package org.opensaml.xmlsec.crypto.tests;

import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.crypto.XMLSigningUtil;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/xmlsec/crypto/tests/XMLSigningUtilTest.class */
public class XMLSigningUtilTest extends OpenSAMLInitBaseTestCase {
    private SecretKey secretKeyAES128;
    private KeyPair keyPairRSA;
    private Credential credAES;
    private Credential credRSA;
    private byte[] controlSignatureRSA;
    private byte[] controlSignatureHMAC;
    private String data = "Hello, here is some secret data that is to be signed";
    private String rsaAlgorithmURI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private String rsaJCAAlgorithm = "SHA1withRSA";
    private String hmacAlgorithmURI = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
    private String hmacJCAAlgorithm = "HmacSHA1";

    @BeforeMethod
    protected void setUp() throws Exception {
        this.secretKeyAES128 = KeySupport.generateKey("AES", 128, (String) null);
        this.credAES = CredentialSupport.getSimpleCredential(this.secretKeyAES128);
        this.keyPairRSA = KeySupport.generateKeyPair("RSA", 1024, (String) null);
        this.credRSA = CredentialSupport.getSimpleCredential(this.keyPairRSA.getPublic(), this.keyPairRSA.getPrivate());
        this.controlSignatureRSA = getControlSignature(this.data.getBytes(), this.keyPairRSA.getPrivate(), this.rsaJCAAlgorithm);
        Assert.assertNotNull(this.controlSignatureRSA);
        Assert.assertTrue(this.controlSignatureRSA.length > 0);
        this.controlSignatureHMAC = getControlSignature(this.data.getBytes(), this.secretKeyAES128, this.hmacJCAAlgorithm);
        Assert.assertNotNull(this.controlSignatureHMAC);
        Assert.assertTrue(this.controlSignatureHMAC.length > 0);
    }

    @Test
    public void testSigningWithPrivateKey() throws SecurityException {
        byte[] signWithURI = XMLSigningUtil.signWithURI(this.credRSA, this.rsaAlgorithmURI, this.data.getBytes());
        Assert.assertNotNull(signWithURI);
        Assert.assertTrue(Arrays.equals(this.controlSignatureRSA, signWithURI), "Signature was not the expected value");
    }

    @Test
    public void testSigningWithHMAC() throws SecurityException {
        byte[] signWithURI = XMLSigningUtil.signWithURI(this.credAES, this.hmacAlgorithmURI, this.data.getBytes());
        Assert.assertNotNull(signWithURI);
        Assert.assertTrue(Arrays.equals(this.controlSignatureHMAC, signWithURI), "Signature was not the expected value");
    }

    @Test
    public void testVerificationWithPublicKey() throws SecurityException, NoSuchAlgorithmException, NoSuchProviderException {
        Assert.assertTrue(XMLSigningUtil.verifyWithURI(this.credRSA, this.rsaAlgorithmURI, this.controlSignatureRSA, this.data.getBytes()), "Signature failed to verify, should have succeeded");
        KeyPair generateKeyPair = KeySupport.generateKeyPair("RSA", 1024, (String) null);
        Assert.assertFalse(XMLSigningUtil.verifyWithURI(CredentialSupport.getSimpleCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate()), this.rsaAlgorithmURI, this.controlSignatureRSA, this.data.getBytes()), "Signature verified successfully, should have failed due to wrong verification key");
        Assert.assertFalse(XMLSigningUtil.verifyWithURI(this.credRSA, this.rsaAlgorithmURI, this.controlSignatureRSA, (this.data + "HAHA All your base are belong to us").getBytes()), "Signature verified successfully, should have failed due to tampered data");
    }

    @Test
    public void testVerificationWithHMAC() throws SecurityException, NoSuchAlgorithmException, NoSuchProviderException {
        Assert.assertTrue(XMLSigningUtil.verifyWithURI(this.credAES, this.hmacAlgorithmURI, this.controlSignatureHMAC, this.data.getBytes()), "Signature failed to verify, should have succeeded");
        Assert.assertFalse(XMLSigningUtil.verifyWithURI(CredentialSupport.getSimpleCredential(KeySupport.generateKey("AES", 128, (String) null)), this.hmacAlgorithmURI, this.controlSignatureHMAC, this.data.getBytes()), "Signature verified successfully, should have failed due to wrong verification key");
        Assert.assertFalse(XMLSigningUtil.verifyWithURI(this.credAES, this.hmacAlgorithmURI, this.controlSignatureHMAC, (this.data + "HAHA All your base are belong to us").getBytes()), "Signature verified successfully, should have failed due to tampered data");
    }

    private byte[] getControlSignature(byte[] bArr, SecretKey secretKey, String str) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(str);
        mac.init(this.secretKeyAES128);
        return mac.doFinal(bArr);
    }

    private byte[] getControlSignature(byte[] bArr, PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }
}
