package be.iminds.ilabt.jfed.lowlevel.lib;

import be.iminds.ilabt.jfed.lowlevel.credential.SfaCredential;
import be.iminds.ilabt.jfed.util.library.KeyUtil;
import java.io.IOException;
import java.io.StringWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Objects;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xml.security.Init;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.ElementProxy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/lib/CredentialTests.class */
public class CredentialTests {
    private static Logger LOG;
    private SfaCredential userCredential;
    private SfaCredential toolCredential;
    private TestCertHelper testCertHelper;
    SfaCredential speaksForCred;
    SfaCredential delegatedCred;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Test
    public void generateCertificates() throws NoSuchAlgorithmException, IOException, CertificateException, SignatureException, NoSuchProviderException, InvalidKeyException, CertPathBuilderException, KeyStoreException, InvalidAlgorithmParameterException {
        this.testCertHelper = new TestCertHelper();
        LOG.trace("Authority cert self-signed:\n" + KeyUtil.x509certificateToPem(this.testCertHelper.authority1Cert));
        LOG.trace("\nUser cert signed by authority:\n" + KeyUtil.x509certificateToPem(this.testCertHelper.userCert));
        LOG.trace("\nTool cert signed by authority:\n" + KeyUtil.x509certificateToPem(this.testCertHelper.toolCert));
    }

    public static String signXml(Document document, String str, String str2, X509Certificate x509Certificate, Key key) throws Exception {
        document.normalizeDocument();
        if (!(x509Certificate.getPublicKey() instanceof RSAPublicKey) || !(key instanceof RSAPrivateKey)) {
            LOG.trace("not Rsa private and/or public key: no check done");
        } else {
            if (!$assertionsDisabled && !Objects.equals(((RSAPublicKey) x509Certificate.getPublicKey()).getModulus(), ((RSAPrivateKey) key).getModulus())) {
                throw new AssertionError();
            }
            if (LOG.isDebugEnabled()) {
                Objects.equals(((RSAPublicKey) x509Certificate.getPublicKey()).getModulus(), ((RSAPrivateKey) key).getModulus());
                LOG.trace("signXml input cert and privateKey have same modulus");
            }
        }
        return signXmlWithSanturio(document, str, str2, x509Certificate, key);
    }

    public static String signXmlWithoutSanturio(Document document, String str, String str2, X509Certificate x509Certificate, Key key) throws Exception {
        Element element = (Element) document.getElementsByTagName(str2).item(0);
        if (!$assertionsDisabled && element == null) {
            throw new AssertionError();
        }
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("#" + str, xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        KeyValue newKeyValue = keyInfoFactory.newKeyValue(x509Certificate.getPublicKey());
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        X509Data newX509Data = keyInfoFactory.newX509Data(arrayList);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(newKeyValue);
        arrayList2.add(newX509Data);
        KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(arrayList2);
        xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo).sign(new DOMSignContext(key, element));
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "no");
        newTransformer.setOutputProperty("encoding", "utf-8");
        newTransformer.setOutputProperty("indent", "no");
        StringWriter stringWriter = new StringWriter();
        newTransformer.transform(new DOMSource(document), new StreamResult(stringWriter));
        return stringWriter.getBuffer().toString();
    }

    public static String signXmlWithSanturio(Document document, String str, String str2, X509Certificate x509Certificate, Key key) throws Exception {
        Init.init();
        ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "");
        XMLSignature xMLSignature = new XMLSignature(document, (String) null, "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        ((Element) document.getElementsByTagName(str2).item(0)).appendChild(xMLSignature.getElement());
        Transforms transforms = new Transforms(document);
        transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        xMLSignature.addDocument("#" + str, transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
        xMLSignature.addKeyInfo(x509Certificate);
        xMLSignature.addKeyInfo(x509Certificate.getPublicKey());
        xMLSignature.sign(key);
        StringWriter stringWriter = new StringWriter();
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "no");
        newTransformer.setOutputProperty("encoding", "utf-8");
        newTransformer.setOutputProperty("indent", "no");
        newTransformer.transform(new DOMSource(document), new StreamResult(stringWriter));
        return stringWriter.getBuffer().toString();
    }

    @Test(dependsOnMethods = {"generateCertificates"})
    public void createUserCredential() throws Exception {
        Date date = new Date(System.currentTimeMillis() + 172800000);
        LOG.trace("Creating User Credential");
        this.userCredential = SfaCredential.create("privilege", "urn:publicid:IDN+authority.example.com+user+tester", "urn:publicid:IDN+authority.example.com+authority+sa", this.testCertHelper.userCert, this.testCertHelper.saCert, this.testCertHelper.saCert, this.testCertHelper.saKeys.getSshPrivateKey(), date, "*", false, "Test User Credential");
        LOG.trace("User credential:\n" + this.userCredential.getCredentialXml() + "\n");
        LOG.trace("User credential:\n" + this.userCredential.getCredentialXml());
    }

    @Test(dependsOnMethods = {"createUserCredential"})
    public void checkUserCredential() throws KeyStoreException, CredentialException {
        LOG.trace("Checking User Credential");
        KeyStore keyStore = this.testCertHelper.testTrustStore;
        keyStore.setCertificateEntry("test-authority", this.testCertHelper.authority1Cert);
        Assert.assertTrue(this.userCredential.check(keyStore));
        LOG.trace("User Credential check passed");
    }

    @Test(dependsOnMethods = {"checkUserCredential"})
    public void createAndCheckToolCredential() throws Exception {
        this.toolCredential = SfaCredential.create("privilege", "urn:publicid:IDN+authority.example.com+authority+root", "urn:publicid:IDN+authority.example.com+tool+jfed_unit_test", this.testCertHelper.authority1Cert, this.testCertHelper.toolCert, this.testCertHelper.authority1Cert, this.testCertHelper.authority1Keys.getSshPrivateKey(), new Date(System.currentTimeMillis() + 172800000), "*", false, "Test Tool Credential");
        KeyStore keyStore = this.testCertHelper.testTrustStore;
        keyStore.setCertificateEntry("test-authority", this.testCertHelper.authority1Cert);
        Assert.assertTrue(this.toolCredential.check(keyStore));
    }

    @Test(dependsOnMethods = {"createAndCheckToolCredential"})
    public void createSpeaksForCredential() throws Exception {
        this.speaksForCred = SfaCredential.createSpeaksFor("urn:publicid:IDN+authority.example.com+user+tester", "urn:publicid:IDN+authority.example.com+tool+jfed_unit_test", this.testCertHelper.userCert, this.testCertHelper.toolCert, this.testCertHelper.userKeys.getSshPrivateKey(), new Date(System.currentTimeMillis() + 129600000), "*", false);
    }

    @Test(dependsOnMethods = {"createSpeaksForCredential"})
    public void checkSpeaksForCredential() throws Exception {
        if (!$assertionsDisabled && this.speaksForCred == null) {
            throw new AssertionError();
        }
        LOG.trace("Checking Speaks For credential");
        Assert.assertTrue(this.speaksForCred.check(this.testCertHelper.testTrustStore));
    }

    @Test(dependsOnMethods = {"checkSpeaksForCredential"})
    public void createDelegatedCredential() throws Exception {
        this.delegatedCred = this.userCredential.delegate("urn:publicid:IDN+authority.example.com+tool+jfed_unit_test", this.testCertHelper.toolCert, this.testCertHelper.userKeys.getSshPrivateKey(), new Date(System.currentTimeMillis() + 129600000), "info", false);
    }

    @Test(dependsOnMethods = {"createDelegatedCredential"})
    public void checkDelegatedCredential() throws CredentialException {
        if (!$assertionsDisabled && this.delegatedCred == null) {
            throw new AssertionError();
        }
        LOG.trace("Checking Delegated credential");
        Assert.assertTrue(this.delegatedCred.check(this.testCertHelper.testTrustStore));
    }

    static {
        $assertionsDisabled = !CredentialTests.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(CredentialTests.class);
    }
}
