package org.apache.wss4j.dom.message;

import java.text.MessageFormat;
import java.util.ResourceBundle;
import java.util.TreeMap;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/message/RequireSignedEncryptedDataElementsTest.class */
public class RequireSignedEncryptedDataElementsTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(RequireSignedEncryptedDataElementsTest.class);
    private static ResourceBundle resources = ResourceBundle.getBundle("messages.wss4j_errors");
    private static final String SOAPMSG = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"http://blah.com\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>";
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
    private Crypto crypto;

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public RequireSignedEncryptedDataElementsTest() throws Exception {
        this.crypto = null;
        this.crypto = CryptoFactory.getInstance();
        WSSConfig.init();
    }

    @Test
    public void testEncryptedKeyRefAndDuplicatedEncDataInWsseHeader() throws Exception {
        verify(getRequestDocument(), getRequestData(true));
        Document requestDocument = getRequestDocument();
        RequestData requestData = getRequestData(false);
        TestMessageTransformer.duplicateEncryptedDataInWsseHeader(requestDocument.getDocumentElement(), false);
        verify(requestDocument, requestData);
        Document requestDocument2 = getRequestDocument();
        RequestData requestData2 = getRequestData(true);
        Element duplicateEncryptedDataInWsseHeader = TestMessageTransformer.duplicateEncryptedDataInWsseHeader(requestDocument2.getDocumentElement(), false);
        try {
            verify(requestDocument2, requestData2);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            checkFailure(duplicateEncryptedDataInWsseHeader, e);
        }
    }

    @Test
    public void testEncryptedKeyRefAndDuplicatedEncDataInWsseWrapperHeader() throws Exception {
        verify(getRequestDocument(), getRequestData(true));
        Document requestDocument = getRequestDocument();
        RequestData requestData = getRequestData(false);
        TestMessageTransformer.duplicateEncryptedDataInWsseWrapperHeader(requestDocument.getDocumentElement(), false);
        verify(requestDocument, requestData);
        Document requestDocument2 = getRequestDocument();
        RequestData requestData2 = getRequestData(true);
        Element duplicateEncryptedDataInWsseWrapperHeader = TestMessageTransformer.duplicateEncryptedDataInWsseWrapperHeader(requestDocument2.getDocumentElement(), false);
        try {
            verify(requestDocument2, requestData2);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            checkFailure(duplicateEncryptedDataInWsseWrapperHeader, e);
        }
    }

    @Test
    public void testEncryptedKeyRefAndDuplicatedEncDataInExternalWrapperElement() throws Exception {
        verify(getRequestDocument(), getRequestData(true));
        Document requestDocument = getRequestDocument();
        RequestData requestData = getRequestData(false);
        TestMessageTransformer.duplicateEncryptedDataInExternalWrapperElement(requestDocument.getDocumentElement(), false);
        verify(requestDocument, requestData);
        Document requestDocument2 = getRequestDocument();
        RequestData requestData2 = getRequestData(true);
        Element duplicateEncryptedDataInExternalWrapperElement = TestMessageTransformer.duplicateEncryptedDataInExternalWrapperElement(requestDocument2.getDocumentElement(), false);
        try {
            verify(requestDocument2, requestData2);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            checkFailure(duplicateEncryptedDataInExternalWrapperElement, e);
        }
    }

    @Test
    public void testReferenceListAndDuplicatedEncDataInWsseHeader() throws Exception {
        verify(getRequestDocument(), getRequestData(true));
        Document requestDocument = getRequestDocument();
        RequestData requestData = getRequestData(false);
        TestMessageTransformer.duplicateEncryptedDataInWsseHeader(requestDocument.getDocumentElement(), true);
        verify(requestDocument, requestData);
        Document requestDocument2 = getRequestDocument();
        RequestData requestData2 = getRequestData(true);
        Element duplicateEncryptedDataInWsseHeader = TestMessageTransformer.duplicateEncryptedDataInWsseHeader(requestDocument2.getDocumentElement(), true);
        try {
            verify(requestDocument2, requestData2);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            checkFailure(duplicateEncryptedDataInWsseHeader, e);
        }
    }

    @Test
    public void testReferenceListAndDuplicatedEncDataInWsseWrapperHeader() throws Exception {
        verify(getRequestDocument(), getRequestData(true));
        Document requestDocument = getRequestDocument();
        RequestData requestData = getRequestData(false);
        TestMessageTransformer.duplicateEncryptedDataInWsseWrapperHeader(requestDocument.getDocumentElement(), true);
        verify(requestDocument, requestData);
        Document requestDocument2 = getRequestDocument();
        RequestData requestData2 = getRequestData(true);
        Element duplicateEncryptedDataInWsseWrapperHeader = TestMessageTransformer.duplicateEncryptedDataInWsseWrapperHeader(requestDocument2.getDocumentElement(), true);
        try {
            verify(requestDocument2, requestData2);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            checkFailure(duplicateEncryptedDataInWsseWrapperHeader, e);
        }
    }

    @Test
    public void testReferenceListAndDuplicatedEncDataInExternalWrapperElement() throws Exception {
        verify(getRequestDocument(), getRequestData(true));
        Document requestDocument = getRequestDocument();
        RequestData requestData = getRequestData(false);
        TestMessageTransformer.duplicateEncryptedDataInExternalWrapperElement(requestDocument.getDocumentElement(), true);
        verify(requestDocument, requestData);
        Document requestDocument2 = getRequestDocument();
        RequestData requestData2 = getRequestData(true);
        Element duplicateEncryptedDataInExternalWrapperElement = TestMessageTransformer.duplicateEncryptedDataInExternalWrapperElement(requestDocument2.getDocumentElement(), true);
        try {
            verify(requestDocument2, requestData2);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            checkFailure(duplicateEncryptedDataInExternalWrapperElement, e);
        }
    }

    @Test
    public void testAdditionalEncryptedDataWithEmbeddedEncryptedKeyInWsseHeader() throws Exception {
        verify(getRequestDocument(), getRequestData(true));
        Document requestDocument = getRequestDocument();
        RequestData requestData = getRequestData(true);
        Element addEncryptedDataWithEmbeddedEncryptedKeyInWsseHeader = TestMessageTransformer.addEncryptedDataWithEmbeddedEncryptedKeyInWsseHeader(requestDocument.getDocumentElement());
        try {
            verify(requestDocument, requestData);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            checkFailure(addEncryptedDataWithEmbeddedEncryptedKeyInWsseHeader, e);
        }
    }

    @Test
    public void testEncryptedKeyRefAndDuplicatedEncDataInWsseWrapperBody() throws Exception {
        Document requestDocumentEncryptionFirst = getRequestDocumentEncryptionFirst();
        RequestData requestData = getRequestData(false);
        TestMessageTransformer.duplicateEncryptedDataInWrapperBody(requestDocumentEncryptionFirst.getDocumentElement());
        try {
            verify(requestDocumentEncryptionFirst, requestData);
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            assertTrue(e.getMessage().contains("The signature or decryption was invalid"));
        }
        Document requestDocumentEncryptionFirst2 = getRequestDocumentEncryptionFirst();
        TestMessageTransformer.duplicateEncryptedDataInWrapperBody(requestDocumentEncryptionFirst2.getDocumentElement());
        try {
            verify(requestDocumentEncryptionFirst2, getRequestData(true));
            fail("WSSecurityException expected");
        } catch (WSSecurityException e2) {
            assertTrue(e2.getMessage().contains("is not included in the signature"));
        }
    }

    @Test
    public void testEncryptedKeyRefAndDuplicatedEncDataAfterWsseWrapperBody() throws Exception {
        Document requestDocumentEncryptionFirst = getRequestDocumentEncryptionFirst();
        TestMessageTransformer.duplicateEncryptedDataAfterWrapperBody(requestDocumentEncryptionFirst.getDocumentElement());
        try {
            verify(requestDocumentEncryptionFirst, getRequestData(true));
            fail("WSSecurityException expected");
        } catch (WSSecurityException e) {
            assertTrue(e.getMessage().contains("is not included in the signature"));
        }
    }

    private static void checkFailure(Element element, WSSecurityException wSSecurityException) {
        assertTrue(wSSecurityException.getMessage().contains(MessageFormat.format(resources.getString("requiredElementNotSigned"), element)));
        assertEquals(WSSecurityException.ErrorCode.FAILED_CHECK, wSSecurityException.getErrorCode());
    }

    private RequestData getRequestData(boolean z) throws WSSecurityException {
        RequestData requestData = new RequestData();
        new TreeMap();
        TreeMap treeMap = new TreeMap();
        treeMap.put("requireSignedEncryptedDataElements", Boolean.toString(z));
        requestData.setMsgContext(treeMap);
        new CustomHandler().receive(WSSecurityUtil.decodeAction("Encrypt Signature"), requestData);
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setSigVerCrypto(this.crypto);
        requestData.setDecCrypto(this.crypto);
        return requestData;
    }

    private Document getRequestDocument() throws Exception {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecEncrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        LOG.info("Before Encryption....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPMSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecEncrypt.build(sOAPPart, this.crypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("After Encryption....");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        Document build2 = wSSecSignature.build(build, this.crypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("After Signing....");
            LOG.debug(XMLUtils.PrettyDocumentToString(build2));
        }
        return build2;
    }

    private Document getRequestDocumentEncryptionFirst() throws Exception {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecEncrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        LOG.info("Before Encryption....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPMSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignature.build(sOAPPart, this.crypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("After Signing....");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        Document build2 = wSSecEncrypt.build(build, this.crypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("After Encryption....");
            LOG.debug(XMLUtils.PrettyDocumentToString(build2));
        }
        return build2;
    }

    private WSHandlerResult verify(Document document, RequestData requestData) throws Exception {
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(WSSecurityUtil.getSecurityHeader(document, (String) null), requestData);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(document));
        }
        return processSecurityHeader;
    }
}
