package org.apache.wss4j.dom.components.crypto;

import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.CertificateStore;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/components/crypto/CertificateStoreTest.class */
public class CertificateStoreTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(CertificateStoreTest.class);
    private Crypto receiverCrypto;
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private Crypto senderCrypto = CryptoFactory.getInstance("wss40.properties");
    private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public CertificateStoreTest() throws Exception {
        this.receiverCrypto = null;
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        this.receiverCrypto = new CertificateStore(this.senderCrypto.getX509Certificates(cryptoType));
        WSSConfig.init();
    }

    @Test
    public void testSignatureDirectReference() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("wss40", "security");
        wSSecSignature.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecSignature.build(sOAPPart, this.senderCrypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        assertTrue(((X509Certificate) ((WSSecurityEngineResult) ((List) verify(build, this.receiverCrypto).getActionResults().get(2)).get(0)).get("x509-certificate")) != null);
    }

    @Test
    public void testSignatureX509() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("wss40", "security");
        wSSecSignature.setKeyIdentifierType(3);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecSignature.build(sOAPPart, this.senderCrypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.keystoreCallbackHandler);
        requestData.setSigVerCrypto(this.receiverCrypto);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3063));
        assertTrue(((X509Certificate) ((WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(build, requestData).getActionResults().get(2)).get(0)).get("x509-certificate")) != null);
    }

    @Test
    public void testSignatureIssuerSerial() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("wss40", "security");
        wSSecSignature.setKeyIdentifierType(2);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecSignature.build(sOAPPart, this.senderCrypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        assertTrue(((X509Certificate) ((WSSecurityEngineResult) ((List) verify(build, this.receiverCrypto).getActionResults().get(2)).get(0)).get("x509-certificate")) != null);
    }

    @Test
    public void testSignatureThumbprint() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("wss40", "security");
        wSSecSignature.setKeyIdentifierType(8);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecSignature.build(sOAPPart, this.senderCrypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        assertTrue(((X509Certificate) ((WSSecurityEngineResult) ((List) verify(build, this.receiverCrypto).getActionResults().get(2)).get(0)).get("x509-certificate")) != null);
    }

    @Test
    public void testSignatureSKI() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("wss40", "security");
        wSSecSignature.setKeyIdentifierType(4);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecSignature.build(sOAPPart, this.senderCrypto, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        assertTrue(((X509Certificate) ((WSSecurityEngineResult) ((List) verify(build, this.receiverCrypto).getActionResults().get(2)).get(0)).get("x509-certificate")) != null);
    }

    @Test
    public void testSignatureDirectReferenceUntrusted() throws Exception {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        wSSecSignature.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecSignature.build(sOAPPart, CryptoFactory.getInstance(), wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            verify(build, this.receiverCrypto);
            fail("Failure expected on an unknown certificate");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
        }
    }

    private WSHandlerResult verify(Document document, Crypto crypto) throws Exception {
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, this.keystoreCallbackHandler, crypto);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Verfied and decrypted message:");
            LOG.debug(XMLUtils.prettyDocumentToString(document));
        }
        return processSecurityHeader;
    }
}
