package org.apache.wss4j.dom.message;

import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.saml.WSSecSignatureSAML;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/wss4j/dom/message/ModifiedRequestTest.class */
public class ModifiedRequestTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(ModifiedRequestTest.class);
    private static final String SOAPMSG = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"http://blah.com\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>";
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
    private Crypto crypto;

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public ModifiedRequestTest() throws Exception {
        this.crypto = null;
        WSSConfig.init();
        this.crypto = CryptoFactory.getInstance();
    }

    @Test
    public void testMovedElement() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        LOG.info("Before Signing....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPMSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        wSSecSignature.getParts().add(new WSEncryptionPart("value", "http://blah.com", ""));
        Document build = wSSecSignature.build(sOAPPart, this.crypto, wSSecHeader);
        Element securityHeader = wSSecHeader.getSecurityHeader();
        Node item = build.getDocumentElement().getElementsByTagNameNS("http://blah.com", "value").item(0);
        securityHeader.appendChild(item.cloneNode(true));
        item.getFirstChild().setNodeValue("250");
        if (LOG.isDebugEnabled()) {
            LOG.debug("After Signing....");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Failure expected on multiple elements with the same wsu:Id");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
            assertTrue(e.getMessage().startsWith("javax.xml.crypto.URIReferenceException: org.apache.xml.security.utils.resolver.ResourceResolverException: Cannot resolve element with ID "));
        }
    }

    @Test
    public void testMovedElementChangedId() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        LOG.info("Before Signing....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPMSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        wSSecSignature.getParts().add(new WSEncryptionPart("value", "http://blah.com", ""));
        Document build = wSSecSignature.build(sOAPPart, this.crypto, wSSecHeader);
        Element securityHeader = wSSecHeader.getSecurityHeader();
        Node item = build.getDocumentElement().getElementsByTagNameNS("http://blah.com", "value").item(0);
        securityHeader.appendChild(item.cloneNode(true));
        item.getFirstChild().setNodeValue("250");
        ((Element) item).setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", "id-250");
        if (LOG.isDebugEnabled()) {
            LOG.debug("After Signing....");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        WSHandlerResult verify = verify(build);
        try {
            WSSecurityUtil.verifySignedElement((Element) ((Element) build.getDocumentElement().getElementsByTagNameNS("http://schemas.xmlsoap.org/soap/envelope/", "Body").item(0)).getElementsByTagNameNS("http://blah.com", "value").item(0), (List) verify.getActionResults().get(2));
            fail("Failure expected on the required element not being signed");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testDuplicatedSignedSAMLAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, (Crypto) null, samlAssertionWrapper, this.crypto, "16c73ab6-b892-458f-abf5-2f875f74882e", "security", wSSecHeader);
        Element element = (Element) samlAssertionWrapper.getElement().cloneNode(true);
        element.removeChild(element.getFirstChild());
        wSSecHeader.getSecurityHeader().appendChild(element);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Failure expected on duplicate tokens");
        } catch (WSSecurityException e) {
            assertTrue(e.getMessage().contains("Multiple security tokens with the same Id have been detected"));
        }
    }

    @Test
    public void testDuplicatedSignedUsernameToken() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("wss86", "security");
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        wSSecSignature.getParts().add(new WSEncryptionPart("UsernameToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", ""));
        wSSecSignature.prepare(build, this.crypto, wSSecHeader);
        wSSecSignature.computeSignature(wSSecSignature.addReferencesToSign(wSSecSignature.getParts(), wSSecHeader), false, (Element) null);
        wSSecHeader.getSecurityHeader().appendChild(wSSecUsernameToken.getUsernameTokenElement().cloneNode(true));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signed Timestamp");
            LOG.debug(XMLUtils.PrettyDocumentToString(sOAPPart));
        }
        try {
            verify(sOAPPart);
            fail("Failure expected on duplicate tokens");
        } catch (WSSecurityException e) {
            assertTrue(e.getMessage().contains("Multiple security tokens with the same Id have been detected"));
        }
    }

    @Test
    public void testModifiedEncryptedDataStructure() throws Exception {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(1);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        Document build = wSSecEncrypt.build(sOAPPart, cryptoFactory, wSSecHeader);
        XMLUtils.findElement(WSSecurityUtil.findBodyElement(sOAPPart), "EncryptionMethod", "http://www.w3.org/2001/04/xmlenc#").setAttributeNS(null, "Algorithm", "http://new-algorithm");
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, new KeystoreCallbackHandler(), cryptoFactory);
            fail("Failure expected on a modified EncryptedData structure");
        } catch (WSSecurityException e) {
        }
    }

    @Test
    public void testModifiedEncryptedDataCipherValue() throws Exception {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(1);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        Document build = wSSecEncrypt.build(sOAPPart, cryptoFactory, wSSecHeader);
        Element findElement = XMLUtils.findElement(WSSecurityUtil.findBodyElement(sOAPPart), "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
        StringBuilder sb = new StringBuilder(findElement.getTextContent());
        int length = sb.length() / 2;
        sb.setCharAt(length, sb.charAt(length) != 'A' ? 'A' : 'B');
        findElement.setTextContent(sb.toString());
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, new KeystoreCallbackHandler(), cryptoFactory);
            fail("Failure expected on a modified EncryptedData CipherValue");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testModifiedSecurityHeaderEncryptedDataCipherValue() throws Exception {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(1);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp();
        wSSecTimestamp.setTimeToLive(300);
        wSSecTimestamp.build(sOAPPart, wSSecHeader);
        wSSecEncrypt.getParts().add(new WSEncryptionPart("Timestamp", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", ""));
        Document build = wSSecEncrypt.build(sOAPPart, cryptoFactory, wSSecHeader);
        Element findElement = XMLUtils.findElement(XMLUtils.findElement(WSSecurityUtil.getSecurityHeader(build, ""), "EncryptedData", "http://www.w3.org/2001/04/xmlenc#"), "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
        StringBuilder sb = new StringBuilder(findElement.getTextContent());
        int length = sb.length() / 2;
        sb.setCharAt(length, sb.charAt(length) != 'A' ? 'A' : 'B');
        findElement.setTextContent(sb.toString());
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, new KeystoreCallbackHandler(), cryptoFactory);
            fail("Failure expected on a modified EncryptedData CipherValue");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testModifiedEncryptedKeyCipherValue() throws Exception {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(1);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        Document build = wSSecEncrypt.build(sOAPPart, cryptoFactory, wSSecHeader);
        Element findElement = XMLUtils.findElement(XMLUtils.findElement(sOAPPart.getDocumentElement(), "EncryptedKey", "http://www.w3.org/2001/04/xmlenc#"), "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
        StringBuilder sb = new StringBuilder(findElement.getTextContent());
        int length = sb.length() / 2;
        sb.setCharAt(length, sb.charAt(length) != 'A' ? 'A' : 'B');
        findElement.setTextContent(sb.toString());
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, new KeystoreCallbackHandler(), cryptoFactory);
            fail("Failure expected on a modified EncryptedData CipherValue");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testModifiedSignatureReference() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp();
        wSSecTimestamp.setTimeToLive(300);
        Document build = wSSecTimestamp.build(sOAPPart, wSSecHeader);
        wSSecSignature.getParts().add(new WSEncryptionPart("Timestamp", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", ""));
        Document build2 = wSSecSignature.build(build, this.crypto, wSSecHeader);
        Element findElement = XMLUtils.findElement(wSSecTimestamp.getElement(), "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        XMLGregorianCalendar newXMLGregorianCalendar = WSSConfig.datatypeFactory.newXMLGregorianCalendar(findElement.getTextContent());
        newXMLGregorianCalendar.add(WSSConfig.datatypeFactory.newDuration(5000L));
        findElement.setTextContent(xmlSchemaDateFormat.format(newXMLGregorianCalendar.toGregorianCalendar().getTime()));
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(build2));
        }
        try {
            verify(build2);
            fail("Failure expected on a modified Signature Reference");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testUntrustedSignature() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("wss40", "security");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignature.build(sOAPPart, CryptoFactory.getInstance("wss40.properties"), wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Failure expected on an untrusted Certificate");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testModifiedSignature() throws Exception {
        Node node;
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignature.build(sOAPPart, this.crypto, wSSecHeader);
        Element signatureElement = wSSecSignature.getSignatureElement();
        Node firstChild = signatureElement.getFirstChild();
        while (true) {
            node = firstChild;
            if ((node instanceof Element) || node == null) {
                break;
            } else {
                firstChild = signatureElement.getNextSibling();
            }
        }
        ((Element) node).setAttributeNS(null, "Id", "xyz");
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Failure expected on a modified Signature element");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    private WSHandlerResult verify(Document document) throws Exception {
        return this.secEngine.processSecurityHeader(document, (String) null, this.callbackHandler, this.crypto);
    }
}
