package org.opensaml.saml.saml2.profile.impl;

import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.profile.RequestContextBuilder;
import org.opensaml.profile.action.ActionTestingSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.encryption.Encrypter;
import org.opensaml.saml.saml2.profile.SAML2ActionTestingSupport;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.context.SecurityParametersContext;
import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/profile/impl/DecryptNameIDsTest.class */
public class DecryptNameIDsTest extends OpenSAMLInitBaseTestCase {
    private KeyInfoCredentialResolver keyResolver;
    private String encURI;
    private DataEncryptionParameters encParams;
    private Encrypter encrypter;
    private ProfileRequestContext prc;
    private DecryptNameIDs action;
    private SAMLObjectBuilder<NameID> nameIdBuilder;
    private SAMLObjectBuilder<Subject> subjectBuilder;

    @BeforeMethod
    public void setUp() throws NoSuchAlgorithmException, KeyException {
        this.encURI = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        this.nameIdBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(NameID.DEFAULT_ELEMENT_NAME);
        this.subjectBuilder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow(Subject.DEFAULT_ELEMENT_NAME);
        Credential generateSymmetricKeyAndCredential = AlgorithmSupport.generateSymmetricKeyAndCredential(this.encURI);
        this.keyResolver = new StaticKeyInfoCredentialResolver(generateSymmetricKeyAndCredential);
        this.encParams = new DataEncryptionParameters();
        this.encParams.setAlgorithm(this.encURI);
        this.encParams.setEncryptionCredential(generateSymmetricKeyAndCredential);
        this.encrypter = new Encrypter(this.encParams);
        DecryptionParameters decryptionParameters = new DecryptionParameters();
        decryptionParameters.setDataKeyInfoCredentialResolver(this.keyResolver);
        this.prc = new RequestContextBuilder().buildProfileRequestContext();
        this.prc.getInboundMessageContext().getSubcontext(SecurityParametersContext.class, true).setDecryptionParameters(decryptionParameters);
        this.action = new DecryptNameIDs();
    }

    @Test
    public void testNoMessage() throws ComponentInitializationException {
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "InvalidMessageContext");
    }

    @Test
    public void testEncryptedNameIDNoParams() throws EncryptionException, ComponentInitializationException {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        this.prc.getInboundMessageContext().setMessage(buildAuthnRequest);
        Subject buildObject = this.subjectBuilder.buildObject();
        buildAuthnRequest.setSubject(buildObject);
        NameID buildObject2 = this.nameIdBuilder.buildObject();
        buildObject2.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        buildObject2.setValue("foo");
        buildObject.setEncryptedID(this.encrypter.encrypt(buildObject2));
        this.action.initialize();
        this.prc.getInboundMessageContext().removeSubcontext(SecurityParametersContext.class);
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "DecryptNameIDFailed");
        Assert.assertNull(buildAuthnRequest.getSubject().getNameID());
        this.action = new DecryptNameIDs();
        this.action.setErrorFatal(false);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertNull(buildAuthnRequest.getSubject().getNameID());
    }

    @Test
    public void testEncryptedNameID() throws EncryptionException, ComponentInitializationException {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        this.prc.getInboundMessageContext().setMessage(buildAuthnRequest);
        Subject buildObject = this.subjectBuilder.buildObject();
        buildAuthnRequest.setSubject(buildObject);
        NameID buildObject2 = this.nameIdBuilder.buildObject();
        buildObject2.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        buildObject2.setValue("foo");
        buildObject.setEncryptedID(this.encrypter.encrypt(buildObject2));
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertNotNull(buildAuthnRequest.getSubject().getNameID());
        Assert.assertEquals(buildAuthnRequest.getSubject().getNameID().getValue(), "foo");
        Assert.assertEquals(buildAuthnRequest.getSubject().getNameID().getFormat(), "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
    }

    @Test
    public void testWrongKeyFatal() throws Exception {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        this.prc.getInboundMessageContext().setMessage(buildAuthnRequest);
        Subject buildObject = this.subjectBuilder.buildObject();
        buildAuthnRequest.setSubject(buildObject);
        NameID buildObject2 = this.nameIdBuilder.buildObject();
        buildObject2.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        buildObject2.setValue("foo");
        buildObject.setEncryptedID(this.encrypter.encrypt(buildObject2));
        this.prc.getInboundMessageContext().getSubcontext(SecurityParametersContext.class).getDecryptionParameters().setDataKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(AlgorithmSupport.generateSymmetricKeyAndCredential(this.encURI)));
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "DecryptNameIDFailed");
        Assert.assertNull(buildAuthnRequest.getSubject().getNameID());
    }

    @Test
    public void testWrongKeyNonFatal() throws Exception {
        AuthnRequest buildAuthnRequest = SAML2ActionTestingSupport.buildAuthnRequest();
        this.prc.getInboundMessageContext().setMessage(buildAuthnRequest);
        Subject buildObject = this.subjectBuilder.buildObject();
        buildAuthnRequest.setSubject(buildObject);
        NameID buildObject2 = this.nameIdBuilder.buildObject();
        buildObject2.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        buildObject2.setValue("foo");
        buildObject.setEncryptedID(this.encrypter.encrypt(buildObject2));
        this.prc.getInboundMessageContext().getSubcontext(SecurityParametersContext.class).getDecryptionParameters().setDataKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(AlgorithmSupport.generateSymmetricKeyAndCredential(this.encURI)));
        this.action.setErrorFatal(false);
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertNull(buildAuthnRequest.getSubject().getNameID());
    }
}
