package org.opensaml.saml.security.impl;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.xml.namespace.QName;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.Criterion;
import net.shibboleth.shared.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.saml.common.testing.SAMLTestSupport;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.criterion.RoleDescriptorCriterion;
import org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.Extensions;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialContextSet;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;
import org.opensaml.security.crypto.KeySupport;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509Support;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/security/impl/MetadataCredentialResolverTest.class */
public class MetadataCredentialResolverTest extends XMLObjectBaseTestCase {
    private RSAPublicKey idpRSAPubKey;
    private X509Certificate idpDSACert;
    private X509Certificate idpRSACert;
    private PredicateRoleDescriptorResolver roleResolver;
    private MetadataCredentialResolver mdCredResolver;
    private EntityIdCriterion entityIdCriteria;
    private EntityRoleCriterion roleCriteria;
    private CriteriaSet criteriaSet;
    static final /* synthetic */ boolean $assertionsDisabled;
    private String idpRSAPubKeyName = "IDP-SSO-RSA-Key";
    private String idpRSAPubKeyBase64 = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfCVgF2Lvhu0Q35FvmAVGMXc3i1MojcqybcfVbfn0Tg/Aj5FvuAiDFg9KpGvMHDKdLOY+1xsKZqyIm58SFhW+5z51YpnblHGjuDtPtPbtspQ7pAOsknnvbKZrx7RGNOJyQZE3Qn88Y5ZBNzABusqNXjrWlU9m4a+XNIFqM4YbJLwIDAQAB";
    private String idpDSACertBase64 = "MIIECTCCAvGgAwIBAgIBMzANBgkqhkiG9w0BAQUFADAtMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDmNhLmV4YW1wbGUub3JnMB4XDTA3MDUyNTIwMTYxMVoXDTE3MDUyMjIwMTYxMVowGjEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIIBtjCCASsGByqGSM44BAEwggEeAoGBAI+ktw7R9m7TxjaCrT2MHwWNQUAyXPrqbFCcu+DCirr861U6R6W/GyqWdcy8/D1Hh/I1U94POQn5yfqVPpVH2ZRS4OMFndHWaoo9V5LJoXTXHiDYB3W4t9tn0fm7It0n7VoUI5C4y9LG32Hq+UIGF/ktNTmo//mEqLS6aJNdbMFpAhUArmKGh0hcpmjukYArWcMRvipB4CMCgYBuCiCrUaHBRRtqrk0P/Luq0l2M2718GwSGeLPZip06gACDG7IctMrgH1J+ZIjsx6vffi977wnMDiktqacmaobV+SCRW9ijJRdkYpUHmlLvuJGnDPjkvewpbGWJsCabpWEvWdYw3ma8RuHOPj4Jkrdd4VcRaFwox/fPJ7cG6kBydgOBhAACgYBxQIPv9DCsmiMHG1FAxSARX0GcRiELJPJ+MtaStdTrVobNa2jebwc3npLiTvUR4U/CDo1mSZb+Sp/wian8kNZHmGcR6KbtJs9UDsa3V0pbbgpUar4HcxV+NQJBbhn9RGu85g3PDILUrINiUAf26mhPN5Y0paM+HbM68nUf1OLv16OBsjCBrzAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUIHFAEB/3jIIZzJEJ/qdsuI8vN3kwVQYDVR0jBE4wTIAU1e5lU95R2oetQupBbvKv1u5GlAuhMaQvMC0xEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOY2EuZXhhbXBsZS5vcmeCAQEwDQYJKoZIhvcNAQEFBQADggEBAJt4Q34+pqjW5tHHhkdzTITSBjOOf8EvYMgxTMRzhagLSHTt9RgO5i/G7ELvnwe1j6187m1XD9iEAWKeKbB//ljeOpgnwzkLR9Er5tr1RI3cbil0AX+oX0c1jfRaQnR50Rfb5YoNX6G963iphlxp9C8VLB6eOk/S270XoWoQIkO1ioQ8JY4HE6AyDsOpJaOmHpBaxjgsiko52ZWZeZyaCyL98BXwVxeml7pYnHlXWWidB0N/Zy+LbvWg3urUkiDjMcB6nGImmEfDSxRdybitcMwbwL26z2WOpwL3llm3mcCydKXgXt8IQhfDhOZOHWckeD2tStnJRP/cqBgO62/qirw=";
    private String idpRSACertBase64 = "MIIC8TCCAdmgAwIBAgIBMjANBgkqhkiG9w0BAQUFADAtMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDmNhLmV4YW1wbGUub3JnMB4XDTA3MDUyNTIwMDk1MVoXDTE3MDUyMjIwMDk1MVowGjEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfCVgF2Lvhu0Q35FvmAVGMXc3i1MojcqybcfVbfn0Tg/Aj5FvuAiDFg9KpGvMHDKdLOY+1xsKZqyIm58SFhW+5z51YpnblHGjuDtPtPbtspQ7pAOsknnvbKZrx7RGNOJyQZE3Qn88Y5ZBNzABusqNXjrWlU9m4a+XNIFqM4YbJLwIDAQABo4GyMIGvMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT2qDRFTzawttBGjN6wxni/12tQQjBVBgNVHSMETjBMgBTV7mVT3lHah61C6kFu8q/W7kaUC6ExpC8wLTESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5jYS5leGFtcGxlLm9yZ4IBATANBgkqhkiG9w0BAQUFAAOCAQEAlJYAou5ko3ujHVhOc4OB2AOOqdXAjThiXg6zTjezs7/F53b9IRt4in/k92y1tKZ87F/JcnH6MrzKfb8m5XtcYwtUSvmFTCp5rrFpz1JhXlgnaWVJJ2G2vKLDGuPQvLV9zsWhnkbTPuzocvOotxl7w7LJvO3D/tzTAnnUbgg1AfP+CTDs3F/ceHzWGVWTMUAmNGX8gMS2/xh66QoEzl7LBG8Xzpo0j+gSxe7hScb5iS4U/XUEbZylMUbbK57h9Bez8VVeO1jfwAniIBT0Ur9ksiYsAdyXYoXssGiFbKW1K3QG1GA9wwGy5GvjyALuuXL4lEzFB0kMsGucNMfyyojX9A==";
    private String keyAuthorityCertBase64 = "MIIDXTCCAkWgAwIBAgIBATANBgkqhkiG9w0BAQUFADAtMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDmNhLmV4YW1wbGUub3JnMB4XDTA3MDQwOTA1NDcxMloXDTE3MDQwNjA1NDcxMlowLTESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5jYS5leGFtcGxlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxM5/6mBCcX+S7HApcKtfqdFRZzi6Ra91nkEzXOUcO+BPUdYqSxKGnCCso25ZOZP3gnJVkY8Pi7VWrCM6wRgIMyQDvNYqCpNjkZGFkrMoa6fm8BSaDHJ1fz6l/eEl0CVU3UuUAf0mXQLGm6Jannq8aMolRujlhE5iRaOJ2qp6wqsvyatK+vTgDngnwYVa4Cqu0jUeNF28quST5D3gIuZ0OeFHSM2Z1WUKkwwsHqVkxBBcH1QE1JOGIoSnrxxl/o4VlLWGEI8zq5qixE8VYtBBmijBwIL5ETy2fwiqcsvimQaQAtAfbtpO3kBSs8n7nnzMUHfRlcebGkwwcNfYcD5hcCAwEAAaOBhzCBhDAdBgNVHQ4EFgQU1e5lU95R2oetQupBbvKv1u5GlAswVQYDVR0jBE4wTIAU1e5lU95R2oetQupBbvKv1u5GlAuhMaQvMC0xEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOY2EuZXhhbXBsZS5vcmeCAQEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAbqrozetM/iBVIUir9k14HbLEP0lZ6jOPWFIUFXMOn0t8+Ul7PMp9Rdn+7OGQIoJw97/mam3kpQ/HmjJMFYv6MGsDQ4vAOiQiaTKzgMhrnCdVpVH9uz4ARHiysCujnjH9sehTWgybY8pXzzSG5BAjEGowHq01nXxq2K4yAJSdAUBYLfuSKW1uRU6cmEa9uzl9EvoZfAF3BLnGlPqu4ZajH2NC9ZY0y19LX4yeJLHL1sY4fyxb3x8QhcCXiI16awBTr/VnUpJjSe9vh+OudWGeyCL/KhjlrDkjJ3hIxBF5mP/Y27cFpRnC2gECkieURvh52OyuqkzpbOrTN5rD9fNinA==";
    private String protocolFoo = "PROTOCOL_FOO";
    private String protocolBar = "PROTOCOL_BAR";
    private QName idpRole = IDPSSODescriptor.DEFAULT_ELEMENT_NAME;
    private String idpEntityID = "http://idp.example.org/shibboleth";
    private String mdFileName = "/org/opensaml/saml/security/test1-metadata.xml";

    /* renamed from: org.opensaml.saml.security.impl.MetadataCredentialResolverTest$1, reason: invalid class name */
    /* loaded from: input_file:org/opensaml/saml/security/impl/MetadataCredentialResolverTest$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opensaml$security$credential$UsageType = new int[UsageType.values().length];

        static {
            try {
                $SwitchMap$org$opensaml$security$credential$UsageType[UsageType.SIGNING.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opensaml$security$credential$UsageType[UsageType.ENCRYPTION.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$opensaml$security$credential$UsageType[UsageType.UNSPECIFIED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @BeforeMethod
    protected void setUp() throws Exception {
        this.idpRSAPubKey = KeySupport.buildJavaRSAPublicKey(this.idpRSAPubKeyBase64);
        this.idpDSACert = X509Support.decodeCertificate(this.idpDSACertBase64);
        this.idpRSACert = X509Support.decodeCertificate(this.idpRSACertBase64);
        X509Support.decodeCertificate(this.keyAuthorityCertBase64);
        DOMMetadataResolver dOMMetadataResolver = new DOMMetadataResolver(parserPool.parse(MetadataCredentialResolverTest.class.getResourceAsStream(this.mdFileName)).getDocumentElement());
        dOMMetadataResolver.setId("test");
        dOMMetadataResolver.initialize();
        this.roleResolver = new PredicateRoleDescriptorResolver(dOMMetadataResolver);
        this.roleResolver.initialize();
        this.mdCredResolver = new MetadataCredentialResolver();
        this.mdCredResolver.setRoleDescriptorResolver(this.roleResolver);
        this.mdCredResolver.setKeyInfoCredentialResolver(SAMLTestSupport.buildBasicInlineKeyInfoResolver());
        this.mdCredResolver.initialize();
        this.entityIdCriteria = new EntityIdCriterion(this.idpEntityID);
        this.roleCriteria = new EntityRoleCriterion(this.idpRole);
        this.criteriaSet = new CriteriaSet();
        this.criteriaSet.add(this.entityIdCriteria);
        this.criteriaSet.add(this.roleCriteria);
    }

    @Test
    public void testNoProtocolNoUsage() throws SecurityException, ResolverException {
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 3, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpDSACert, "Unexpected value for certificate");
                    break;
                case 2:
                    Assert.assertTrue(x509Credential.getKeyNames().contains(this.idpRSAPubKeyName), "Expected value for key name not found");
                    Assert.assertEquals(x509Credential.getPublicKey(), this.idpRSAPubKey, "Unexpected value for key");
                    break;
                case 3:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpRSACert, "Unexpected value for certificate");
                    break;
            }
        }
    }

    @Test
    public void testNoProtocolUsageEncryption() throws SecurityException, ResolverException {
        this.criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 2, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.fail("Credential with invalid usage was resolved");
                    break;
                case 2:
                    Assert.assertTrue(x509Credential.getKeyNames().contains(this.idpRSAPubKeyName), "Expected value for key name not found");
                    Assert.assertEquals(x509Credential.getPublicKey(), this.idpRSAPubKey, "Unexpected value for key");
                    break;
                case 3:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpRSACert, "Unexpected value for certificate");
                    break;
            }
        }
    }

    @Test
    public void testNoProtocolUsageSigning() throws SecurityException, ResolverException {
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 2, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpDSACert, "Unexpected value for certificate");
                    break;
                case 2:
                    Assert.fail("Credential with invalid usage was resolved");
                    break;
                case 3:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpRSACert, "Unexpected value for certificate");
                    break;
            }
        }
    }

    @Test
    public void testProtocolFOONoUsage() throws SecurityException, ResolverException {
        this.criteriaSet.add(new ProtocolCriterion(this.protocolFoo));
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 2, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpDSACert, "Unexpected value for certificate");
                    break;
                case 2:
                    Assert.assertTrue(x509Credential.getKeyNames().contains(this.idpRSAPubKeyName), "Expected value for key name not found");
                    Assert.assertEquals(x509Credential.getPublicKey(), this.idpRSAPubKey, "Unexpected value for key");
                    break;
                case 3:
                    Assert.fail("Credential was resolved from invalid protocol");
                    break;
            }
        }
    }

    @Test
    public void testProtocolFOOUsageSigning() throws SecurityException, ResolverException {
        this.criteriaSet.add(new ProtocolCriterion(this.protocolFoo));
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 1, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpDSACert, "Unexpected value for certificate");
                    break;
                case 2:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
                case 3:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
            }
        }
    }

    @Test
    public void testProtocolFOOUsageEncryption() throws SecurityException, ResolverException {
        this.criteriaSet.add(new ProtocolCriterion(this.protocolFoo));
        this.criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
        ArrayList<Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 1, "Incorrect number of credentials resolved");
        for (Credential credential2 : arrayList) {
            UsageType usageType = credential2.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
                case 2:
                    Assert.assertTrue(credential2.getKeyNames().contains(this.idpRSAPubKeyName), "Expected value for key name not found");
                    Assert.assertEquals(credential2.getPublicKey(), this.idpRSAPubKey, "Unexpected value for key");
                    break;
                case 3:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
            }
        }
    }

    @Test
    public void testProtocolBARNoUsage() throws SecurityException, ResolverException {
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBar));
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 1, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.fail("Credential was resolved from invalid protocol");
                    break;
                case 2:
                    Assert.fail("Credential was resolved from invalid protocol");
                    break;
                case 3:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpRSACert, "Unexpected value for certificate");
                    break;
            }
        }
    }

    @Test
    public void testProtocolBARUsageSigning() throws SecurityException, ResolverException {
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBar));
        this.criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 1, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
                case 2:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
                case 3:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpRSACert, "Unexpected value for certificate");
                    break;
            }
        }
    }

    @Test
    public void testProtocolBARUsageEncryption() throws SecurityException, ResolverException {
        this.criteriaSet.add(new ProtocolCriterion(this.protocolBar));
        this.criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(this.criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, true);
        }
        Assert.assertEquals(arrayList.size(), 1, "Incorrect number of credentials resolved");
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
                case 2:
                    Assert.fail("Credential was resolved from invalid protocol or usage");
                    break;
                case 3:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpRSACert, "Unexpected value for certificate");
                    break;
            }
        }
    }

    @Test
    public void testCaching() throws SecurityException, ResolverException {
        HashSet hashSet = new HashSet();
        Iterator it = this.mdCredResolver.resolve(this.criteriaSet).iterator();
        while (it.hasNext()) {
            hashSet.add((Credential) it.next());
        }
        HashSet hashSet2 = new HashSet();
        Iterator it2 = this.mdCredResolver.resolve(this.criteriaSet).iterator();
        while (it2.hasNext()) {
            hashSet2.add((Credential) it2.next());
        }
        Assert.assertEquals(hashSet.size(), 3, "Incorrect number of credentials resolved");
        Assert.assertEquals(hashSet2.size(), 3, "Incorrect number of credentials resolved");
        Assert.assertTrue(hashSet.equals(hashSet2), "Resolved credential sets were non-equal, caching must have failed");
    }

    @Test
    public void testDirectResolutionFromRoleDescriptor() throws ComponentInitializationException, ResolverException, CertificateEncodingException, EncodingException {
        this.mdCredResolver = new MetadataCredentialResolver();
        this.mdCredResolver.setKeyInfoCredentialResolver(SAMLTestSupport.buildBasicInlineKeyInfoResolver());
        this.mdCredResolver.initialize();
        EntityDescriptor buildXMLObject = buildXMLObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setEntityID(this.idpEntityID);
        IDPSSODescriptor buildXMLObject2 = buildXMLObject(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setParent(buildXMLObject);
        KeyDescriptor buildXMLObject3 = buildXMLObject(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        KeyInfo buildXMLObject4 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        KeyInfoSupport.addPublicKey(buildXMLObject4, this.idpRSAPubKey);
        KeyInfoSupport.addKeyName(buildXMLObject4, this.idpRSAPubKeyName);
        buildXMLObject3.setKeyInfo(buildXMLObject4);
        buildXMLObject3.setUse(UsageType.ENCRYPTION);
        buildXMLObject2.getKeyDescriptors().add(buildXMLObject3);
        KeyDescriptor buildXMLObject5 = buildXMLObject(KeyDescriptor.DEFAULT_ELEMENT_NAME);
        KeyInfo buildXMLObject6 = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        KeyInfoSupport.addCertificate(buildXMLObject6, this.idpRSACert);
        buildXMLObject5.setKeyInfo(buildXMLObject6);
        buildXMLObject5.setUse(UsageType.SIGNING);
        buildXMLObject2.getKeyDescriptors().add(buildXMLObject5);
        CriteriaSet criteriaSet = new CriteriaSet(new Criterion[]{new RoleDescriptorCriterion(buildXMLObject2)});
        ArrayList<X509Credential> arrayList = new ArrayList();
        for (Credential credential : this.mdCredResolver.resolve(criteriaSet)) {
            arrayList.add(credential);
            checkContextAndID(credential, this.idpEntityID, this.idpRole, false);
        }
        Assert.assertEquals(arrayList.size(), 2);
        for (X509Credential x509Credential : arrayList) {
            UsageType usageType = x509Credential.getUsageType();
            if (!$assertionsDisabled && usageType == null) {
                throw new AssertionError();
            }
            switch (AnonymousClass1.$SwitchMap$org$opensaml$security$credential$UsageType[usageType.ordinal()]) {
                case 1:
                    Assert.assertEquals(x509Credential.getEntityCertificate(), this.idpRSACert, "Unexpected value for certificate");
                    break;
                case 2:
                    Assert.assertTrue(x509Credential.getKeyNames().contains(this.idpRSAPubKeyName));
                    Assert.assertEquals(x509Credential.getPublicKey(), this.idpRSAPubKey, "Unexpected value for public key");
                    break;
                case 3:
                    Assert.fail("Credential was resolved with an invalid usage");
                    break;
            }
        }
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void testMissingRequiredInputs() throws ResolverException {
        this.mdCredResolver.resolve(new CriteriaSet());
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void testMissingKeyInfoCredentialResolver() throws ComponentInitializationException {
        this.mdCredResolver = new MetadataCredentialResolver();
        this.mdCredResolver.initialize();
    }

    @Test(expectedExceptions = {ResolverException.class})
    public void testMissingRequiredRoleDescriptorResolver() throws ComponentInitializationException, ResolverException {
        this.mdCredResolver = new MetadataCredentialResolver();
        this.mdCredResolver.setKeyInfoCredentialResolver(SAMLTestSupport.buildBasicInlineKeyInfoResolver());
        this.mdCredResolver.initialize();
        this.mdCredResolver.resolve(this.criteriaSet);
    }

    private void checkContextAndID(@Nonnull Credential credential, @Nonnull String str, @Nonnull QName qName, boolean z) {
        Assert.assertEquals(credential.getEntityId(), str, "Unexpected value found for credential entityID");
        CredentialContextSet credentialContextSet = credential.getCredentialContextSet();
        if (!$assertionsDisabled && credentialContextSet == null) {
            throw new AssertionError();
        }
        SAMLMDCredentialContext sAMLMDCredentialContext = (SAMLMDCredentialContext) credentialContextSet.get(SAMLMDCredentialContext.class);
        if (!$assertionsDisabled && sAMLMDCredentialContext == null) {
            throw new AssertionError();
        }
        Assert.assertNotNull(sAMLMDCredentialContext.getRoleDescriptor());
        RoleDescriptor roleDescriptor = sAMLMDCredentialContext.getRoleDescriptor();
        if (!$assertionsDisabled && roleDescriptor == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(roleDescriptor.getElementQName(), qName, "Unexpected value for context role descriptor");
        Assert.assertTrue(roleDescriptor.getParent() instanceof EntityDescriptor);
        EntityDescriptor parent = roleDescriptor.getParent();
        if (!$assertionsDisabled && parent == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(parent.getEntityID(), str, "Unexpected value for entity descriptor entity ID");
        if (z) {
            Assert.assertTrue(parent.getParent() instanceof EntitiesDescriptor);
            EntitiesDescriptor parent2 = parent.getParent();
            if (!$assertionsDisabled && parent2 == null) {
                throw new AssertionError();
            }
            Extensions extensions = parent2.getExtensions();
            if (!$assertionsDisabled && extensions == null) {
                throw new AssertionError();
            }
            Assert.assertNotNull(extensions.getUnknownXMLObjects().get(0));
        }
    }

    static {
        $assertionsDisabled = !MetadataCredentialResolverTest.class.desiredAssertionStatus();
    }
}
