package org.opensaml.saml2.encryption;

import java.util.ArrayList;
import java.util.List;
import org.opensaml.common.BaseTestCase;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.EncryptedAttribute;
import org.opensaml.saml2.encryption.Encrypter;
import org.opensaml.xml.encryption.DataReference;
import org.opensaml.xml.encryption.EncryptedData;
import org.opensaml.xml.encryption.EncryptedKey;
import org.opensaml.xml.encryption.EncryptionException;
import org.opensaml.xml.encryption.EncryptionParameters;
import org.opensaml.xml.encryption.KeyEncryptionParameters;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.StaticKeyInfoGenerator;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.KeyName;
import org.opensaml.xml.signature.RetrievalMethod;
import org.opensaml.xml.util.DatatypeHelper;

/* loaded from: input_file:org/opensaml/saml2/encryption/ComplexEncryptionTest.class */
public class ComplexEncryptionTest extends BaseTestCase {
    private Encrypter encrypter;
    private EncryptionParameters encParams;
    private List<KeyEncryptionParameters> kekParamsList;
    private KeyEncryptionParameters kekParamsRSA;
    private KeyEncryptionParameters kekParamsAES;
    private KeyInfo keyInfo;
    private KeyInfo kekKeyInfoRSA;
    private String expectedKeyNameRSA = "RSAKeyWrapper";
    private String expectedRecipientRSA = "RSARecipient";
    private String expectedRecipientAES = "AESRecipient";
    private String algoURI = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    private String kekURIRSA = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    private String kekURIAES = "http://www.w3.org/2001/04/xmlenc#kw-aes128";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.common.BaseTestCase
    public void setUp() throws Exception {
        super.setUp();
        Credential generateKeyAndCredential = SecurityHelper.generateKeyAndCredential(this.algoURI);
        Credential generateKeyAndCredential2 = SecurityHelper.generateKeyAndCredential(this.kekURIAES);
        Credential generateKeyPairAndCredential = SecurityHelper.generateKeyPairAndCredential(this.kekURIRSA, 2048, false);
        this.encParams = new EncryptionParameters();
        this.encParams.setAlgorithm(this.algoURI);
        this.encParams.setEncryptionCredential(generateKeyAndCredential);
        this.kekParamsAES = new KeyEncryptionParameters();
        this.kekParamsAES.setAlgorithm(this.kekURIAES);
        this.kekParamsAES.setEncryptionCredential(generateKeyAndCredential2);
        this.kekParamsRSA = new KeyEncryptionParameters();
        this.kekParamsRSA.setAlgorithm(this.kekURIRSA);
        this.kekParamsRSA.setEncryptionCredential(generateKeyPairAndCredential);
        this.kekParamsList = new ArrayList();
        this.keyInfo = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        this.kekKeyInfoRSA = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    }

    public void testSingleKEKInline() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml2/encryption/Assertion.xml");
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue(this.expectedKeyNameRSA);
        this.kekKeyInfoRSA.getKeyNames().add(buildXMLObject);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsRSA);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
        EncryptedAssertion encryptedAssertion = null;
        try {
            encryptedAssertion = this.encrypter.encrypt(unmarshallElement);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull("Encrypted object was null", encryptedAssertion);
        assertTrue("Encrypted object was not an instance of the expected type", encryptedAssertion instanceof EncryptedAssertion);
        EncryptedAssertion encryptedAssertion2 = encryptedAssertion;
        assertEquals("Number of inline EncryptedKeys", 1, encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().size());
        assertEquals("Number of peer EncryptedKeys", 0, encryptedAssertion2.getEncryptedKeys().size());
        EncryptedKey encryptedKey = (EncryptedKey) encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().get(0);
        assertNotNull("EncryptedKey was null", encryptedKey);
        assertEquals("Algorithm attribute", this.kekURIRSA, encryptedKey.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedKey.getKeyInfo());
        assertEquals("KeyName", this.expectedKeyNameRSA, ((KeyName) encryptedKey.getKeyInfo().getKeyNames().get(0)).getValue());
        assertFalse("EncryptedKey ID attribute was empty", DatatypeHelper.isEmpty(encryptedKey.getID()));
        EncryptedData encryptedData = encryptedAssertion2.getEncryptedData();
        assertNotNull("EncryptedData KeyInfo wasn't null", encryptedData.getKeyInfo());
        assertEquals("EncryptedData improperly contained a RetrievalMethod", 0, encryptedData.getKeyInfo().getRetrievalMethods().size());
        assertNull("EncryptedKey ReferenceList wasn't null", encryptedKey.getReferenceList());
        assertNull("EncryptedKey CarriedKeyName wasn't null", encryptedKey.getCarriedKeyName());
    }

    public void testSingleKEKPeer() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml2/encryption/Assertion.xml");
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue(this.expectedKeyNameRSA);
        this.kekKeyInfoRSA.getKeyNames().add(buildXMLObject);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsRSA);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
        EncryptedAssertion encryptedAssertion = null;
        try {
            encryptedAssertion = this.encrypter.encrypt(unmarshallElement);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull("Encrypted object was null", encryptedAssertion);
        assertTrue("Encrypted object was not an instance of the expected type", encryptedAssertion instanceof EncryptedAssertion);
        EncryptedAssertion encryptedAssertion2 = encryptedAssertion;
        assertEquals("Number of inline EncryptedKeys", 0, encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().size());
        assertEquals("Number of peer EncryptedKeys", 1, encryptedAssertion2.getEncryptedKeys().size());
        EncryptedKey encryptedKey = (EncryptedKey) encryptedAssertion2.getEncryptedKeys().get(0);
        assertNotNull("EncryptedKey was null", encryptedKey);
        assertEquals("Algorithm attribute", this.kekURIRSA, encryptedKey.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedKey.getKeyInfo());
        assertEquals("KeyName", this.expectedKeyNameRSA, ((KeyName) encryptedKey.getKeyInfo().getKeyNames().get(0)).getValue());
        assertFalse("EncryptedKey ID attribute was empty", DatatypeHelper.isEmpty(encryptedKey.getID()));
        EncryptedData encryptedData = encryptedAssertion2.getEncryptedData();
        assertNotNull("EncryptedData KeyInfo wasn't null", encryptedData.getKeyInfo());
        assertEquals("EncryptedData contained invalid number RetrievalMethods", 1, encryptedData.getKeyInfo().getRetrievalMethods().size());
        RetrievalMethod retrievalMethod = (RetrievalMethod) encryptedData.getKeyInfo().getRetrievalMethods().get(0);
        assertEquals("EncryptedData RetrievalMethod had incorrect type attribute", "http://www.w3.org/2001/04/xmlenc#EncryptedKey", retrievalMethod.getType());
        assertEquals("EncryptedData RetrievalMethod had incorrect URI value", "#" + encryptedKey.getID(), retrievalMethod.getURI());
        assertNotNull("EncryptedKey ReferenceList was null", encryptedKey.getReferenceList());
        assertEquals("EncryptedKey contained invalid number DataReferences", 1, encryptedKey.getReferenceList().getDataReferences().size());
        assertEquals("EncryptedKey DataReference had incorrect URI value", "#" + encryptedData.getID(), ((DataReference) encryptedKey.getReferenceList().getDataReferences().get(0)).getURI());
        assertNull("EncryptedKey CarriedKeyName wasn't null", encryptedKey.getCarriedKeyName());
    }

    public void testMulticastKEKPeer() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml2/encryption/Assertion.xml");
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue("MulticastDataEncryptionKeyName");
        this.keyInfo.getKeyNames().add(buildXMLObject);
        this.encParams.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.keyInfo));
        this.kekParamsRSA.setRecipient(this.expectedRecipientRSA);
        this.kekParamsList.add(this.kekParamsRSA);
        this.kekParamsAES.setRecipient(this.expectedRecipientAES);
        this.kekParamsList.add(this.kekParamsAES);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
        EncryptedAssertion encryptedAssertion = null;
        try {
            encryptedAssertion = this.encrypter.encrypt(unmarshallElement);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull("Encrypted object was null", encryptedAssertion);
        assertTrue("Encrypted object was not an instance of the expected type", encryptedAssertion instanceof EncryptedAssertion);
        EncryptedAssertion encryptedAssertion2 = encryptedAssertion;
        assertEquals("Number of inline EncryptedKeys", 0, encryptedAssertion2.getEncryptedData().getKeyInfo().getEncryptedKeys().size());
        assertEquals("Number of peer EncryptedKeys", 2, encryptedAssertion2.getEncryptedKeys().size());
        EncryptedKey encryptedKey = (EncryptedKey) encryptedAssertion2.getEncryptedKeys().get(0);
        EncryptedKey encryptedKey2 = (EncryptedKey) encryptedAssertion2.getEncryptedKeys().get(1);
        assertNotNull("EncryptedKey was null", encryptedKey);
        assertNotNull("EncryptedKey was null", encryptedKey2);
        assertEquals("Algorithm attribute", this.kekURIRSA, encryptedKey.getEncryptionMethod().getAlgorithm());
        assertEquals("Algorithm attribute", this.kekURIAES, encryptedKey2.getEncryptionMethod().getAlgorithm());
        assertFalse("EncryptedKey ID attribute was empty", DatatypeHelper.isEmpty(encryptedKey.getID()));
        assertFalse("EncryptedKey ID attribute was empty", DatatypeHelper.isEmpty(encryptedKey2.getID()));
        EncryptedData encryptedData = encryptedAssertion2.getEncryptedData();
        assertNotNull("EncryptedData KeyInfo wasn't null", encryptedData.getKeyInfo());
        assertEquals("EncryptedData contained invalid number RetrievalMethods", 0, encryptedData.getKeyInfo().getRetrievalMethods().size());
        assertEquals("EncryptedData contained invalid number KeyNames", 1, encryptedData.getKeyInfo().getKeyNames().size());
        assertEquals("EncryptedData KeyName value", "MulticastDataEncryptionKeyName", ((KeyName) encryptedData.getKeyInfo().getKeyNames().get(0)).getValue());
        assertEquals("EncryptedKey recipient attribute had invalid value", this.expectedRecipientRSA, encryptedKey.getRecipient());
        assertNotNull("EncryptedKey ReferenceList was null", encryptedKey.getReferenceList());
        assertEquals("EncryptedKey contained invalid number DataReferences", 1, encryptedKey.getReferenceList().getDataReferences().size());
        assertEquals("EncryptedKey DataReference had incorrect URI value", "#" + encryptedData.getID(), ((DataReference) encryptedKey.getReferenceList().getDataReferences().get(0)).getURI());
        assertNotNull("EncryptedKey CarriedKeyName wasn't null", encryptedKey.getCarriedKeyName());
        assertEquals("EncrypteKey CarriedKeyName had incorrect value", "MulticastDataEncryptionKeyName", encryptedKey.getCarriedKeyName().getValue());
        assertEquals("EncryptedKey recipient attribute had invalid value", this.expectedRecipientAES, encryptedKey2.getRecipient());
        assertNotNull("EncryptedKey ReferenceList was null", encryptedKey2.getReferenceList());
        assertEquals("EncryptedKey contained invalid number DataReferences", 1, encryptedKey2.getReferenceList().getDataReferences().size());
        assertEquals("EncryptedKey DataReference had incorrect URI value", "#" + encryptedData.getID(), ((DataReference) encryptedKey2.getReferenceList().getDataReferences().get(0)).getURI());
        assertNotNull("EncryptedKey CarriedKeyName wasn't null", encryptedKey2.getCarriedKeyName());
        assertEquals("EncrypteKey CarriedKeyName had incorrect value", "MulticastDataEncryptionKeyName", encryptedKey2.getCarriedKeyName().getValue());
    }

    public void testReuse() {
        Assertion unmarshallElement = unmarshallElement("/data/org/opensaml/saml2/encryption/Assertion.xml");
        Attribute attribute = (Attribute) ((AttributeStatement) unmarshallElement.getAttributeStatements().get(0)).getAttributes().get(0);
        Attribute attribute2 = (Attribute) ((AttributeStatement) unmarshallElement.getAttributeStatements().get(0)).getAttributes().get(1);
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue(this.expectedKeyNameRSA);
        this.kekKeyInfoRSA.getKeyNames().add(buildXMLObject);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsRSA);
        this.encrypter = new Encrypter(this.encParams, this.kekParamsList);
        this.encrypter.setKeyPlacement(Encrypter.KeyPlacement.PEER);
        EncryptedAttribute encryptedAttribute = null;
        try {
            encryptedAttribute = this.encrypter.encrypt(attribute);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull("Encrypted object was null", encryptedAttribute);
        assertTrue("Encrypted object was not an instance of the expected type", encryptedAttribute instanceof EncryptedAttribute);
        EncryptedAttribute encryptedAttribute2 = null;
        try {
            encryptedAttribute2 = this.encrypter.encrypt(attribute2);
        } catch (EncryptionException e2) {
            fail("Object encryption failed: " + e2);
        }
        assertNotNull("Encrypted object was null", encryptedAttribute2);
        assertTrue("Encrypted object was not an instance of the expected type", encryptedAttribute2 instanceof EncryptedAttribute);
    }
}
