain(true);
                x509KeyInfoGeneratorFactory.setEmitX509SubjectName(true);
            }
            KeyInfo keyInfo = null;
            try {
                keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(x509Credential);
            } catch (SecurityException e) {
                Assert.fail("Error generating KeyInfo from signing credential: " + e);
            }
            signature.setKeyInfo(keyInfo);
        }
        buildXMLObject.setSignature(signature);
        try {
            XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(buildXMLObject).marshall(buildXMLObject);
        } catch (MarshallingException e2) {
            Assert.fail("Error marshalling object for signing: " + e2);
        }
        Signer.signObject(signature);
        return buildXMLObject;
    }

    @Test(enabled = false)
    private void testRawValidateSuccess(String str) {
        try {
            if (!this.engine.validate(this.rawSignature, this.rawSignedContent, this.rawAlgorithmURI, this.criteriaSet, this.rawCandidateCred)) {
                Assert.fail("Evaluation of Signature failed, success was expected: " + str);
            }
        } catch (SecurityException e) {
            Assert.fail("Evaluation failed due to processing exception: " + e.getMessage());
        }
    }

    @Test(enabled = false)
    private void testRawValidateFailure(String str) {
        try {
            if (this.engine.validate(this.rawSignature, this.rawSignedContent, this.rawAlgorithmURI, this.criteriaSet, this.rawCandidateCred)) {
                Assert.fail("Evaluation of Signature succeeded, failure was expected: " + str);
            }
        } catch (SecurityException e) {
            Assert.fail("Evaluation failed due to processing exception: " + e.getMessage());
        }
    }
}
