package org.opensaml.xmlsec.keyinfo.impl;

import com.google.common.collect.Iterables;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import net.shibboleth.shared.resolver.ResolverException;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialContextSet;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.impl.CollectionCredentialResolver;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.agreement.KeyAgreementCredential;
import org.opensaml.xmlsec.agreement.KeyAgreementParameters;
import org.opensaml.xmlsec.agreement.impl.ECDHKeyAgreementProcessor;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.derivation.impl.ConcatKDF;
import org.opensaml.xmlsec.encryption.AgreementMethod;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.EncryptedType;
import org.opensaml.xmlsec.encryption.EncryptionMethod;
import org.opensaml.xmlsec.encryption.KeySize;
import org.opensaml.xmlsec.encryption.OriginatorKeyInfo;
import org.opensaml.xmlsec.encryption.RecipientKeyInfo;
import org.opensaml.xmlsec.keyinfo.KeyInfoCriterion;
import org.opensaml.xmlsec.keyinfo.impl.provider.AgreementMethodKeyInfoProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/xmlsec/keyinfo/impl/AgreementMethodTest.class */
public class AgreementMethodTest extends XMLObjectBaseTestCase {
    private LocalKeyInfoCredentialResolver resolver;
    private Credential credRecipientPrivateEC;
    private Credential credRecipientPublicEC;
    private KeyAgreementCredential credKeyAgreementOriginatorEC;
    private CollectionCredentialResolver recipientLocalCredResolver;
    private KeyAgreementKeyInfoGeneratorFactory keyInfoFactory;
    private String expectedEncryptionAlgorithm = "http://www.w3.org/2009/xmlenc11#aes256-gcm";
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public void beforeClass() throws Exception {
        KeyPair generateKeyPair = KeySupport.generateKeyPair("EC", new ECGenParameterSpec("secp256r1"), (String) null);
        this.credRecipientPrivateEC = CredentialSupport.getSimpleCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate());
        this.credRecipientPublicEC = CredentialSupport.getSimpleCredential(generateKeyPair.getPublic(), (PrivateKey) null);
        this.recipientLocalCredResolver = new CollectionCredentialResolver();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new RSAKeyValueProvider());
        arrayList.add(new DSAKeyValueProvider());
        arrayList.add(new DEREncodedKeyValueProvider());
        arrayList.add(new InlineX509DataProvider());
        arrayList.add(new AgreementMethodKeyInfoProvider());
        this.resolver = new LocalKeyInfoCredentialResolver(arrayList, this.recipientLocalCredResolver);
        this.keyInfoFactory = new KeyAgreementKeyInfoGeneratorFactory();
    }

    @BeforeMethod
    public void beforeMethod() throws Exception {
        this.recipientLocalCredResolver.getCollection().clear();
        this.recipientLocalCredResolver.getCollection().add(this.credRecipientPrivateEC);
        ConcatKDF concatKDF = new ConcatKDF();
        concatKDF.setDigestMethod("http://www.w3.org/2001/04/xmlenc#sha512");
        concatKDF.setAlgorithmID("AA");
        concatKDF.setPartyUInfo("BB");
        concatKDF.setPartyVInfo("CC");
        concatKDF.setSuppPubInfo("DD");
        concatKDF.setSuppPrivInfo("EE");
        concatKDF.initialize();
        KeyAgreementParameters keyAgreementParameters = new KeyAgreementParameters();
        keyAgreementParameters.add(concatKDF);
        this.credKeyAgreementOriginatorEC = new ECDHKeyAgreementProcessor().execute(this.credRecipientPublicEC, this.expectedEncryptionAlgorithm, keyAgreementParameters);
    }

    @Test
    public void ECDHWithConcatKDF_Success() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        Iterable resolve = this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
        Assert.assertNotNull(resolve);
        Assert.assertEquals(Iterables.size(resolve), 1);
        Credential credential = (Credential) resolve.iterator().next();
        Assert.assertTrue(KeyAgreementCredential.class.isInstance(credential));
        KeyAgreementCredential keyAgreementCredential = (KeyAgreementCredential) KeyAgreementCredential.class.cast(credential);
        Assert.assertEquals(keyAgreementCredential.getAlgorithm(), "http://www.w3.org/2009/xmlenc11#ECDH-ES");
        validateDerivedKey(keyAgreementCredential, this.expectedEncryptionAlgorithm);
        Assert.assertNotNull(keyAgreementCredential.getOriginatorCredential());
        Assert.assertNotNull(keyAgreementCredential.getOriginatorCredential().getPublicKey());
        Assert.assertNull(keyAgreementCredential.getOriginatorCredential().getPrivateKey());
        Assert.assertEquals(keyAgreementCredential.getOriginatorCredential().getPublicKey(), this.credKeyAgreementOriginatorEC.getOriginatorCredential().getPublicKey());
        Assert.assertNotNull(keyAgreementCredential.getRecipientCredential());
        Assert.assertNotNull(keyAgreementCredential.getRecipientCredential().getPublicKey());
        Assert.assertNotNull(keyAgreementCredential.getRecipientCredential().getPrivateKey());
        Assert.assertEquals(keyAgreementCredential.getRecipientCredential().getPublicKey(), this.credRecipientPrivateEC.getPublicKey());
        Assert.assertEquals(keyAgreementCredential.getRecipientCredential().getPrivateKey(), this.credRecipientPrivateEC.getPrivateKey());
        Assert.assertTrue(keyAgreementCredential.getParameters().contains(ConcatKDF.class));
        ConcatKDF concatKDF = (ConcatKDF) keyAgreementCredential.getParameters().get(ConcatKDF.class);
        if (!$assertionsDisabled && concatKDF == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(concatKDF.getDigestMethod(), "http://www.w3.org/2001/04/xmlenc#sha512");
        Assert.assertEquals(concatKDF.getAlgorithmID(), "AA");
        Assert.assertEquals(concatKDF.getPartyUInfo(), "BB");
        Assert.assertEquals(concatKDF.getPartyVInfo(), "CC");
        Assert.assertEquals(concatKDF.getSuppPubInfo(), "DD");
        Assert.assertEquals(concatKDF.getSuppPrivInfo(), "EE");
        CredentialContextSet credentialContextSet = keyAgreementCredential.getCredentialContextSet();
        if (!$assertionsDisabled && credentialContextSet == null) {
            throw new AssertionError();
        }
        KeyInfoCredentialContext keyInfoCredentialContext = (KeyInfoCredentialContext) credentialContextSet.get(KeyInfoCredentialContext.class);
        if (!$assertionsDisabled && keyInfoCredentialContext == null) {
            throw new AssertionError();
        }
        Assert.assertSame(keyInfoCredentialContext.getKeyInfo(), prepareAndValidateKeyInfo);
    }

    @Test
    public void agreementAlgorithmNotRegistered() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        ((AgreementMethod) prepareAndValidateKeyInfo.getAgreementMethods().get(0)).setAlgorithm("INVALID");
        Iterable resolve = this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
        Assert.assertNotNull(resolve);
        Assert.assertEquals(Iterables.size(resolve), 0);
    }

    @Test
    public void agreementMethodNotGranndchildOfEncryptedType() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        prepareAndValidateKeyInfo.setParent((XMLObject) null);
        Iterable resolve = this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
        Assert.assertNotNull(resolve);
        Assert.assertEquals(Iterables.size(resolve), 0);
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void missingEncryptionAlgorithm() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        EncryptionMethod encryptionMethod = ((EncryptedType) EncryptedType.class.cast(prepareAndValidateKeyInfo.getParent())).getEncryptionMethod();
        if (!$assertionsDisabled && encryptionMethod == null) {
            throw new AssertionError();
        }
        encryptionMethod.setAlgorithm((String) null);
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void unknownEncryptionAlgorithm() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        EncryptionMethod encryptionMethod = ((EncryptedType) EncryptedType.class.cast(prepareAndValidateKeyInfo.getParent())).getEncryptionMethod();
        if (!$assertionsDisabled && encryptionMethod == null) {
            throw new AssertionError();
        }
        encryptionMethod.setAlgorithm("INVALID");
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void missingOriginatorKeyInfo() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        ((AgreementMethod) prepareAndValidateKeyInfo.getAgreementMethods().get(0)).setOriginatorKeyInfo((OriginatorKeyInfo) null);
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void originatorCredResolutionFailedMissingKeyInfoData() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        OriginatorKeyInfo originatorKeyInfo = ((AgreementMethod) prepareAndValidateKeyInfo.getAgreementMethods().get(0)).getOriginatorKeyInfo();
        if (!$assertionsDisabled && originatorKeyInfo == null) {
            throw new AssertionError();
        }
        originatorKeyInfo.getDEREncodedKeyValues().clear();
        originatorKeyInfo.getKeyValues().clear();
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void missingRecipientKeyInfo() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        ((AgreementMethod) prepareAndValidateKeyInfo.getAgreementMethods().get(0)).setRecipientKeyInfo((RecipientKeyInfo) null);
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void recipientCredResolutionFailedMissingKeyInfoData() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        RecipientKeyInfo recipientKeyInfo = ((AgreementMethod) prepareAndValidateKeyInfo.getAgreementMethods().get(0)).getRecipientKeyInfo();
        if (!$assertionsDisabled && recipientKeyInfo == null) {
            throw new AssertionError();
        }
        recipientKeyInfo.getDEREncodedKeyValues().clear();
        recipientKeyInfo.getKeyValues().clear();
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void recipientCredResolutionFailedAtCredentialResolver() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        this.recipientLocalCredResolver.getCollection().clear();
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void recipientCredMissingPrivateKey() throws Exception {
        KeyInfo prepareAndValidateKeyInfo = prepareAndValidateKeyInfo(this.credKeyAgreementOriginatorEC);
        this.recipientLocalCredResolver.getCollection().clear();
        this.recipientLocalCredResolver.getCollection().add(this.credRecipientPublicEC);
        this.resolver.resolve(new CriteriaSet(new Criterion[]{new KeyInfoCriterion(prepareAndValidateKeyInfo)}));
    }

    @Nonnull
    private KeyInfo prepareAndValidateKeyInfo(KeyAgreementCredential keyAgreementCredential) throws SecurityException {
        KeyInfo generate = this.keyInfoFactory.newInstance().generate(this.credKeyAgreementOriginatorEC);
        if (!$assertionsDisabled && generate == null) {
            throw new AssertionError();
        }
        List orderedChildren = generate.getOrderedChildren();
        if (!$assertionsDisabled && orderedChildren == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(orderedChildren.size(), 1);
        Assert.assertEquals(generate.getAgreementMethods().size(), 1);
        makeEncryptionMethodChild(generate, this.expectedEncryptionAlgorithm, null, EncryptedData.DEFAULT_ELEMENT_NAME);
        return generate;
    }

    @Nonnull
    private EncryptedType makeEncryptionMethodChild(KeyInfo keyInfo, String str, Integer num, QName qName) {
        EncryptedType buildXMLObject = buildXMLObject(qName);
        buildXMLObject.setKeyInfo(keyInfo);
        EncryptionMethod buildXMLObject2 = buildXMLObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setAlgorithm(str);
        if (num != null) {
            KeySize buildXMLObject3 = buildXMLObject(KeySize.DEFAULT_ELEMENT_NAME);
            buildXMLObject3.setValue(num);
            buildXMLObject2.setKeySize(buildXMLObject3);
        }
        buildXMLObject.setEncryptionMethod(buildXMLObject2);
        return buildXMLObject;
    }

    private void validateDerivedKey(@Nonnull Credential credential, @Nonnull String str) {
        Assert.assertNotNull(credential.getSecretKey());
        SecretKey secretKey = credential.getSecretKey();
        if (!$assertionsDisabled && secretKey == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(secretKey.getAlgorithm(), AlgorithmSupport.getKeyAlgorithm(str));
        Assert.assertEquals(KeySupport.getKeyLength(secretKey), AlgorithmSupport.getKeyLength(str));
    }

    static {
        $assertionsDisabled = !AgreementMethodTest.class.desiredAssertionStatus();
    }
}
