package org.opensaml.saml.saml2.profile.impl;

import com.google.common.base.Function;
import com.google.common.base.Predicates;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.core.OpenSAMLInitBaseTestCase;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.profile.RequestContextBuilder;
import org.opensaml.profile.action.ActionTestingSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.saml2.assertion.BaseAssertionValidationTest;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.EncryptedID;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.profile.SAML2ActionTestingSupport;
import org.opensaml.saml.saml2.profile.context.EncryptionContext;
import org.opensaml.xmlsec.EncryptionParameters;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.encryption.support.EncryptionException;
import org.opensaml.xmlsec.keyinfo.impl.BasicKeyInfoGeneratorFactory;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/opensaml/saml/saml2/profile/impl/TestSelfEncryption.class */
public class TestSelfEncryption extends OpenSAMLInitBaseTestCase {
    private EncryptionParameters encParams;
    private EncryptionParameters encParamsSelf1;
    private EncryptionParameters encParamsSelf2;
    private ProfileRequestContext<Object, Response> prc;
    private EncryptNameIDs action;

    @BeforeMethod
    public void setUp() throws NoSuchAlgorithmException, NoSuchProviderException {
        BasicKeyInfoGeneratorFactory basicKeyInfoGeneratorFactory = new BasicKeyInfoGeneratorFactory();
        basicKeyInfoGeneratorFactory.setEmitPublicKeyValue(true);
        this.encParams = new EncryptionParameters();
        this.encParams.setDataEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        this.encParams.setDataKeyInfoGenerator(basicKeyInfoGeneratorFactory.newInstance());
        this.encParams.setKeyTransportEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        this.encParams.setKeyTransportEncryptionCredential(AlgorithmSupport.generateKeyPairAndCredential("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", 1024, false));
        this.encParams.setKeyTransportKeyInfoGenerator(basicKeyInfoGeneratorFactory.newInstance());
        this.encParamsSelf1 = new EncryptionParameters();
        this.encParamsSelf1.setDataEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        this.encParamsSelf1.setDataKeyInfoGenerator(basicKeyInfoGeneratorFactory.newInstance());
        this.encParamsSelf1.setKeyTransportEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        this.encParamsSelf1.setKeyTransportEncryptionCredential(AlgorithmSupport.generateKeyPairAndCredential("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", 1024, false));
        this.encParamsSelf1.setKeyTransportKeyInfoGenerator(basicKeyInfoGeneratorFactory.newInstance());
        this.encParamsSelf2 = new EncryptionParameters();
        this.encParamsSelf2.setDataEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        this.encParamsSelf2.setDataKeyInfoGenerator(basicKeyInfoGeneratorFactory.newInstance());
        this.encParamsSelf2.setKeyTransportEncryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        this.encParamsSelf2.setKeyTransportEncryptionCredential(AlgorithmSupport.generateKeyPairAndCredential("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", 1024, false));
        this.encParamsSelf2.setKeyTransportKeyInfoGenerator(basicKeyInfoGeneratorFactory.newInstance());
        this.prc = new RequestContextBuilder().buildProfileRequestContext();
        this.prc.getOutboundMessageContext().getSubcontext(EncryptionContext.class, true).setIdentifierEncryptionParameters(this.encParams);
        this.action = new EncryptNameIDs();
    }

    @Test
    public void testSelfEncryption() throws EncryptionException, ComponentInitializationException, MarshallingException {
        Response buildResponse = SAML2ActionTestingSupport.buildResponse();
        this.prc.getOutboundMessageContext().setMessage(buildResponse);
        buildResponse.getAssertions().add(SAML2ActionTestingSupport.buildAssertion());
        ((Assertion) buildResponse.getAssertions().get(0)).setSubject(SAML2ActionTestingSupport.buildSubject("morpheus"));
        this.action.setEncryptToSelf(Predicates.alwaysTrue());
        this.action.setEncryptToSelfParametersStrategy(new Function<Pair<ProfileRequestContext, EncryptionParameters>, List<EncryptionParameters>>() { // from class: org.opensaml.saml.saml2.profile.impl.TestSelfEncryption.1
            public List<EncryptionParameters> apply(@Nullable Pair<ProfileRequestContext, EncryptionParameters> pair) {
                return Lists.newArrayList(new EncryptionParameters[]{TestSelfEncryption.this.encParamsSelf1, TestSelfEncryption.this.encParamsSelf2});
            }
        });
        this.action.setSelfRecipientLookupStrategy(new Function<ProfileRequestContext, String>() { // from class: org.opensaml.saml.saml2.profile.impl.TestSelfEncryption.2
            public String apply(@Nullable ProfileRequestContext profileRequestContext) {
                return BaseAssertionValidationTest.ISSUER;
            }
        });
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertProceedEvent(this.prc);
        Assert.assertEquals(buildResponse.getAssertions().size(), 1);
        Assert.assertNull(((Assertion) buildResponse.getAssertions().get(0)).getSubject().getNameID());
        Assert.assertNotNull(((Assertion) buildResponse.getAssertions().get(0)).getSubject().getEncryptedID());
        EncryptedID encryptedID = ((Assertion) buildResponse.getAssertions().get(0)).getSubject().getEncryptedID();
        Assert.assertEquals(encryptedID.getEncryptedData().getType(), "http://www.w3.org/2001/04/xmlenc#Element", "Type attribute");
        Assert.assertEquals(encryptedID.getEncryptedData().getEncryptionMethod().getAlgorithm(), "http://www.w3.org/2001/04/xmlenc#aes128-cbc", "Algorithm attribute");
        Assert.assertNotNull(encryptedID.getEncryptedData().getKeyInfo(), "KeyInfo");
        Assert.assertEquals(encryptedID.getEncryptedData().getKeyInfo().getEncryptedKeys().size(), 3, "Number of EncryptedKeys");
        Assert.assertFalse(Strings.isNullOrEmpty(encryptedID.getEncryptedData().getID()), "EncryptedData ID attribute was empty");
    }

    @Test
    public void testFailureNoSelfEncryptionCreds() throws EncryptionException, ComponentInitializationException, MarshallingException {
        Response buildResponse = SAML2ActionTestingSupport.buildResponse();
        this.prc.getOutboundMessageContext().setMessage(buildResponse);
        buildResponse.getAssertions().add(SAML2ActionTestingSupport.buildAssertion());
        ((Assertion) buildResponse.getAssertions().get(0)).setSubject(SAML2ActionTestingSupport.buildSubject("morpheus"));
        this.action.setEncryptToSelf(Predicates.alwaysTrue());
        this.action.setEncryptToSelfParametersStrategy(new Function<Pair<ProfileRequestContext, EncryptionParameters>, List<EncryptionParameters>>() { // from class: org.opensaml.saml.saml2.profile.impl.TestSelfEncryption.3
            public List<EncryptionParameters> apply(@Nullable Pair<ProfileRequestContext, EncryptionParameters> pair) {
                return Collections.emptyList();
            }
        });
        this.action.setSelfRecipientLookupStrategy(new Function<ProfileRequestContext, String>() { // from class: org.opensaml.saml.saml2.profile.impl.TestSelfEncryption.4
            public String apply(@Nullable ProfileRequestContext profileRequestContext) {
                return BaseAssertionValidationTest.ISSUER;
            }
        });
        this.action.initialize();
        this.action.execute(this.prc);
        ActionTestingSupport.assertEvent(this.prc, "UnableToEncrypt");
        Assert.assertEquals(buildResponse.getAssertions().size(), 1);
        Assert.assertNotNull(((Assertion) buildResponse.getAssertions().get(0)).getSubject().getNameID());
        Assert.assertNull(((Assertion) buildResponse.getAssertions().get(0)).getSubject().getEncryptedID());
    }
}
