package org.opensaml.xml.encryption;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.SecretKey;
import org.opensaml.xml.XMLObjectBaseTestCase;
import org.opensaml.xml.mock.SimpleXMLObject;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.StaticKeyInfoGenerator;
import org.opensaml.xml.signature.DigestMethod;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.KeyName;

/* loaded from: input_file:org/opensaml/xml/encryption/SimpleEncryptionTest.class */
public class SimpleEncryptionTest extends XMLObjectBaseTestCase {
    private Encrypter encrypter;
    private EncryptionParameters encParams;
    private List<KeyEncryptionParameters> kekParamsList;
    private KeyEncryptionParameters kekParamsAES;
    private KeyEncryptionParameters kekParamsRSA;
    private KeyInfo keyInfo;
    private KeyInfo kekKeyInfoAES;
    private KeyInfo kekKeyInfoRSA;
    private String expectedKEKKeyNameAES;
    private String expectedKEKKeyNameRSA;
    private String expectedKeyName = "SuperSecretKey";
    private String expectedRecipientRSA = "CoolRecipientRSA";
    private String expectedRecipientAES = "CoolRecipientAES";
    private String targetFile = "/data/org/opensaml/xml/encryption/SimpleEncryptionTest.xml";
    private String algoURI = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
    private String kekURIRSA = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
    private String kekURIAES = "http://www.w3.org/2001/04/xmlenc#kw-aes128";

    public SimpleEncryptionTest() {
        this.expectedKEKKeyNameAES = "KEKKeyAES";
        this.expectedKEKKeyNameAES = "KEKKeyRSA";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.xml.XMLObjectBaseTestCase
    public void setUp() throws Exception {
        super.setUp();
        this.encrypter = new Encrypter();
        this.encParams = new EncryptionParameters();
        this.encParams.setAlgorithm(this.algoURI);
        this.encParams.setEncryptionCredential(SecurityHelper.generateKeyAndCredential(this.algoURI));
        this.kekParamsList = new ArrayList();
        this.kekParamsAES = new KeyEncryptionParameters();
        this.kekParamsAES.setAlgorithm(this.kekURIAES);
        this.kekParamsAES.setEncryptionCredential(SecurityHelper.generateKeyAndCredential(this.kekURIAES));
        this.kekParamsAES.setRecipient(this.expectedRecipientAES);
        this.kekParamsRSA = new KeyEncryptionParameters();
        this.kekParamsRSA.setAlgorithm(this.kekURIRSA);
        this.kekParamsRSA.setEncryptionCredential(SecurityHelper.generateKeyPairAndCredential(this.kekURIRSA, 1024, false));
        this.kekParamsRSA.setRecipient(this.expectedRecipientRSA);
        this.keyInfo = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        KeyName buildXMLObject = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject.setValue(this.expectedKeyName);
        this.keyInfo.getKeyNames().add(buildXMLObject);
        this.kekKeyInfoAES = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        KeyName buildXMLObject2 = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject2.setValue(this.expectedKEKKeyNameAES);
        this.kekKeyInfoAES.getKeyNames().add(buildXMLObject2);
        this.kekKeyInfoRSA = buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        KeyName buildXMLObject3 = buildXMLObject(KeyName.DEFAULT_ELEMENT_NAME);
        buildXMLObject3.setValue(this.expectedKEKKeyNameRSA);
        this.kekKeyInfoRSA.getKeyNames().add(buildXMLObject3);
    }

    public void testEncryptDataWithKeyNameNoKEK() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.encParams.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.keyInfo));
        EncryptedData encryptedData = null;
        try {
            encryptedData = this.encrypter.encryptElement(unmarshallElement, this.encParams);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull(encryptedData);
        assertEquals("Type attribute", "http://www.w3.org/2001/04/xmlenc#Element", encryptedData.getType());
        assertEquals("Algorithm attribute", this.algoURI, encryptedData.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedData.getKeyInfo());
        assertEquals("KeyName", this.expectedKeyName, ((KeyName) encryptedData.getKeyInfo().getKeyNames().get(0)).getValue());
        assertEquals("Number of EncryptedKeys", 0, encryptedData.getKeyInfo().getEncryptedKeys().size());
    }

    public void testEncryptDataSingleKEK() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        EncryptedData encryptedData = null;
        try {
            encryptedData = this.encrypter.encryptElement(unmarshallElement, this.encParams, this.kekParamsRSA);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull(encryptedData);
        assertEquals("Type attribute", "http://www.w3.org/2001/04/xmlenc#Element", encryptedData.getType());
        assertEquals("Algorithm attribute", this.algoURI, encryptedData.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedData.getKeyInfo());
        List encryptedKeys = encryptedData.getKeyInfo().getEncryptedKeys();
        assertEquals("Number of EncryptedKeys", 1, encryptedData.getKeyInfo().getEncryptedKeys().size());
        checkKEKRSA((EncryptedKey) encryptedKeys.get(0), true);
    }

    public void testEncryptDataMultipleKEK() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsAES.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoAES));
        this.kekParamsList.add(this.kekParamsRSA);
        this.kekParamsList.add(this.kekParamsAES);
        EncryptedData encryptedData = null;
        try {
            encryptedData = this.encrypter.encryptElement(unmarshallElement, this.encParams, this.kekParamsList);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull(encryptedData);
        assertEquals("Type attribute", "http://www.w3.org/2001/04/xmlenc#Element", encryptedData.getType());
        assertEquals("Algorithm attribute", this.algoURI, encryptedData.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedData.getKeyInfo());
        List encryptedKeys = encryptedData.getKeyInfo().getEncryptedKeys();
        assertEquals("Number of EncryptedKeys", 2, encryptedData.getKeyInfo().getEncryptedKeys().size());
        checkKEKRSA((EncryptedKey) encryptedKeys.get(0), true);
        checkKEKAES((EncryptedKey) encryptedKeys.get(1), true);
    }

    public void testEncryptContentWithKeyNameNoKEK() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.encParams.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.keyInfo));
        EncryptedData encryptedData = null;
        try {
            encryptedData = this.encrypter.encryptElementContent(unmarshallElement, this.encParams);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull(encryptedData);
        assertEquals("Type attribute", "http://www.w3.org/2001/04/xmlenc#Content", encryptedData.getType());
        assertEquals("Algorithm attribute", this.algoURI, encryptedData.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedData.getKeyInfo());
        assertEquals("KeyName", this.expectedKeyName, ((KeyName) encryptedData.getKeyInfo().getKeyNames().get(0)).getValue());
        assertEquals("Number of EncryptedKeys", 0, encryptedData.getKeyInfo().getEncryptedKeys().size());
    }

    public void testEncryptContentSingleKEK() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        EncryptedData encryptedData = null;
        try {
            encryptedData = this.encrypter.encryptElementContent(unmarshallElement, this.encParams, this.kekParamsRSA);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull(encryptedData);
        assertEquals("Type attribute", "http://www.w3.org/2001/04/xmlenc#Content", encryptedData.getType());
        assertEquals("Algorithm attribute", this.algoURI, encryptedData.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedData.getKeyInfo());
        List encryptedKeys = encryptedData.getKeyInfo().getEncryptedKeys();
        assertEquals("Number of EncryptedKeys", 1, encryptedData.getKeyInfo().getEncryptedKeys().size());
        checkKEKRSA((EncryptedKey) encryptedKeys.get(0), true);
    }

    public void testEncryptContentMultipleKEK() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.kekParamsAES.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoAES));
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsRSA);
        this.kekParamsList.add(this.kekParamsAES);
        EncryptedData encryptedData = null;
        try {
            encryptedData = this.encrypter.encryptElementContent(unmarshallElement, this.encParams, this.kekParamsList);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull(encryptedData);
        assertEquals("Type attribute", "http://www.w3.org/2001/04/xmlenc#Content", encryptedData.getType());
        assertEquals("Algorithm attribute", this.algoURI, encryptedData.getEncryptionMethod().getAlgorithm());
        assertNotNull("KeyInfo", encryptedData.getKeyInfo());
        List encryptedKeys = encryptedData.getKeyInfo().getEncryptedKeys();
        assertEquals("Number of EncryptedKeys", 2, encryptedData.getKeyInfo().getEncryptedKeys().size());
        checkKEKRSA((EncryptedKey) encryptedKeys.get(0), true);
        checkKEKAES((EncryptedKey) encryptedKeys.get(1), true);
    }

    public void testEncryptKeySingleKEK() throws NoSuchAlgorithmException, NoSuchProviderException, XMLParserException {
        SecretKey generateKeyFromURI = SecurityHelper.generateKeyFromURI(this.algoURI);
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        EncryptedKey encryptedKey = null;
        try {
            encryptedKey = this.encrypter.encryptKey(generateKeyFromURI, this.kekParamsRSA, parserPool.newDocument());
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        checkKEKRSA(encryptedKey, true);
    }

    public void testEncryptKeyMultipleKEK() throws NoSuchAlgorithmException, NoSuchProviderException, XMLParserException {
        SecretKey generateKeyFromURI = SecurityHelper.generateKeyFromURI(this.algoURI);
        this.kekParamsAES.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoAES));
        this.kekParamsRSA.setKeyInfoGenerator(new StaticKeyInfoGenerator(this.kekKeyInfoRSA));
        this.kekParamsList.add(this.kekParamsAES);
        this.kekParamsList.add(this.kekParamsRSA);
        List list = null;
        try {
            list = this.encrypter.encryptKey(generateKeyFromURI, this.kekParamsList, parserPool.newDocument());
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertEquals("Number of EncryptedKeys", 2, list.size());
        checkKEKAES((EncryptedKey) list.get(0), true);
        checkKEKRSA((EncryptedKey) list.get(1), true);
    }

    public void testAutoKeyGen() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.encParams.setEncryptionCredential((Credential) null);
        this.kekParamsList.add(this.kekParamsRSA);
        EncryptedData encryptedData = null;
        try {
            encryptedData = this.encrypter.encryptElement(unmarshallElement, this.encParams, this.kekParamsRSA);
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertNotNull(encryptedData);
        try {
            encryptedData = this.encrypter.encryptElement(unmarshallElement, this.encParams, this.kekParamsList);
        } catch (EncryptionException e2) {
            fail("Object encryption failed: " + e2);
        }
        assertNotNull(encryptedData);
    }

    public void testAutoKeyGenNoKEK() {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        this.encParams.setEncryptionCredential((Credential) null);
        this.kekParamsList.clear();
        try {
            this.encrypter.encryptElement(unmarshallElement, this.encParams);
            fail("Object encryption should have failed: no KEK supplied with auto key generation for data encryption");
        } catch (EncryptionException e) {
        }
        try {
            this.encrypter.encryptElement(unmarshallElement, this.encParams, this.kekParamsList);
            fail("Object encryption should have failed: no KEK supplied with auto key generation for data encryption");
        } catch (EncryptionException e2) {
        }
    }

    public void testEncryptKeyDigestMethodsRSAOAEP() throws NoSuchAlgorithmException, NoSuchProviderException, XMLParserException {
        SecretKey generateKeyFromURI = SecurityHelper.generateKeyFromURI(this.algoURI);
        this.kekParamsRSA.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        EncryptedKey encryptedKey = null;
        try {
            encryptedKey = this.encrypter.encryptKey(generateKeyFromURI, this.kekParamsRSA, parserPool.newDocument());
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertFalse("EncryptedKey/EncryptionMethod/DigestMethod list was empty", encryptedKey.getEncryptionMethod().getUnknownXMLObjects(DigestMethod.DEFAULT_ELEMENT_NAME).isEmpty());
        assertEquals("DigestMethod algorithm URI had unexpected value", "http://www.w3.org/2000/09/xmldsig#sha1", ((DigestMethod) encryptedKey.getEncryptionMethod().getUnknownXMLObjects(DigestMethod.DEFAULT_ELEMENT_NAME).get(0)).getAlgorithm());
    }

    public void testEncryptKeyDigestMethodsRSAv15() throws NoSuchAlgorithmException, NoSuchProviderException, XMLParserException {
        SecretKey generateKeyFromURI = SecurityHelper.generateKeyFromURI(this.algoURI);
        this.kekParamsRSA.setAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        EncryptedKey encryptedKey = null;
        try {
            encryptedKey = this.encrypter.encryptKey(generateKeyFromURI, this.kekParamsRSA, parserPool.newDocument());
        } catch (EncryptionException e) {
            fail("Object encryption failed: " + e);
        }
        assertTrue("EncryptedKey/EncryptionMethod/DigestMethod list was NOT empty", encryptedKey.getEncryptionMethod().getUnknownXMLObjects(DigestMethod.DEFAULT_ELEMENT_NAME).isEmpty());
    }

    public void testEncryptDataBadKEKDSA() throws NoSuchAlgorithmException, NoSuchProviderException {
        SimpleXMLObject unmarshallElement = unmarshallElement(this.targetFile);
        KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
        keyEncryptionParameters.setEncryptionCredential(SecurityHelper.getSimpleCredential(SecurityHelper.generateKeyPair("DSA", 1024, (String) null).getPublic(), (PrivateKey) null));
        try {
            this.encrypter.encryptElement(unmarshallElement, this.encParams, keyEncryptionParameters);
            fail("Object encryption succeeded, should have failed with DSA key attempt");
        } catch (EncryptionException e) {
        }
    }

    private void checkKEKAES(EncryptedKey encryptedKey, boolean z) {
        assertNotNull("EncryptedKey was null", encryptedKey);
        assertEquals("Algorithm attribute", this.kekURIAES, encryptedKey.getEncryptionMethod().getAlgorithm());
        assertEquals("Recipient attribute", this.expectedRecipientAES, encryptedKey.getRecipient());
        if (!z) {
            assertNull("Unexpected KeyInfo was present", encryptedKey.getKeyInfo());
            return;
        }
        assertNotNull("KeyInfo was not present", encryptedKey.getKeyInfo());
        assertNotNull("KeyName was not present", encryptedKey.getKeyInfo().getKeyNames().get(0));
        assertEquals("Unexpected KEK KeyName", this.expectedKEKKeyNameAES, ((KeyName) encryptedKey.getKeyInfo().getKeyNames().get(0)).getValue());
    }

    private void checkKEKRSA(EncryptedKey encryptedKey, boolean z) {
        assertNotNull("EncryptedKey was null", encryptedKey);
        assertEquals("Algorithm attribute", this.kekURIRSA, encryptedKey.getEncryptionMethod().getAlgorithm());
        assertEquals("Recipient attribute", this.expectedRecipientRSA, encryptedKey.getRecipient());
        if (!z) {
            assertNull("Unexpected KeyInfo was present", encryptedKey.getKeyInfo());
            return;
        }
        assertNotNull("KeyInfo was not present", encryptedKey.getKeyInfo());
        assertNotNull("KeyName was not present", encryptedKey.getKeyInfo().getKeyNames().get(0));
        assertEquals("Unexpected KEK KeyName", this.expectedKEKKeyNameRSA, ((KeyName) encryptedKey.getKeyInfo().getKeyNames().get(0)).getValue());
    }
}
