package org.apache.wss4j.dom.message;

import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/message/DerivedKeyTest.class */
public class DerivedKeyTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(DerivedKeyTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
    private Crypto crypto;

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public DerivedKeyTest() throws Exception {
        this.crypto = null;
        this.crypto = CryptoFactory.getInstance("wss40.properties");
        WSSConfig.init();
    }

    @Test
    public void testEncryptionDecryptionTRIPLEDES() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setUserInfo("wss40");
        wSSecEncryptedKey.setKeyIdentifierType(8);
        wSSecEncryptedKey.prepare(sOAPPart, this.crypto);
        byte[] ephemeralKey = wSSecEncryptedKey.getEphemeralKey();
        String id = wSSecEncryptedKey.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(ephemeralKey, id);
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecEncryptedKey.prependToHeader(wSSecHeader);
        wSSecEncryptedKey.prependBSTElementToHeader(wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message: 3DES  + DerivedKeys");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        verify(sOAPPart);
    }

    @Test
    public void testEncryptionDecryptionAES128() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setUserInfo("wss40");
        wSSecEncryptedKey.setKeyIdentifierType(8);
        wSSecEncryptedKey.prepare(sOAPPart, this.crypto);
        byte[] ephemeralKey = wSSecEncryptedKey.getEphemeralKey();
        String id = wSSecEncryptedKey.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(ephemeralKey, id);
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecEncryptedKey.prependToHeader(wSSecHeader);
        wSSecEncryptedKey.prependBSTElementToHeader(wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message: 3DES  + DerivedKeys");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        verify(sOAPPart);
    }

    @Test
    public void testSignature() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setUserInfo("wss40");
        wSSecEncryptedKey.setKeyIdentifierType(8);
        wSSecEncryptedKey.prepare(sOAPPart, this.crypto);
        byte[] ephemeralKey = wSSecEncryptedKey.getEphemeralKey();
        String id = wSSecEncryptedKey.getId();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(ephemeralKey, id);
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecEncryptedKey.prependToHeader(wSSecHeader);
        wSSecEncryptedKey.prependBSTElementToHeader(wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signed message: 3DES  + DerivedKeys");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) verify(sOAPPart).getActionResults().get(2)).get(0);
        assertTrue(wSSecurityEngineResult != null);
        assertFalse(wSSecurityEngineResult.isEmpty());
        assertTrue(wSSecurityEngineResult.get("secret") != null);
    }

    @Test
    public void testSignatureThumbprintSHA1() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(sOAPPart);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        securityTokenReference.setKeyIdentifierThumb(this.crypto.getX509Certificates(cryptoType)[0]);
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(this.crypto.getPrivateKey("wss40", "security").getEncoded(), securityTokenReference.getElement());
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecDKSign.prependDKElementToHeader(wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message: ThumbprintSHA1 + DerivedKeys");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) verify(sOAPPart).getActionResults().get(2)).get(0);
        assertTrue(wSSecurityEngineResult != null);
        assertFalse(wSSecurityEngineResult.isEmpty());
        assertTrue(wSSecurityEngineResult.get("secret") != null);
    }

    @Test
    public void testSignatureSKI() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(sOAPPart);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        securityTokenReference.setKeyIdentifierSKI(this.crypto.getX509Certificates(cryptoType)[0], this.crypto);
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(this.crypto.getPrivateKey("wss40", "security").getEncoded(), securityTokenReference.getElement());
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecDKSign.prependDKElementToHeader(wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message: SKI + DerivedKeys");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) verify(sOAPPart).getActionResults().get(2)).get(0);
        assertTrue(wSSecurityEngineResult != null);
        assertFalse(wSSecurityEngineResult.isEmpty());
        assertTrue(wSSecurityEngineResult.get("secret") != null);
    }

    @Test
    public void testSignatureEncrypt() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setUserInfo("wss40");
        wSSecEncryptedKey.setKeyIdentifierType(8);
        wSSecEncryptedKey.prepare(sOAPPart, this.crypto);
        byte[] ephemeralKey = wSSecEncryptedKey.getEphemeralKey();
        String id = wSSecEncryptedKey.getId();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(ephemeralKey, id);
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        LOG.info("Before HMAC-SHA1 signature");
        Document build = wSSecDKSign.build(sOAPPart, wSSecHeader);
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(ephemeralKey, id);
        Document build2 = wSSecDKEncrypt.build(build, wSSecHeader);
        wSSecEncryptedKey.prependToHeader(wSSecHeader);
        wSSecEncryptedKey.prependBSTElementToHeader(wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message: 3DES  + DerivedKeys");
            LOG.debug(XMLUtils.prettyDocumentToString(build2));
        }
        verify(build2);
    }

    @Test
    public void testEncryptSignature() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setUserInfo("wss40");
        wSSecEncryptedKey.setKeyIdentifierType(8);
        wSSecEncryptedKey.prepare(sOAPPart, this.crypto);
        byte[] ephemeralKey = wSSecEncryptedKey.getEphemeralKey();
        String id = wSSecEncryptedKey.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(ephemeralKey, id);
        wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(ephemeralKey, id);
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        LOG.info("Before HMAC-SHA1 signature");
        Document build = wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecEncryptedKey.prependToHeader(wSSecHeader);
        wSSecEncryptedKey.prependBSTElementToHeader(wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message: 3DES  + DerivedKeys");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        verify(build);
    }

    private WSHandlerResult verify(Document document) throws Exception {
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, this.callbackHandler, this.crypto);
        assertTrue(XMLUtils.prettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }
}
