package org.opensaml.saml.security.impl;

import javax.annotation.Nonnull;
import net.shibboleth.shared.logic.Constraint;
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.impl.SignatureImpl;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/security/impl/SAMLSignatureProfileValidatorTest.class */
public class SAMLSignatureProfileValidatorTest extends XMLObjectBaseTestCase {
    private SAMLSignatureProfileValidator validator;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    protected void setUp() throws Exception {
        this.validator = new SAMLSignatureProfileValidator();
    }

    @Test
    public void testValid() {
        assertValidationPass("Valid signature", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-Valid.xml"));
    }

    @Test
    public void testInvalidNoXMLSignature() {
        SignatureImpl signature = getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-Valid.xml");
        signature.setXMLSignature((XMLSignature) null);
        assertValidationFail("Invalid signature - no XMLSignature", signature);
    }

    @Test
    public void testInvalidTooManyReferences() {
        assertValidationFail("Invalid signature - too many References", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-TooManyReferences.xml"));
    }

    @Test
    public void testInvalidNonLocalURI() {
        assertValidationFail("Invalid signature - non-local Reference URI", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-NonLocalURI.xml"));
    }

    @Test
    public void testInvalidMissingID() {
        assertValidationFail("Invalid signature - missing ID on parent object", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-MissingID.xml"));
    }

    @Test
    public void testInvalidBadURIValue() {
        assertValidationFail("Invalid signature - bad URI value", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-BadURIValue.xml"));
    }

    @Test
    public void testInvalidTooManyTransforms() {
        assertValidationFail("Invalid signature - too many Transforms", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-TooManyTransforms.xml"));
    }

    @Test
    public void testInvalidBadTransform() {
        assertValidationFail("Invalid signature - bad Transform", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-BadTransform.xml"));
    }

    @Test
    public void testInvalidMissingEnvelopedTransform() {
        assertValidationFail("Invalid signature - missing Enveloped Transform", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-MissingEnvelopedTransform.xml"));
    }

    @Test
    public void testInvalidDuplicateIDs() {
        assertValidationFail("Invalid signature - duplicate IDs", getSignature("/org/opensaml/saml/security/Signed-AuthnRequest-DuplicateIDs.xml"));
    }

    @Nonnull
    protected Signature getSignature(@Nonnull String str) {
        SignableSAMLObject unmarshallElement = unmarshallElement(str);
        if ($assertionsDisabled || unmarshallElement != null) {
            return (Signature) Constraint.isNotNull(unmarshallElement.getSignature(), "Signature was null");
        }
        throw new AssertionError();
    }

    protected void assertValidationPass(@Nonnull String str, @Nonnull Signature signature) {
        try {
            this.validator.validate(signature);
        } catch (SignatureException e) {
            Assert.fail(str + " : Expected success, but validation failure raised ValidationException: " + e.getMessage());
        }
    }

    protected void assertValidationFail(@Nonnull String str, @Nonnull Signature signature) {
        try {
            this.validator.validate(signature);
            Assert.fail(str + " : Validation success, expected failure to raise ValidationException");
        } catch (SignatureException e) {
        }
    }

    static {
        $assertionsDisabled = !SAMLSignatureProfileValidatorTest.class.desiredAssertionStatus();
    }
}
