package org.opensaml.saml2.metadata.provider;

import java.security.PrivateKey;
import java.security.cert.CertificateException;
import org.opensaml.Configuration;
import org.opensaml.common.BaseTestCase;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.StaticCredentialResolver;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
import org.w3c.dom.Document;

/* loaded from: input_file:org/opensaml/saml2/metadata/provider/SignatureValidationFilterTest.class */
public class SignatureValidationFilterTest extends BaseTestCase {
    private Document switchMDDocumentValid;
    private Document switchMDDocumentInvalid;
    private SignatureTrustEngine switchSigTrustEngine;
    private final String switchMDFileValid = "/data/org/opensaml/saml2/metadata/provider/metadata.aaitest_signed.xml";
    private final String switchMDFileInvalid = "/data/org/opensaml/saml2/metadata/provider/metadata.aaitest_signed.invalid.xml";
    private String switchMDCertBase64 = "MIICrzCCAhgCAQAwDQYJKoZIhvcNAQEEBQAwgZ8xCzAJBgNVBAYTAkNIMUAwPgYDVQQKEzdTV0lUQ0ggLSBUZWxlaW5mb3JtYXRpa2RpZW5zdGUgZnVlciBMZWhyZSB1bmQgRm9yc2NodW5nMQwwCgYDVQQLEwNBQUkxIjAgBgNVBAMTGVNXSVRDSGFhaSBNZXRhZGF0YSBTaWduZXIxHDAaBgkqhkiG9w0BCQEWDWFhaUBzd2l0Y2guY2gwHhcNMDUwODAzMTEyMjUxWhcNMTUwODAxMTEyMjUxWjCBnzELMAkGA1UEBhMCQ0gxQDA+BgNVBAoTN1NXSVRDSCAtIFRlbGVpbmZvcm1hdGlrZGllbnN0ZSBmdWVyIExlaHJlIHVuZCBGb3JzY2h1bmcxDDAKBgNVBAsTA0FBSTEiMCAGA1UEAxMZU1dJVENIYWFpIE1ldGFkYXRhIFNpZ25lcjEcMBoGCSqGSIb3DQEJARYNYWFpQHN3aXRjaC5jaDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsmyBYNZ8mKYutdyQShzuOgnVxDP1UBZE+57S2ORZg1qi4JExOJEPnviHuh6HEajljhAMGHxr656paDpfXkmGq/Ybk3xmXy2FTnFGpjFpZUV6dY/oJ82rve27C/NVcwZw2nYRl5C5aCCgx/QlWsBTw+9972141+wBDH7dXlJ+UGkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCcLuNwTINkfhBlVCIuTixR1R6mYu/+4KUJWtHlRCOUZhSLFept8HxEvfwnuX9xm+Q6Ju/sOgmI1INuSstUGWwVy0AbpCphUDDmIh9A85ye8DrVaBHQrj5b/JEjCvkY0zhLJzgDzZ6btT40TuCnk2GpdAClu5SyCTiy56+zDYqPqg==";
    private final String openIDFileValid = "/data/org/opensaml/saml2/metadata/provider/openid-metadata.xml";
    private final String openIDFileInvalid = "/data/org/opensaml/saml2/metadata/provider/openid-metadata-invalid.xml";
    private String openIDCertBase64 = "MIICfTCCAeagAwIBAgIGAReueFpXMA0GCSqGSIb3DQEBBQUAMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC1NpbWkgVmFsbGV5MR4wHAYDVQQKExVSYXBhdHRvbmkgQ29ycG9yYXRpb24xFDASBgNVBAsTC1NTTyBTdXBwb3J0MRkwFwYDVQQDExBtbHNzdGdzd21pY2hpZ2FuMB4XDTA4MDEyNTAxMDMxOFoXDTA5MDEyNDAxMDMxOFowgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEUMBIGA1UEBxMLU2ltaSBWYWxsZXkxHjAcBgNVBAoTFVJhcGF0dG9uaSBDb3Jwb3JhdGlvbjEUMBIGA1UECxMLU1NPIFN1cHBvcnQxGTAXBgNVBAMTEG1sc3N0Z3N3bWljaGlnYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIOnt2MOfIYvvyhiKBS2yb5IXFx+SFEa/TLSUPkE9gZJCIe22GGfiwzsC8ubpifebZUru1fespnaCE8rc7MtWXERW7x6Dp8wg/91NOgUB00eEUlA72DhDjelsYTJa+AzztBsWh6J3HFKNdNaSVTS+CqbmgdTlDW+BExbtHUfSP0RAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAYT8js8O7gbLq4X/yuGCiuKHofQHFAE6pAWaxdTD+Bd2pu48GKICYAhFwHTqrG3bOqObfsILz4PcavCfzIS7/dk9oPnjeH7GqbxUZMsms4qDZzdNkNDUDWj82lJzIMfZyUKbn2waTsgg3mKja0dGw2UByurPV4NvVcNaIQZJunHI=";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.common.BaseTestCase
    public void setUp() throws Exception {
        super.setUp();
        this.switchMDDocumentValid = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream("/data/org/opensaml/saml2/metadata/provider/metadata.aaitest_signed.xml"));
        this.switchMDDocumentInvalid = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream("/data/org/opensaml/saml2/metadata/provider/metadata.aaitest_signed.invalid.xml"));
        this.switchSigTrustEngine = new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(SecurityHelper.getSimpleCredential(SecurityHelper.buildJavaX509Cert(this.switchMDCertBase64), (PrivateKey) null)), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
    }

    public void testValidSWITCHStandalone() throws UnmarshallingException {
        try {
            new SignatureValidationFilter(this.switchSigTrustEngine).doFilter(unmarshallerFactory.getUnmarshaller(this.switchMDDocumentValid.getDocumentElement()).unmarshall(this.switchMDDocumentValid.getDocumentElement()));
        } catch (FilterException e) {
            fail("Filter failed validation, should have succeeded: " + e.getMessage());
        }
    }

    public void testInvalidSWITCHStandalone() throws UnmarshallingException {
        try {
            new SignatureValidationFilter(this.switchSigTrustEngine).doFilter(unmarshallerFactory.getUnmarshaller(this.switchMDDocumentInvalid.getDocumentElement()).unmarshall(this.switchMDDocumentInvalid.getDocumentElement()));
            fail("Filter passed validation, should have failed");
        } catch (FilterException e) {
        }
    }

    public void testEntityDescriptor() throws UnmarshallingException, CertificateException, XMLParserException {
        ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine = new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(SecurityHelper.getSimpleCredential(SecurityHelper.buildJavaX509Cert(this.openIDCertBase64), (PrivateKey) null)), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
        Document parse = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream("/data/org/opensaml/saml2/metadata/provider/openid-metadata.xml"));
        EntityDescriptor unmarshall = unmarshallerFactory.getUnmarshaller(parse.getDocumentElement()).unmarshall(parse.getDocumentElement());
        assertTrue(unmarshall instanceof EntityDescriptor);
        EntityDescriptor entityDescriptor = unmarshall;
        assertTrue(entityDescriptor.isSigned());
        assertNotNull("Signature was null", entityDescriptor.getSignature());
        try {
            new SignatureValidationFilter(explicitKeySignatureTrustEngine).doFilter(entityDescriptor);
        } catch (FilterException e) {
            fail("Filter failed validation, should have succeeded: " + e.getMessage());
        }
    }

    public void testEntityDescriptorInvalid() throws UnmarshallingException, CertificateException, XMLParserException {
        ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine = new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(SecurityHelper.getSimpleCredential(SecurityHelper.buildJavaX509Cert(this.openIDCertBase64), (PrivateKey) null)), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
        Document parse = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream("/data/org/opensaml/saml2/metadata/provider/openid-metadata-invalid.xml"));
        EntityDescriptor unmarshall = unmarshallerFactory.getUnmarshaller(parse.getDocumentElement()).unmarshall(parse.getDocumentElement());
        assertTrue(unmarshall instanceof EntityDescriptor);
        EntityDescriptor entityDescriptor = unmarshall;
        assertTrue(entityDescriptor.isSigned());
        assertNotNull("Signature was null", entityDescriptor.getSignature());
        try {
            new SignatureValidationFilter(explicitKeySignatureTrustEngine).doFilter(unmarshall);
            fail("Filter passed validation, should have failed");
        } catch (FilterException e) {
        }
    }

    public void testEntityDescriptorWithProvider() throws CertificateException, XMLParserException, UnmarshallingException {
        ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine = new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(SecurityHelper.getSimpleCredential(SecurityHelper.buildJavaX509Cert(this.openIDCertBase64), (PrivateKey) null)), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
        DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(parser.parse(SignatureValidationFilterTest.class.getResourceAsStream("/data/org/opensaml/saml2/metadata/provider/openid-metadata.xml")).getDocumentElement());
        dOMMetadataProvider.setParserPool(parser);
        dOMMetadataProvider.setRequireValidMetadata(false);
        try {
            dOMMetadataProvider.setMetadataFilter(new SignatureValidationFilter(explicitKeySignatureTrustEngine));
        } catch (MetadataProviderException e) {
            fail("Could not set metadata filter on provider");
        }
        try {
            dOMMetadataProvider.initialize();
        } catch (MetadataProviderException e2) {
            fail("Failed when initializing metadata provider");
        }
    }

    public void testInvalidEntityDescriptorWithProvider() throws CertificateException, XMLParserException, UnmarshallingException {
        ExplicitKeySignatureTrustEngine explicitKeySignatureTrustEngine = new ExplicitKeySignatureTrustEngine(new StaticCredentialResolver(SecurityHelper.getSimpleCredential(SecurityHelper.buildJavaX509Cert(this.openIDCertBase64), (PrivateKey) null)), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
        DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(parser.parse(SignatureValidationFilterTest.class.getResourceAsStream("/data/org/opensaml/saml2/metadata/provider/openid-metadata-invalid.xml")).getDocumentElement());
        dOMMetadataProvider.setParserPool(parser);
        dOMMetadataProvider.setRequireValidMetadata(false);
        try {
            dOMMetadataProvider.setMetadataFilter(new SignatureValidationFilter(explicitKeySignatureTrustEngine));
        } catch (MetadataProviderException e) {
            fail("Could not set metadata filter on provider");
        }
        try {
            dOMMetadataProvider.initialize();
            fail("Metadata signature was invalid, provider initialization should have failed");
        } catch (MetadataProviderException e2) {
        }
    }
}
