package net.shibboleth.spring.security.trust;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.ResolverException;
import net.shibboleth.spring.security.AbstractSecurityParserTest;
import org.opensaml.security.trust.TrustEngine;
import org.opensaml.security.x509.PKIXValidationInformation;
import org.opensaml.security.x509.PKIXValidationOptions;
import org.opensaml.security.x509.impl.BasicPKIXValidationInformation;
import org.opensaml.security.x509.impl.CertPathPKIXValidationOptions;
import org.opensaml.security.x509.impl.DummyX509CredentialNameEvaluator;
import org.opensaml.security.x509.impl.StaticPKIXValidationInformationResolver;
import org.opensaml.xmlsec.signature.support.impl.PKIXSignatureTrustEngine;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/spring/security/trust/StaticPKIXSignatureParserTest.class */
public class StaticPKIXSignatureParserTest extends AbstractSecurityParserTest {
    static final /* synthetic */ boolean $assertionsDisabled;

    @Test
    public void simple() throws IOException, ResolverException {
        PKIXSignatureTrustEngine pKIXSignatureTrustEngine = (PKIXSignatureTrustEngine) getBean(TrustEngine.class, "trust/staticPKIX.xml");
        Assert.assertNotNull(pKIXSignatureTrustEngine.getX509CredentialNameEvaluator());
        StaticPKIXValidationInformationResolver pKIXResolver = pKIXSignatureTrustEngine.getPKIXResolver();
        Assert.assertTrue(pKIXResolver.resolveTrustedNames((CriteriaSet) null).isEmpty());
        ArrayList arrayList = new ArrayList();
        Iterator it = pKIXResolver.resolve((CriteriaSet) null).iterator();
        while (it.hasNext()) {
            arrayList.add((PKIXValidationInformation) it.next());
        }
        Assert.assertEquals(arrayList.size(), 1);
        PKIXValidationOptions pKIXValidationOptions = pKIXSignatureTrustEngine.getPKIXTrustEvaluator().getPKIXValidationOptions();
        Assert.assertTrue(pKIXValidationOptions.isProcessCredentialCRLs());
        Assert.assertTrue(pKIXValidationOptions.isProcessEmptyCRLs());
        Assert.assertTrue(pKIXValidationOptions.isProcessExpiredCRLs());
        Assert.assertEquals(pKIXValidationOptions.getDefaultVerificationDepth(), 1);
    }

    @Test
    public void nameCheckDisabled() throws IOException, ResolverException {
        PKIXSignatureTrustEngine pKIXSignatureTrustEngine = (PKIXSignatureTrustEngine) getBean(TrustEngine.class, "trust/staticPKIX-nameCheckDisabled.xml");
        Assert.assertTrue(pKIXSignatureTrustEngine.getX509CredentialNameEvaluator() instanceof DummyX509CredentialNameEvaluator);
        StaticPKIXValidationInformationResolver pKIXResolver = pKIXSignatureTrustEngine.getPKIXResolver();
        Assert.assertTrue(pKIXResolver.resolveTrustedNames((CriteriaSet) null).isEmpty());
        ArrayList arrayList = new ArrayList();
        Iterator it = pKIXResolver.resolve((CriteriaSet) null).iterator();
        while (it.hasNext()) {
            arrayList.add((PKIXValidationInformation) it.next());
        }
        Assert.assertEquals(arrayList.size(), 1);
        PKIXValidationOptions pKIXValidationOptions = pKIXSignatureTrustEngine.getPKIXTrustEvaluator().getPKIXValidationOptions();
        Assert.assertTrue(pKIXValidationOptions.isProcessCredentialCRLs());
        Assert.assertTrue(pKIXValidationOptions.isProcessEmptyCRLs());
        Assert.assertTrue(pKIXValidationOptions.isProcessExpiredCRLs());
        Assert.assertEquals(pKIXValidationOptions.getDefaultVerificationDepth(), 1);
    }

    @Test
    public void values() throws IOException, ResolverException {
        PKIXSignatureTrustEngine pKIXSignatureTrustEngine = (PKIXSignatureTrustEngine) getBean(TrustEngine.class, "trust/staticPKIXValues.xml");
        Assert.assertNotNull(pKIXSignatureTrustEngine.getX509CredentialNameEvaluator());
        StaticPKIXValidationInformationResolver pKIXResolver = pKIXSignatureTrustEngine.getPKIXResolver();
        Set resolveTrustedNames = pKIXResolver.resolveTrustedNames((CriteriaSet) null);
        Assert.assertEquals(resolveTrustedNames.size(), 3);
        Assert.assertTrue(resolveTrustedNames.contains("Name1"));
        Assert.assertTrue(resolveTrustedNames.contains("Name2"));
        Assert.assertTrue(resolveTrustedNames.contains("Name3"));
        ArrayList arrayList = new ArrayList();
        Iterator it = pKIXResolver.resolve((CriteriaSet) null).iterator();
        while (it.hasNext()) {
            arrayList.add((PKIXValidationInformation) it.next());
        }
        Assert.assertEquals(arrayList.size(), 2);
        Integer verificationDepth = ((BasicPKIXValidationInformation) arrayList.get(0)).getVerificationDepth();
        Integer verificationDepth2 = ((BasicPKIXValidationInformation) arrayList.get(1)).getVerificationDepth();
        if (!$assertionsDisabled && verificationDepth == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && verificationDepth2 == null) {
            throw new AssertionError();
        }
        Assert.assertTrue(98 == verificationDepth.intValue() || 99 == verificationDepth.intValue());
        Assert.assertTrue(98 == verificationDepth2.intValue() || 99 == verificationDepth2.intValue());
        Assert.assertNotEquals(verificationDepth, verificationDepth2);
        PKIXValidationOptions pKIXValidationOptions = pKIXSignatureTrustEngine.getPKIXTrustEvaluator().getPKIXValidationOptions();
        Assert.assertFalse(pKIXValidationOptions.isProcessCredentialCRLs());
        Assert.assertFalse(pKIXValidationOptions.isProcessEmptyCRLs());
        Assert.assertFalse(pKIXValidationOptions.isProcessExpiredCRLs());
        Assert.assertEquals(pKIXValidationOptions.getDefaultVerificationDepth(), 2);
    }

    @Test
    public void certPath() throws IOException, ResolverException {
        PKIXSignatureTrustEngine pKIXSignatureTrustEngine = (PKIXSignatureTrustEngine) getBean(TrustEngine.class, "trust/staticPKIXValuesCertPathOpts.xml");
        Assert.assertNotNull(pKIXSignatureTrustEngine.getX509CredentialNameEvaluator());
        StaticPKIXValidationInformationResolver pKIXResolver = pKIXSignatureTrustEngine.getPKIXResolver();
        Set resolveTrustedNames = pKIXResolver.resolveTrustedNames((CriteriaSet) null);
        Assert.assertEquals(resolveTrustedNames.size(), 1);
        Assert.assertTrue(resolveTrustedNames.contains("Name1"));
        ArrayList arrayList = new ArrayList();
        Iterator it = pKIXResolver.resolve((CriteriaSet) null).iterator();
        while (it.hasNext()) {
            arrayList.add((PKIXValidationInformation) it.next());
        }
        Assert.assertEquals(arrayList.size(), 1);
        Assert.assertEquals(((BasicPKIXValidationInformation) arrayList.get(0)).getVerificationDepth(), 99);
        CertPathPKIXValidationOptions pKIXValidationOptions = pKIXSignatureTrustEngine.getPKIXTrustEvaluator().getPKIXValidationOptions();
        Assert.assertFalse(pKIXValidationOptions.isProcessCredentialCRLs());
        Assert.assertFalse(pKIXValidationOptions.isProcessEmptyCRLs());
        Assert.assertFalse(pKIXValidationOptions.isProcessExpiredCRLs());
        Assert.assertEquals(pKIXValidationOptions.getDefaultVerificationDepth(), 3);
        Assert.assertFalse(pKIXValidationOptions.isRevocationEnabled());
        Assert.assertTrue(pKIXValidationOptions.isAnyPolicyInhibited());
        Assert.assertTrue(pKIXValidationOptions.isPolicyMappingInhibited());
        Assert.assertTrue(pKIXValidationOptions.isForceRevocationEnabled());
        Assert.assertEquals(pKIXValidationOptions.getInitialPolicies().size(), 1);
        Assert.assertTrue(pKIXValidationOptions.getInitialPolicies().contains("1234"));
    }

    static {
        $assertionsDisabled = !StaticPKIXSignatureParserTest.class.desiredAssertionStatus();
    }
}
