package org.apache.wss4j.dom.message;

import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/message/SignatureCRLTest.class */
public class SignatureCRLTest {
    private static final Logger LOG = LoggerFactory.getLogger(SignatureCRLTest.class);
    private Crypto crypto;
    private Crypto cryptoCA;

    public SignatureCRLTest() throws Exception {
        WSSConfig.init();
        this.crypto = CryptoFactory.getInstance("wss40rev.properties");
        this.cryptoCA = CryptoFactory.getInstance("wss40CA.properties");
    }

    @Disabled
    @Test
    public void testSignatureDirectReference() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG));
        wSSecHeader.insertSecurityHeader();
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setUserInfo("wss40rev", "security");
        wSSecSignature.setKeyIdentifierType(1);
        Document build = wSSecSignature.build(this.crypto);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        Assertions.assertNotNull((X509Certificate) ((WSSecurityEngineResult) ((List) verify(build, this.cryptoCA, false).getActionResults().get(2)).get(0)).get("x509-certificate"));
    }

    @Disabled
    @Test
    public void testSignatureDirectReferenceRevocation() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG));
        wSSecHeader.insertSecurityHeader();
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setUserInfo("wss40rev", "security");
        wSSecSignature.setKeyIdentifierType(1);
        Document build = wSSecSignature.build(this.crypto);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            verify(build, this.cryptoCA, true);
            Assertions.fail("Failure expected on a revoked certificate");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Disabled
    @Test
    public void testSignatureDirectReferenceRevocationKeyStore() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG));
        wSSecHeader.insertSecurityHeader();
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setUserInfo("wss40rev", "security");
        wSSecSignature.setKeyIdentifierType(1);
        Document build = wSSecSignature.build(this.crypto);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            verify(build, this.crypto, true);
            Assertions.fail("Failure expected on a revoked certificate");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    private WSHandlerResult verify(Document document, Crypto crypto, boolean z) throws Exception {
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setSigVerCrypto(crypto);
        requestData.setEnableRevocation(z);
        WSHandlerResult processSecurityHeader = wSSecurityEngine.processSecurityHeader(WSSecurityUtil.getSecurityHeader(document, (String) null), requestData);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Verfied and decrypted message:");
            LOG.debug(XMLUtils.prettyDocumentToString(document));
        }
        return processSecurityHeader;
    }
}
