package org.apache.wss4j.dom.message;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.TreeMap;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.SOAPConstants;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SecretKeyCallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.str.STRParser;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/message/EncryptionTest.class */
public class EncryptionTest {
    private static final Logger LOG = LoggerFactory.getLogger(EncryptionTest.class);
    private static final QName SOAP_BODY = new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body");
    private byte[] keyData;
    private SecretKey key;
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private CallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
    private SecretKeyCallbackHandler secretKeyCallbackHandler = new SecretKeyCallbackHandler();
    private Crypto crypto = CryptoFactory.getInstance("wss40.properties");

    @BeforeEach
    public void setUp() throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        this.key = keyGenerator.generateKey();
        this.keyData = this.key.getEncoded();
        this.secEngine.setWssConfig(WSSConfig.getNewInstance());
    }

    @Test
    public void testEncryptionDecryptionRSA15() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(1);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        LOG.info("Before Encryption Triple DES....");
        Document build = wSSecEncrypt.build(this.crypto, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#tripledes-cbc").generateKey());
        LOG.info("After Encryption Triple DES....");
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message, RSA-15 keytransport, 3DES:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertFalse(prettyDocumentToString.contains("counter_port_type"));
        verify(build, this.keystoreCallbackHandler, SOAP_BODY);
        wSSecEncrypt.getParts().clear();
        WSSecHeader wSSecHeader2 = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader2.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt2 = new WSSecEncrypt(wSSecHeader2);
        wSSecEncrypt2.setUserInfo("wss40");
        wSSecEncrypt2.setKeyIdentifierType(2);
        wSSecEncrypt2.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecEncrypt2.getParts().add(new WSEncryptionPart("add", "http://ws.apache.org/counter/counter_port_type", "Element"));
        LOG.info("Before Encryption AES 128/RSA-15....");
        Document build2 = wSSecEncrypt2.build(this.crypto, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey());
        LOG.info("After Encryption AES 128/RSA-15....");
        String prettyDocumentToString2 = XMLUtils.prettyDocumentToString(build2);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message, RSA-15 keytransport, AES 128:");
            LOG.debug(prettyDocumentToString2);
        }
        Assertions.assertFalse(prettyDocumentToString2.contains("counter_port_type"));
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) verify(build2, this.keystoreCallbackHandler, new QName("http://ws.apache.org/counter/counter_port_type", "add")).getActionResults().get(4)).get(0);
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-certificate"));
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-reference-type"));
        Assertions.assertTrue(((STRParser.REFERENCE_TYPE) wSSecurityEngineResult.get("x509-reference-type")) == STRParser.REFERENCE_TYPE.ISSUER_SERIAL);
    }

    @Test
    public void testEncryptionDecryptionOAEP() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(3);
        wSSecEncrypt.setKeyEncAlgo("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        LOG.info("Before Encryption Triple DES/RSA-OAEP....");
        Document build = wSSecEncrypt.build(this.crypto, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey());
        LOG.info("After Encryption Triple DES/RSA-OAEP....");
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message, RSA-OAEP keytransport, 3DES:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertFalse(prettyDocumentToString.contains("counter_port_type"));
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) new WSSecurityEngine().processSecurityHeader(build, (String) null, this.keystoreCallbackHandler, this.crypto).getActionResults().get(4)).get(0);
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-certificate"));
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-reference-type"));
        Assertions.assertTrue(((STRParser.REFERENCE_TYPE) wSSecurityEngineResult.get("x509-reference-type")) == STRParser.REFERENCE_TYPE.KEY_IDENTIFIER);
    }

    @Test
    public void testEncryptionDecryptionPublicKey() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setKeyIdentifierType(13);
        wSSecEncrypt.setKeyEncAlgo("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        X509Certificate[] x509Certificates = this.crypto.getX509Certificates(cryptoType);
        Assertions.assertNotNull(x509Certificates);
        wSSecEncrypt.setUseThisPublicKey(x509Certificates[0].getPublicKey());
        Document build = wSSecEncrypt.build(this.crypto, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey());
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertFalse(prettyDocumentToString.contains("counter_port_type"));
        Assertions.assertNotNull(((WSSecurityEngineResult) ((List) new WSSecurityEngine().processSecurityHeader(build, (String) null, this.keystoreCallbackHandler, this.crypto).getActionResults().get(4)).get(0)).get("public-key"));
    }

    @Test
    public void testEncryptionEncryption() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Crypto cryptoFactory = CryptoFactory.getInstance();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
        LOG.info("Before Encryption....");
        SecretKey generateKey = KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey();
        Document build = wSSecEncrypt.build(cryptoFactory, generateKey);
        if (LOG.isDebugEnabled()) {
            LOG.debug("After the first encryption:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        Document build2 = wSSecEncrypt.build(cryptoFactory, generateKey);
        if (LOG.isDebugEnabled()) {
            LOG.debug("After the second encryption:");
            LOG.debug(XMLUtils.prettyDocumentToString(build2));
        }
        LOG.info("After Encryption....");
        verify(build2, cryptoFactory, this.keystoreCallbackHandler);
    }

    @Test
    public void testX509EncryptionThumb() throws Exception {
        Crypto cryptoFactory = CryptoFactory.getInstance();
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        wSSecEncrypt.setKeyIdentifierType(8);
        LOG.info("Before Encrypting ThumbprintSHA1....");
        Document build = wSSecEncrypt.build(cryptoFactory, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey());
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message with THUMBPRINT_IDENTIFIER:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("#ThumbprintSHA1"));
        LOG.info("After Encrypting ThumbprintSHA1....");
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) verify(build, cryptoFactory, this.keystoreCallbackHandler).getActionResults().get(4)).get(0);
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-certificate"));
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-reference-type"));
        Assertions.assertTrue(((STRParser.REFERENCE_TYPE) wSSecurityEngineResult.get("x509-reference-type")) == STRParser.REFERENCE_TYPE.THUMBPRINT_SHA1);
    }

    @Test
    public void testX509EncryptionSHA1() throws Exception {
        Crypto cryptoFactory = CryptoFactory.getInstance();
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        wSSecEncrypt.setKeyIdentifierType(10);
        LOG.info("Before Encrypting EncryptedKeySHA1....");
        Document build = wSSecEncrypt.build(cryptoFactory, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey());
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("#EncryptedKeySHA1"));
        LOG.info("After Encrypting EncryptedKeySHA1....");
        verify(build, cryptoFactory, this.keystoreCallbackHandler);
    }

    @Test
    public void testEncryptionSHA1Symmetric() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setKeyIdentifierType(10);
        wSSecEncrypt.setEncryptSymmKey(false);
        LOG.info("Before Encrypting EncryptedKeySHA1....");
        Document build = wSSecEncrypt.build(this.crypto, this.key);
        this.secretKeyCallbackHandler.addSecretKey(org.apache.xml.security.utils.XMLUtils.encodeToString(KeyUtils.generateDigest(this.keyData)), this.keyData);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message with ENCRYPTED_KEY_SHA1_IDENTIFIER:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("#EncryptedKeySHA1"));
        LOG.info("After Encrypting EncryptedKeySHA1....");
        verify(build, (Crypto) null, this.secretKeyCallbackHandler);
    }

    @Test
    public void testEncryptionSHA1SymmetricBytesHandler() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        TreeMap treeMap = new TreeMap();
        treeMap.put("encryptSymmetricEncryptionKey", "false");
        treeMap.put("encryptionKeyIdentifier", "EncryptedKeySHA1");
        this.secretKeyCallbackHandler.setOutboundSecret(this.keyData);
        treeMap.put("passwordCallbackRef", this.secretKeyCallbackHandler);
        requestData.setMsgContext(treeMap);
        requestData.setUsername("");
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        new CustomHandler().send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(4)), true);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(sOAPPart);
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        verify(sOAPPart, (Crypto) null, this.secretKeyCallbackHandler);
    }

    @Test
    public void testEncryptionDecryptionRSA15STR() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(1);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        LOG.info("Before Encryption Triple DES....");
        SecretKey generateKey = KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#tripledes-cbc").generateKey();
        wSSecEncrypt.prepare(this.crypto, generateKey);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(sOAPPart.getDocumentElement());
        wSSecEncrypt.getParts().add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        wSSecEncrypt.addExternalRefElement(wSSecEncrypt.encrypt(generateKey));
        wSSecEncrypt.prependToHeader();
        wSSecEncrypt.prependBSTElementToHeader();
        LOG.info("After Encryption Triple DES....");
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(sOAPPart);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message, RSA-15 keytransport, 3DES:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertFalse(prettyDocumentToString.contains("counter_port_type"));
        WSHandlerResult verify = verify(sOAPPart, this.crypto, this.keystoreCallbackHandler);
        Assertions.assertTrue(XMLUtils.prettyDocumentToString(sOAPPart).contains("counter_port_type"));
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) verify.getActionResults().get(4)).get(0);
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-certificate"));
        Assertions.assertNotNull(wSSecurityEngineResult.get("x509-reference-type"));
        Assertions.assertTrue(((STRParser.REFERENCE_TYPE) wSSecurityEngineResult.get("x509-reference-type")) == STRParser.REFERENCE_TYPE.DIRECT_REF);
    }

    @Test
    public void testBadAttribute() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(1);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        SecretKey generateKey = KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#tripledes-cbc").generateKey();
        wSSecEncrypt.prepare(this.crypto, generateKey);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(sOAPPart.getDocumentElement());
        new ArrayList().add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        wSSecEncrypt.addExternalRefElement(wSSecEncrypt.encrypt(generateKey));
        Element encryptedKeyElement = wSSecEncrypt.getEncryptedKeyElement();
        encryptedKeyElement.setAttributeNS(null, "Type", "SomeType");
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), encryptedKeyElement);
        wSSecEncrypt.prependBSTElementToHeader();
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(sOAPPart);
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, this.keystoreCallbackHandler, this.crypto);
            Assertions.fail("Failure expected on a bad attribute type");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.keystoreCallbackHandler);
        requestData.setDecCrypto(this.crypto);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3209));
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testEmbeddedEncryptedKey() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyIdentifierType(4);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        SecretKey generateKey = KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey();
        wSSecEncrypt.prepare(this.crypto, generateKey);
        wSSecEncrypt.setEmbedEncryptedKey(true);
        SOAPConstants sOAPConstants = WSSecurityUtil.getSOAPConstants(sOAPPart.getDocumentElement());
        new ArrayList().add(new WSEncryptionPart(sOAPConstants.getBodyQName().getLocalPart(), sOAPConstants.getEnvelopeURI(), "Content"));
        wSSecEncrypt.encrypt(generateKey);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(sOAPPart);
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        verify(sOAPPart, this.crypto, this.keystoreCallbackHandler);
    }

    @Test
    public void testEncryptionDecryptionOAEPSHA256() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("wss40");
        wSSecEncrypt.setKeyEncAlgo("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        wSSecEncrypt.setDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
        LOG.info("Before Encryption Triple DES/RSA-OAEP....");
        Document build = wSSecEncrypt.build(this.crypto, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey());
        LOG.info("After Encryption Triple DES/RSA-OAEP....");
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message, RSA-OAEP keytransport, 3DES:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertFalse(prettyDocumentToString.contains("counter_port_type"));
        Assertions.assertNotNull((WSSecurityEngineResult) ((List) new WSSecurityEngine().processSecurityHeader(build, (String) null, this.keystoreCallbackHandler, this.crypto).getActionResults().get(4)).get(0));
    }

    @Test
    public void testEncryptionWithRegexpCert() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("regexp");
        wSSecEncrypt.setKeyIdentifierType(2);
        wSSecEncrypt.setKeyEncAlgo("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        LOG.info("Before Encryption Triple DES/RSA-OAEP....");
        Crypto cryptoFactory = CryptoFactory.getInstance("regexp.properties");
        Document build = wSSecEncrypt.build(cryptoFactory, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey());
        LOG.info("After Encryption Triple DES/RSA-OAEP....");
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Encrypted message, RSA-OAEP keytransport, 3DES:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertFalse(prettyDocumentToString.contains("counter_port_type"));
        new WSSecurityEngine().processSecurityHeader(build, (String) null, this.keystoreCallbackHandler, cryptoFactory);
    }

    private WSHandlerResult verify(Document document, Crypto crypto, CallbackHandler callbackHandler) throws Exception {
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, callbackHandler, crypto);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(document));
        }
        return processSecurityHeader;
    }

    private WSHandlerResult verify(Document document, CallbackHandler callbackHandler, QName qName) throws Exception {
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, callbackHandler, (Crypto) null, this.crypto);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(document);
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.indexOf("counter_port_type") > 0);
        boolean z = false;
        for (WSSecurityEngineResult wSSecurityEngineResult : processSecurityHeader.getResults()) {
            Integer num = (Integer) wSSecurityEngineResult.get("action");
            Assertions.assertNotNull(num);
            if ((num.intValue() & 4) != 0) {
                List<WSDataRef> list = (List) wSSecurityEngineResult.get("data-ref-uris");
                Assertions.assertNotNull(list);
                z = true;
                for (WSDataRef wSDataRef : list) {
                    Assertions.assertNotNull(wSDataRef.getName());
                    Assertions.assertEquals(qName, wSDataRef.getName());
                    Assertions.assertNotNull(wSDataRef.getProtectedElement());
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("WSDataRef element: ");
                        LOG.debug(DOM2Writer.nodeToString(wSDataRef.getProtectedElement()));
                    }
                }
            }
        }
        Assertions.assertTrue(z);
        return processSecurityHeader;
    }
}
