package org.opensaml.xmlsec.encryption.support.tests;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import net.shibboleth.shared.xml.ParserPool;
import net.shibboleth.shared.xml.SerializeSupport;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.impl.CollectionCredentialResolver;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.DecryptionConfiguration;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.DecryptionParametersResolver;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.EncryptionParameters;
import org.opensaml.xmlsec.EncryptionParametersResolver;
import org.opensaml.xmlsec.agreement.impl.DigestMethod;
import org.opensaml.xmlsec.agreement.impl.KANonce;
import org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion;
import org.opensaml.xmlsec.criterion.EncryptionConfigurationCriterion;
import org.opensaml.xmlsec.encryption.AgreementMethod;
import org.opensaml.xmlsec.encryption.EncryptedData;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.EncryptionMethod;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.Decrypter;
import org.opensaml.xmlsec.encryption.support.Encrypter;
import org.opensaml.xmlsec.encryption.support.KeyAgreementEncryptionConfiguration;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.impl.BasicDecryptionConfiguration;
import org.opensaml.xmlsec.impl.BasicDecryptionParametersResolver;
import org.opensaml.xmlsec.impl.BasicEncryptionConfiguration;
import org.opensaml.xmlsec.impl.BasicEncryptionParametersResolver;
import org.opensaml.xmlsec.keyinfo.impl.LocalKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.provider.AgreementMethodKeyInfoProvider;
import org.opensaml.xmlsec.mock.SignableSimpleXMLObject;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.testing.XMLSecurityTestingSupport;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.w3c.dom.Element;

/* loaded from: input_file:org/opensaml/xmlsec/encryption/support/tests/DHWithLegacyKDFTest.class */
public class DHWithLegacyKDFTest extends XMLObjectBaseTestCase {
    private String targetFile;
    private Credential recipientCredPrivate;
    private Credential recipientCredPublic;
    private CollectionCredentialResolver localCredentialResolver;
    private LocalKeyInfoCredentialResolver localKeyInfoResolver;
    private Encrypter encrypter;
    private EncryptionParametersResolver encParamsResolver;
    private CriteriaSet encCriteria;
    private BasicEncryptionConfiguration encConfig;
    private BasicEncryptionConfiguration encConfig2;
    private DecryptionParametersResolver decryptParamsResolver;
    private CriteriaSet decryptCriteria;
    private BasicDecryptionConfiguration decryptConfig;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public void beforeClass() throws Exception {
        this.targetFile = "/org/opensaml/xmlsec/encryption/support/SimpleEncryptionTest.xml";
        KeyPair generateKeyPair = KeySupport.generateKeyPair("DiffieHellman", 2048, (String) null);
        this.recipientCredPrivate = new BasicCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate());
        this.recipientCredPublic = new BasicCredential(generateKeyPair.getPublic());
        this.encrypter = new Encrypter();
        this.encParamsResolver = new BasicEncryptionParametersResolver();
        this.decryptParamsResolver = new BasicDecryptionParametersResolver();
        this.localCredentialResolver = new CollectionCredentialResolver(Set.of(this.recipientCredPrivate));
        ArrayList arrayList = new ArrayList(XMLSecurityTestingSupport.getBasicInlineKeyInfoProviders());
        arrayList.add(new AgreementMethodKeyInfoProvider());
        this.localKeyInfoResolver = new LocalKeyInfoCredentialResolver(arrayList, this.localCredentialResolver);
    }

    @BeforeMethod
    public void beforeMethod() throws Exception {
        this.encConfig = new BasicEncryptionConfiguration();
        this.encConfig2 = new BasicEncryptionConfiguration();
        this.encCriteria = new CriteriaSet(new Criterion[]{new EncryptionConfigurationCriterion(new EncryptionConfiguration[]{this.encConfig, this.encConfig2, (EncryptionConfiguration) ConfigurationService.get(EncryptionConfiguration.class)})});
        KeyAgreementEncryptionConfiguration keyAgreementEncryptionConfiguration = new KeyAgreementEncryptionConfiguration();
        keyAgreementEncryptionConfiguration.setAlgorithm("http://www.w3.org/2001/04/xmlenc#dh");
        DigestMethod digestMethod = new DigestMethod();
        digestMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
        digestMethod.initialize();
        KANonce kANonce = new KANonce();
        kANonce.initialize();
        keyAgreementEncryptionConfiguration.setParameters(CollectionSupport.setOf(digestMethod, kANonce));
        this.encConfig2.setKeyAgreementConfigurations(Map.of("DH", keyAgreementEncryptionConfiguration));
        this.decryptConfig = new BasicDecryptionConfiguration();
        this.decryptConfig.setDataKeyInfoCredentialResolver(this.localKeyInfoResolver);
        this.decryptConfig.setKEKKeyInfoCredentialResolver(this.localKeyInfoResolver);
        this.decryptCriteria = new CriteriaSet(new Criterion[]{new DecryptionConfigurationCriterion(new DecryptionConfiguration[]{this.decryptConfig, (DecryptionConfiguration) ConfigurationService.get(DecryptionConfiguration.class)})});
    }

    @Test
    public void roundtripDirectDataEncryption() throws Exception {
        this.encConfig.setDataEncryptionCredentials(List.of(this.recipientCredPublic));
        testRoundtrip("http://www.w3.org/2001/04/xmlenc#aes128-cbc", null, "http://www.w3.org/2001/04/xmlenc#sha256", true);
    }

    @Test
    public void roundtripDirectDataEncryptionWithAlgorithmOverrides() throws Exception {
        this.encConfig.setDataEncryptionCredentials(List.of(this.recipientCredPublic));
        this.encConfig.setDataEncryptionAlgorithms(List.of("http://www.w3.org/2009/xmlenc11#aes128-gcm"));
        testRoundtrip("http://www.w3.org/2009/xmlenc11#aes128-gcm", null, "http://www.w3.org/2001/04/xmlenc#sha256", true);
    }

    @Test
    public void roundtripWithKeyWrap() throws Exception {
        this.encConfig.setKeyTransportEncryptionCredentials(List.of(this.recipientCredPublic));
        testRoundtrip("http://www.w3.org/2001/04/xmlenc#aes128-cbc", "http://www.w3.org/2001/04/xmlenc#kw-aes128", "http://www.w3.org/2001/04/xmlenc#sha256", true);
    }

    @Test
    public void roundtripWithKeyWrapAndAlgorithmOverrides() throws Exception {
        this.encConfig.setKeyTransportEncryptionCredentials(List.of(this.recipientCredPublic));
        this.encConfig.setKeyTransportEncryptionAlgorithms(List.of("http://www.w3.org/2001/04/xmlenc#kw-aes256"));
        this.encConfig.setDataEncryptionAlgorithms(List.of("http://www.w3.org/2009/xmlenc11#aes128-gcm"));
        testRoundtrip("http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2001/04/xmlenc#kw-aes256", "http://www.w3.org/2001/04/xmlenc#sha256", true);
    }

    @Test
    public void roundtripWithSHA512AndNoNonce() throws Exception {
        this.encConfig.setDataEncryptionCredentials(List.of(this.recipientCredPublic));
        KeyAgreementEncryptionConfiguration keyAgreementEncryptionConfiguration = new KeyAgreementEncryptionConfiguration();
        DigestMethod digestMethod = new DigestMethod();
        digestMethod.setAlgorithm("http://www.w3.org/2001/04/xmlenc#sha512");
        keyAgreementEncryptionConfiguration.setParameters(Set.of(digestMethod));
        this.encConfig.setKeyAgreementConfigurations(Map.of("DH", keyAgreementEncryptionConfiguration));
        testRoundtrip("http://www.w3.org/2001/04/xmlenc#aes128-cbc", null, "http://www.w3.org/2001/04/xmlenc#sha512", false);
    }

    private void testRoundtrip(String str, String str2, String str3, boolean z) throws Exception {
        AgreementMethod agreementMethod;
        SignableSimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        if (!$assertionsDisabled && unmarshallElement == null) {
            throw new AssertionError();
        }
        EncryptionParameters encryptionParameters = (EncryptionParameters) this.encParamsResolver.resolveSingle(this.encCriteria);
        if (!$assertionsDisabled && encryptionParameters == null) {
            throw new AssertionError();
        }
        EncryptedData encryptElement = this.encrypter.encryptElement(unmarshallElement, new DataEncryptionParameters(encryptionParameters), encryptionParameters.getKeyTransportEncryptionCredential() != null ? List.of(new KeyEncryptionParameters(encryptionParameters, (String) null)) : CollectionSupport.emptyList());
        Assert.assertNotNull(encryptElement);
        KeyInfo keyInfo = encryptElement.getKeyInfo();
        if (!$assertionsDisabled && keyInfo == null) {
            throw new AssertionError();
        }
        if (str != null) {
            EncryptionMethod encryptionMethod = encryptElement.getEncryptionMethod();
            if (!$assertionsDisabled && encryptionMethod == null) {
                throw new AssertionError();
            }
            Assert.assertEquals(encryptionMethod.getAlgorithm(), str);
        }
        if (str2 != null) {
            EncryptedKey encryptedKey = (EncryptedKey) keyInfo.getEncryptedKeys().get(0);
            if (!$assertionsDisabled && encryptedKey == null) {
                throw new AssertionError();
            }
            EncryptionMethod encryptionMethod2 = encryptedKey.getEncryptionMethod();
            if (!$assertionsDisabled && encryptionMethod2 == null) {
                throw new AssertionError();
            }
            Assert.assertEquals(encryptionMethod2.getAlgorithm(), str2);
        }
        if (keyInfo.getEncryptedKeys().isEmpty()) {
            agreementMethod = (AgreementMethod) keyInfo.getAgreementMethods().get(0);
        } else {
            EncryptedKey encryptedKey2 = (EncryptedKey) keyInfo.getEncryptedKeys().get(0);
            if (!$assertionsDisabled && encryptedKey2 == null) {
                throw new AssertionError();
            }
            KeyInfo keyInfo2 = encryptedKey2.getKeyInfo();
            if (!$assertionsDisabled && keyInfo2 == null) {
                throw new AssertionError();
            }
            agreementMethod = (AgreementMethod) keyInfo2.getAgreementMethods().get(0);
        }
        Assert.assertNotNull(agreementMethod);
        Assert.assertEquals(agreementMethod.getAlgorithm(), "http://www.w3.org/2001/04/xmlenc#dh");
        if (str3 != null) {
            org.opensaml.xmlsec.signature.DigestMethod digestMethod = (org.opensaml.xmlsec.signature.DigestMethod) agreementMethod.getUnknownXMLObjects(org.opensaml.xmlsec.signature.DigestMethod.DEFAULT_ELEMENT_NAME).get(0);
            Assert.assertNotNull(digestMethod);
            Assert.assertEquals(digestMethod.getAlgorithm(), str3);
        }
        org.opensaml.xmlsec.encryption.KANonce kANonce = agreementMethod.getKANonce();
        if (!z) {
            Assert.assertNull(kANonce);
        } else {
            if (!$assertionsDisabled && kANonce == null) {
                throw new AssertionError();
            }
            Assert.assertNotNull(kANonce.getValue());
        }
        Element marshall = XMLObjectSupport.marshall(encryptElement);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SerializeSupport.writeNode(marshall, byteArrayOutputStream);
        byteArrayOutputStream.flush();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        ParserPool parserPool = XMLObjectProviderRegistrySupport.getParserPool();
        if (!$assertionsDisabled && parserPool == null) {
            throw new AssertionError();
        }
        EncryptedData unmarshallFromInputStream = XMLObjectSupport.unmarshallFromInputStream(parserPool, byteArrayInputStream);
        Assert.assertNotNull(unmarshallFromInputStream);
        XMLObject decryptData = new Decrypter((DecryptionParameters) this.decryptParamsResolver.resolveSingle(this.decryptCriteria)).decryptData(unmarshallFromInputStream);
        Assert.assertNotNull(decryptData);
        Assert.assertTrue(decryptData instanceof SignableSimpleXMLObject);
        Element dom = unmarshallElement.getDOM();
        if (!$assertionsDisabled && dom == null) {
            throw new AssertionError();
        }
        assertXMLEquals(dom.getOwnerDocument(), decryptData);
    }

    static {
        $assertionsDisabled = !DHWithLegacyKDFTest.class.desiredAssertionStatus();
    }
}
