package org.apache.cxf.systest.ws.fault;

import jakarta.xml.soap.SOAPFault;
import jakarta.xml.ws.Service;
import jakarta.xml.ws.soap.SOAPFaultException;
import java.io.Closeable;
import java.time.ZonedDateTime;
import java.util.Iterator;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.test.TestUtilities;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.example.contract.doubleit.DoubleItFault;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/cxf/systest/ws/fault/ModifiedRequestTest.class */
public class ModifiedRequestTest extends AbstractBusClientServerTestBase {
    static final String PORT = allocatePort(ModifiedRequestServer.class);
    static final String STAX_PORT = allocatePort(ModifiedRequestServer.class, 2);
    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
    private static boolean unrestrictedPoliciesInstalled = TestUtilities.checkUnrestrictedPoliciesInstalled();

    /* loaded from: input_file:org/apache/cxf/systest/ws/fault/ModifiedRequestTest$ModifiedEncryptedKeyInterceptor.class */
    private static class ModifiedEncryptedKeyInterceptor extends AbstractModifyRequestInterceptor {
        private ModifiedEncryptedKeyInterceptor() {
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySecurityHeader(Element element) {
            if (element != null) {
                Element findElement = XMLUtils.findElement(XMLUtils.findElement(element, "EncryptedKey", "http://www.w3.org/2001/04/xmlenc#"), "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
                StringBuilder sb = new StringBuilder(findElement.getTextContent());
                int length = sb.length() / 2;
                sb.setCharAt(length, sb.charAt(length) != 'A' ? 'A' : 'B');
                findElement.setTextContent(sb.toString());
            }
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySOAPBody(Element element) {
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/ws/fault/ModifiedRequestTest$ModifiedEncryptedSOAPBody.class */
    private static class ModifiedEncryptedSOAPBody extends AbstractModifyRequestInterceptor {
        private ModifiedEncryptedSOAPBody() {
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySecurityHeader(Element element) {
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySOAPBody(Element element) {
            if (element != null) {
                Element findElement = XMLUtils.findElement(element, "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
                StringBuilder sb = new StringBuilder(findElement.getTextContent());
                int length = sb.length() / 2;
                sb.setCharAt(length, sb.charAt(length) != 'A' ? 'A' : 'B');
                findElement.setTextContent(sb.toString());
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/ws/fault/ModifiedRequestTest$ModifiedSignatureInterceptor.class */
    private static class ModifiedSignatureInterceptor extends AbstractModifyRequestInterceptor {
        private ModifiedSignatureInterceptor() {
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySecurityHeader(Element element) {
            Node node;
            if (element != null) {
                Element findElement = XMLUtils.findElement(element, "Signature", "http://www.w3.org/2000/09/xmldsig#");
                Node firstChild = findElement.getFirstChild();
                while (true) {
                    node = firstChild;
                    if ((node instanceof Element) || node == null) {
                        break;
                    } else {
                        firstChild = findElement.getNextSibling();
                    }
                }
                ((Element) node).setAttributeNS(null, "Id", "xyz");
            }
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySOAPBody(Element element) {
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/ws/fault/ModifiedRequestTest$ModifiedTimestampInterceptor.class */
    private static class ModifiedTimestampInterceptor extends AbstractModifyRequestInterceptor {
        private ModifiedTimestampInterceptor() {
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySecurityHeader(Element element) {
            if (element != null) {
                Element findElement = XMLUtils.findElement(XMLUtils.findElement(element, "Timestamp", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"), "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                findElement.setTextContent(DateUtil.getDateTimeFormatter(true).format(ZonedDateTime.parse(findElement.getTextContent()).plusSeconds(5L)));
            }
        }

        @Override // org.apache.cxf.systest.ws.fault.AbstractModifyRequestInterceptor
        public void modifySOAPBody(Element element) {
        }
    }

    @BeforeClass
    public static void startServers() throws Exception {
        Assert.assertTrue("Server failed to launch", launchServer(ModifiedRequestServer.class, true));
    }

    @AfterClass
    public static void cleanup() throws Exception {
        stopAllServers();
    }

    @Test
    public void testModifiedSignedTimestamp() throws Exception {
        if (unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(ModifiedRequestTest.class.getResource("client.xml").toString());
            BusFactory.setDefaultBus(createBus);
            BusFactory.setThreadDefaultBus(createBus);
            Service create = Service.create(ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"), SERVICE_QNAME);
            QName qName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
            DoubleItPortType doubleItPortType = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType, PORT);
            Client client = ClientProxy.getClient(doubleItPortType);
            client.getOutInterceptors().add(new ModifiedTimestampInterceptor());
            makeInvocation(doubleItPortType, false);
            DoubleItPortType doubleItPortType2 = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType2, STAX_PORT);
            Client client2 = ClientProxy.getClient(doubleItPortType2);
            client2.getOutInterceptors().add(new ModifiedTimestampInterceptor());
            makeInvocation(doubleItPortType2, true);
            ((Closeable) doubleItPortType2).close();
            createBus.shutdown(true);
        }
    }

    @Test
    public void testModifiedSignature() throws Exception {
        if (unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(ModifiedRequestTest.class.getResource("client.xml").toString());
            BusFactory.setDefaultBus(createBus);
            BusFactory.setThreadDefaultBus(createBus);
            Service create = Service.create(ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"), SERVICE_QNAME);
            QName qName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
            DoubleItPortType doubleItPortType = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType, PORT);
            Client client = ClientProxy.getClient(doubleItPortType);
            client.getOutInterceptors().add(new ModifiedSignatureInterceptor());
            makeInvocation(doubleItPortType, false);
            DoubleItPortType doubleItPortType2 = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType2, STAX_PORT);
            Client client2 = ClientProxy.getClient(doubleItPortType2);
            client2.getOutInterceptors().add(new ModifiedSignatureInterceptor());
            makeInvocation(doubleItPortType2, true);
            ((Closeable) doubleItPortType2).close();
            createBus.shutdown(true);
        }
    }

    @Test
    public void testUntrustedSignature() throws Exception {
        if (unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(ModifiedRequestTest.class.getResource("client-untrusted.xml").toString());
            BusFactory.setDefaultBus(createBus);
            BusFactory.setThreadDefaultBus(createBus);
            Service create = Service.create(ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"), SERVICE_QNAME);
            QName qName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
            DoubleItPortType doubleItPortType = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType, PORT);
            makeInvocation(doubleItPortType, false);
            DoubleItPortType doubleItPortType2 = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType2, STAX_PORT);
            makeInvocation(doubleItPortType2, true);
            ((Closeable) doubleItPortType2).close();
            createBus.shutdown(true);
        }
    }

    @Test
    public void testModifiedEncryptedKey() throws Exception {
        if (unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(ModifiedRequestTest.class.getResource("client.xml").toString());
            BusFactory.setDefaultBus(createBus);
            BusFactory.setThreadDefaultBus(createBus);
            Service create = Service.create(ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"), SERVICE_QNAME);
            QName qName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
            DoubleItPortType doubleItPortType = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType, PORT);
            Client client = ClientProxy.getClient(doubleItPortType);
            client.getOutInterceptors().add(new ModifiedEncryptedKeyInterceptor());
            makeInvocation(doubleItPortType, false);
            DoubleItPortType doubleItPortType2 = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType2, STAX_PORT);
            Client client2 = ClientProxy.getClient(doubleItPortType2);
            client2.getOutInterceptors().add(new ModifiedEncryptedKeyInterceptor());
            makeInvocation(doubleItPortType2, true);
            ((Closeable) doubleItPortType2).close();
            createBus.shutdown(true);
        }
    }

    @Test
    public void testModifiedEncryptedSOAPBody() throws Exception {
        if (unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(ModifiedRequestTest.class.getResource("client.xml").toString());
            BusFactory.setDefaultBus(createBus);
            BusFactory.setThreadDefaultBus(createBus);
            Service create = Service.create(ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"), SERVICE_QNAME);
            QName qName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
            DoubleItPortType doubleItPortType = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType, PORT);
            Client client = ClientProxy.getClient(doubleItPortType);
            client.getOutInterceptors().add(new ModifiedEncryptedSOAPBody());
            makeInvocation(doubleItPortType, false);
            DoubleItPortType doubleItPortType2 = (DoubleItPortType) create.getPort(qName, DoubleItPortType.class);
            updateAddressPort(doubleItPortType2, STAX_PORT);
            Client client2 = ClientProxy.getClient(doubleItPortType2);
            client2.getOutInterceptors().add(new ModifiedEncryptedSOAPBody());
            makeInvocation(doubleItPortType2, true);
            ((Closeable) doubleItPortType2).close();
            createBus.shutdown(true);
        }
    }

    private void makeInvocation(DoubleItPortType doubleItPortType, boolean z) throws DoubleItFault {
        try {
            doubleItPortType.doubleIt(25);
            Assert.fail("Expected failure on a modified request");
        } catch (SOAPFaultException e) {
            SOAPFault fault = e.getFault();
            if (z) {
                Assert.assertTrue("soap:Sender".equals(fault.getFaultCode()) || "soap:Receiver".equals(fault.getFaultCode()));
                Assert.assertTrue(fault.getFaultString().contains("A security error was encountered when verifying the message"));
                Assert.assertFalse(fault.getFaultSubcodes().hasNext());
            } else {
                Assert.assertTrue(fault.getFaultCode().endsWith("Sender"));
                Assert.assertEquals(fault.getFaultString(), "A security error was encountered when verifying the message");
                Iterator faultSubcodes = fault.getFaultSubcodes();
                Assert.assertTrue(faultSubcodes.hasNext());
                Assert.assertEquals(WSSecurityException.SECURITY_ERROR, faultSubcodes.next());
                Assert.assertFalse(faultSubcodes.hasNext());
            }
        }
    }
}
