package org.opensaml.saml.saml2.encryption.tests;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.testing.SAMLTestSupport;
import org.opensaml.saml.criterion.RoleDescriptorCriterion;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.saml2.encryption.Encrypter;
import org.opensaml.saml.saml2.metadata.EncryptionMethod;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.security.SAMLMetadataKeyAgreementEncryptionConfiguration;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.credential.impl.CollectionCredentialResolver;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.xmlsec.DecryptionConfiguration;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.DecryptionParametersResolver;
import org.opensaml.xmlsec.EncryptionConfiguration;
import org.opensaml.xmlsec.EncryptionParameters;
import org.opensaml.xmlsec.EncryptionParametersResolver;
import org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion;
import org.opensaml.xmlsec.criterion.EncryptionConfigurationCriterion;
import org.opensaml.xmlsec.derivation.impl.PBKDF2;
import org.opensaml.xmlsec.encryption.AgreementMethod;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.encryption.KeyDerivationMethod;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
import org.opensaml.xmlsec.impl.BasicDecryptionConfiguration;
import org.opensaml.xmlsec.impl.BasicDecryptionParametersResolver;
import org.opensaml.xmlsec.impl.BasicEncryptionConfiguration;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.keyinfo.impl.LocalKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.provider.AgreementMethodKeyInfoProvider;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.testing.XMLSecurityTestingSupport;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import org.w3c.dom.Element;

/* loaded from: input_file:org/opensaml/saml/saml2/encryption/tests/ECDHTest.class */
public class ECDHTest extends XMLObjectBaseTestCase {
    private String targetFile;
    private Credential recipientCredPrivate;
    private Credential recipientCredPublic;
    private CollectionCredentialResolver localCredentialResolver;
    private LocalKeyInfoCredentialResolver localKeyInfoResolver;
    private Encrypter encrypter;
    private EncryptionParametersResolver encParamsResolver;
    private CriteriaSet encCriteria;
    private BasicEncryptionConfiguration encConfig;
    private DecryptionParametersResolver decryptParamsResolver;
    private CriteriaSet decryptCriteria;
    private BasicDecryptionConfiguration decryptConfig;
    private MetadataCredentialResolver mdCredResolver;
    private RoleDescriptorCriterion roleDescCriterion;
    private RoleDescriptor roleDesc;
    private String recipientCredKeyName = "RecipientCredName";
    private String targetEntityID = "urn:test:foo";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opensaml.saml.saml2.encryption.tests.ECDHTest$1, reason: invalid class name */
    /* loaded from: input_file:org/opensaml/saml/saml2/encryption/tests/ECDHTest$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opensaml$saml$saml2$encryption$Encrypter$KeyPlacement = new int[Encrypter.KeyPlacement.values().length];

        static {
            try {
                $SwitchMap$org$opensaml$saml$saml2$encryption$Encrypter$KeyPlacement[Encrypter.KeyPlacement.INLINE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opensaml$saml$saml2$encryption$Encrypter$KeyPlacement[Encrypter.KeyPlacement.PEER.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @BeforeClass
    public void beforeClass() throws Exception {
        this.targetFile = "/org/opensaml/saml/saml2/encryption/Assertion.xml";
        KeyPair generateKeyPair = KeySupport.generateKeyPair("EC", new ECGenParameterSpec("secp256r1"), (String) null);
        this.recipientCredPrivate = new BasicCredential(generateKeyPair.getPublic(), generateKeyPair.getPrivate());
        this.recipientCredPublic = new BasicCredential(generateKeyPair.getPublic());
        this.mdCredResolver = new MetadataCredentialResolver();
        this.mdCredResolver.setKeyInfoCredentialResolver(SAMLTestSupport.buildBasicInlineKeyInfoResolver());
        this.mdCredResolver.initialize();
        this.encParamsResolver = new SAMLMetadataEncryptionParametersResolver(this.mdCredResolver);
        this.decryptParamsResolver = new BasicDecryptionParametersResolver();
        this.localCredentialResolver = new CollectionCredentialResolver(Set.of(this.recipientCredPrivate));
        ArrayList arrayList = new ArrayList(XMLSecurityTestingSupport.getBasicInlineKeyInfoProviders());
        arrayList.add(new AgreementMethodKeyInfoProvider());
        this.localKeyInfoResolver = new LocalKeyInfoCredentialResolver(arrayList, this.localCredentialResolver);
    }

    @BeforeMethod
    public void beforeMethod() throws Exception {
        this.roleDesc = buildRoleDescriptorSkeleton();
        this.roleDescCriterion = new RoleDescriptorCriterion(this.roleDesc);
        this.encConfig = new BasicEncryptionConfiguration();
        this.encCriteria = new CriteriaSet(new Criterion[]{new EncryptionConfigurationCriterion(new EncryptionConfiguration[]{this.encConfig, (EncryptionConfiguration) ConfigurationService.get(EncryptionConfiguration.class)}), this.roleDescCriterion});
        this.decryptConfig = new BasicDecryptionConfiguration();
        this.decryptConfig.setDataKeyInfoCredentialResolver(this.localKeyInfoResolver);
        this.decryptConfig.setKEKKeyInfoCredentialResolver(this.localKeyInfoResolver);
        this.decryptCriteria = new CriteriaSet(new Criterion[]{new DecryptionConfigurationCriterion(new DecryptionConfiguration[]{this.decryptConfig, (DecryptionConfiguration) ConfigurationService.get(DecryptionConfiguration.class)})});
    }

    @Test
    public void roundtripDirectDataEncryption() throws Exception {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.recipientCredKeyName, UsageType.ENCRYPTION, this.recipientCredPublic.getPublicKey()));
        testRoundtrip("http://www.w3.org/2001/04/xmlenc#aes128-cbc", null);
    }

    @Test
    public void roundtripDirectDataEncryptionWithEncryptionMethod() throws Exception {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.recipientCredKeyName, UsageType.ENCRYPTION, this.recipientCredPublic.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#aes256-gcm"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        testRoundtrip("http://www.w3.org/2009/xmlenc11#aes256-gcm", null);
    }

    @Test
    public void roundtripWithKeyWrapAlways() throws Exception {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.recipientCredKeyName, UsageType.ENCRYPTION, this.recipientCredPublic.getPublicKey()));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setMetadataUseKeyWrap(SAMLMetadataKeyAgreementEncryptionConfiguration.KeyWrap.Always);
        this.encConfig.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        testRoundtrip("http://www.w3.org/2001/04/xmlenc#aes128-cbc", "http://www.w3.org/2001/04/xmlenc#kw-aes128");
    }

    @Test
    public void roundtripWithKeyWrapAndEncryptionMethods() throws Exception {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.recipientCredKeyName, UsageType.ENCRYPTION, this.recipientCredPublic.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#aes128-gcm"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#kw-aes256"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        testRoundtrip("http://www.w3.org/2009/xmlenc11#aes128-gcm", "http://www.w3.org/2001/04/xmlenc#kw-aes256");
    }

    @Test
    public void roundtripWithPBKDF2() throws Exception {
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor(this.recipientCredKeyName, UsageType.ENCRYPTION, this.recipientCredPublic.getPublicKey()));
        SAMLMetadataKeyAgreementEncryptionConfiguration sAMLMetadataKeyAgreementEncryptionConfiguration = new SAMLMetadataKeyAgreementEncryptionConfiguration();
        PBKDF2 pbkdf2 = new PBKDF2();
        pbkdf2.initialize();
        sAMLMetadataKeyAgreementEncryptionConfiguration.setParameters(Set.of(pbkdf2));
        this.encConfig.setKeyAgreementConfigurations(Map.of("EC", sAMLMetadataKeyAgreementEncryptionConfiguration));
        testRoundtrip("http://www.w3.org/2001/04/xmlenc#aes128-cbc", (String) null, "http://www.w3.org/2009/xmlenc11#pbkdf2");
    }

    @Test
    public void roundtripWithKeyPlacementPeer() throws Exception {
        KeyDescriptor buildKeyDescriptor = buildKeyDescriptor(this.recipientCredKeyName, UsageType.ENCRYPTION, this.recipientCredPublic.getPublicKey());
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2009/xmlenc11#aes256-gcm"));
        buildKeyDescriptor.getEncryptionMethods().add(buildEncryptionMethod("http://www.w3.org/2001/04/xmlenc#kw-aes256"));
        this.roleDesc.getKeyDescriptors().add(buildKeyDescriptor);
        testRoundtrip("http://www.w3.org/2009/xmlenc11#aes256-gcm", "http://www.w3.org/2001/04/xmlenc#kw-aes256", Encrypter.KeyPlacement.PEER);
    }

    private void testRoundtrip(String str, String str2, Encrypter.KeyPlacement keyPlacement) throws Exception {
        testRoundtrip(str, str2, null, keyPlacement);
    }

    private void testRoundtrip(String str, String str2) throws Exception {
        testRoundtrip(str, str2, null, Encrypter.KeyPlacement.INLINE);
    }

    private void testRoundtrip(String str, String str2, String str3) throws Exception {
        testRoundtrip(str, str2, str2, Encrypter.KeyPlacement.INLINE);
    }

    private void testRoundtrip(String str, String str2, String str3, Encrypter.KeyPlacement keyPlacement) throws Exception {
        Assertion unmarshallElement = unmarshallElement(this.targetFile);
        EncryptionParameters encryptionParameters = (EncryptionParameters) this.encParamsResolver.resolveSingle(this.encCriteria);
        Assert.assertNotNull(encryptionParameters);
        this.encrypter = new Encrypter(new DataEncryptionParameters(encryptionParameters), encryptionParameters.getKeyTransportEncryptionCredential() != null ? List.of(new KeyEncryptionParameters(encryptionParameters, (String) null)) : Collections.emptyList());
        this.encrypter.setKeyPlacement(keyPlacement);
        EncryptedAssertion encrypt = this.encrypter.encrypt(unmarshallElement);
        Assert.assertNotNull(encrypt);
        Assert.assertNotNull(encrypt.getEncryptedData().getKeyInfo());
        if (str != null) {
            Assert.assertEquals(encrypt.getEncryptedData().getEncryptionMethod().getAlgorithm(), str);
        }
        EncryptedKey encryptedKey = null;
        switch (AnonymousClass1.$SwitchMap$org$opensaml$saml$saml2$encryption$Encrypter$KeyPlacement[keyPlacement.ordinal()]) {
            case 1:
                encryptedKey = !encrypt.getEncryptedData().getKeyInfo().getEncryptedKeys().isEmpty() ? (EncryptedKey) encrypt.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0) : null;
                break;
            case 2:
                encryptedKey = !encrypt.getEncryptedKeys().isEmpty() ? (EncryptedKey) encrypt.getEncryptedKeys().get(0) : null;
                break;
        }
        if (str2 != null) {
            Assert.assertNotNull(encryptedKey);
            Assert.assertEquals(encryptedKey.getEncryptionMethod().getAlgorithm(), str2);
        }
        if (str3 != null) {
            KeyDerivationMethod keyDerivationMethod = encryptedKey != null ? (KeyDerivationMethod) ((AgreementMethod) encryptedKey.getKeyInfo().getAgreementMethods().get(0)).getUnknownXMLObjects(KeyDerivationMethod.DEFAULT_ELEMENT_NAME).get(0) : (KeyDerivationMethod) ((AgreementMethod) encrypt.getEncryptedData().getKeyInfo().getAgreementMethods().get(0)).getUnknownXMLObjects(KeyDerivationMethod.DEFAULT_ELEMENT_NAME).get(0);
            Assert.assertNotNull(keyDerivationMethod);
            Assert.assertEquals(keyDerivationMethod.getAlgorithm(), str3);
        }
        Element marshall = XMLObjectSupport.marshall(encrypt);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SerializeSupport.writeNode(marshall, byteArrayOutputStream);
        byteArrayOutputStream.flush();
        EncryptedAssertion unmarshallFromInputStream = XMLObjectSupport.unmarshallFromInputStream(XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        Assert.assertNotNull(unmarshallFromInputStream);
        Assertion decrypt = new Decrypter((DecryptionParameters) this.decryptParamsResolver.resolveSingle(this.decryptCriteria)).decrypt(unmarshallFromInputStream);
        Assert.assertNotNull(decrypt);
        assertXMLEquals(unmarshallElement.getDOM().getOwnerDocument(), decrypt);
    }

    private RoleDescriptor buildRoleDescriptorSkeleton() {
        EntityDescriptor buildXMLObject = buildXMLObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setEntityID(this.targetEntityID);
        SPSSODescriptor buildXMLObject2 = buildXMLObject(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setParent(buildXMLObject);
        return buildXMLObject2;
    }

    private KeyDescriptor buildKeyDescriptor(String str, UsageType usageType, Object... objArr) {
        KeyDescriptor buildXMLObject = buildXMLObject(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        KeyInfo buildXMLObject2 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        for (Object obj : objArr) {
            if (obj instanceof PublicKey) {
                try {
                    KeyInfoSupport.addPublicKey(buildXMLObject2, (PublicKey) obj);
                } catch (EncodingException e) {
                    throw new RuntimeException("EncodingException adding public key to KeyInfo", e);
                }
            } else {
                if (!(obj instanceof X509Certificate)) {
                    throw new RuntimeException("Saw unknown KeyInfo content type: " + obj.getClass().getName());
                }
                try {
                    KeyInfoSupport.addCertificate(buildXMLObject2, (X509Certificate) obj);
                } catch (CertificateEncodingException e2) {
                    throw new RuntimeException("CertificateEncodingException ading cert to KeyInfo", e2);
                }
            }
        }
        if (str != null) {
            KeyInfoSupport.addKeyName(buildXMLObject2, str);
        }
        buildXMLObject.setKeyInfo(buildXMLObject2);
        if (usageType != null) {
            buildXMLObject.setUse(usageType);
        }
        return buildXMLObject;
    }

    private EncryptionMethod buildEncryptionMethod(String str) {
        EncryptionMethod buildXMLObject = buildXMLObject(EncryptionMethod.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setAlgorithm(str);
        return buildXMLObject;
    }
}
