package org.apache.wss4j.stax.test;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.util.Map;
import java.util.Properties;
import javax.xml.stream.XMLStreamException;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPathConstants;
import org.apache.commons.compress.compressors.xz.XZCompressorInputStream;
import org.apache.commons.compress.compressors.xz.XZCompressorOutputStream;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.InboundWSSec;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.xml.security.stax.config.Init;
import org.apache.xml.security.stax.config.TransformerAlgorithmMapper;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/stax/test/VulnerabliltyVectorsTest.class */
public class VulnerabliltyVectorsTest extends AbstractTestBase {
    @Test
    public void testRecursiveKeyReferencesDOS() throws Exception {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature Encrypt", properties);
        Element element = (Element) getXPath("/soap:Envelope/soap:Header/wsse:Security/xenc:EncryptedKey").evaluate(doOutboundSecurityWithWSS4J, XPathConstants.NODE);
        element.removeAttribute("Id");
        element.setAttributeNS(null, "Id", "G2");
        Element element2 = (Element) getXPath(".//dsig:X509Data").evaluate(element, XPathConstants.NODE);
        Element element3 = (Element) element2.getParentNode();
        element3.removeChild(element2);
        Element createElementNS = doOutboundSecurityWithWSS4J.createElementNS(WSSConstants.TAG_wsse_Reference.getNamespaceURI(), WSSConstants.TAG_wsse_Reference.getLocalPart());
        createElementNS.setAttributeNS(null, "URI", "#G1");
        element3.appendChild(createElementNS);
        Element element4 = (Element) element.cloneNode(true);
        element4.removeAttribute("Id");
        element4.setAttributeNS(null, "Id", "G1");
        Element element5 = (Element) getXPath(".//wsse:Reference").evaluate(element4, XPathConstants.NODE);
        element5.removeAttribute("URI");
        element5.setAttributeNS(null, "URI", "#G2");
        ((Element) element.getParentNode()).insertBefore(element4, element);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        try {
            doInboundSecurity(wSSSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
            Assert.fail("Expected XMLStreamException");
        } catch (XMLStreamException e) {
            WSSecurityException cause = e.getCause();
            Assert.assertNotNull(cause);
            Assert.assertTrue(cause instanceof WSSecurityException);
            Assert.assertEquals(cause.getMessage(), "Recursive key reference detected.");
            Assert.assertEquals(cause.getFaultCode(), WSSecurityException.FAILED_CHECK);
        }
    }

    @Test
    public void test_publicURIReferenceDOS() throws Exception {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
        properties.setProperty("encryptionSymAlgorithm", "http://www.w3.org/2001/04/xmlenc#aes256-cbc");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature Encrypt", properties);
        ((Attr) getXPath("//@URI").evaluate(doOutboundSecurityWithWSS4J, XPathConstants.NODE)).setNodeValue("http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.23.tar.gz");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.addIgnoreBSPRule(BSPRule.R3006);
        try {
            doInboundSecurity(wSSSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
            Assert.fail("Expected XMLStreamException");
        } catch (XMLStreamException e) {
            WSSecurityException cause = e.getCause();
            Assert.assertNotNull(cause);
            Assert.assertTrue(cause instanceof WSSecurityException);
            Assert.assertTrue(cause.getMessage().contains("Invalid digest of reference "));
            Assert.assertEquals(cause.getFaultCode(), WSSecurityException.FAILED_CHECK);
        }
    }

    @Test
    public void testTransformationCodeInjection() throws Exception {
    }

    @Test
    public void testReplayAttackInbound() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature", properties);
        Assert.assertEquals(doOutboundSecurityWithWSS4J.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()).item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        InboundWSSec inboundWSSec = WSSec.getInboundWSSec(wSSSecurityProperties);
        StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), inboundWSSec.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), inboundWSSec.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("Expected XMLStreamException");
        } catch (XMLStreamException e) {
            Assert.assertEquals(e.getMessage(), "org.apache.wss4j.common.ext.WSSecurityException: The message has expired");
            Assert.assertEquals(e.getCause().getFaultCode(), WSSecurityException.MESSAGE_EXPIRED);
        }
    }

    @Test
    public void testMaximumAllowedReferencesPerManifest() throws Exception {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://www.w3.org/1999/XMLSchema}complexType;{Element}{http://www.w3.org/1999/XMLSchema}simpleType;");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature Encrypt", properties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        try {
            doInboundSecurity(wSSSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
            Assert.fail("Expected XMLStreamException");
        } catch (XMLStreamException e) {
            Assert.assertTrue(e.getCause() instanceof WSSecurityException);
            Assert.assertEquals(e.getCause().getMessage(), "43 references are contained in the Manifest, maximum 30 are allowed. You can raise the maximum via the \"MaximumAllowedReferencesPerManifest\" property in the configuration.");
            Assert.assertEquals(e.getCause().getFaultCode(), WSSecurityException.INVALID_SECURITY);
        }
    }

    @Test
    public void testMaximumAllowedTransformsPerReference() throws Exception {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature Encrypt", properties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        int i = 0;
        try {
            try {
                Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI());
                i = changeValueOfMaximumAllowedTransformsPerReference(0);
                doInboundSecurity(wSSSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
                Assert.fail("Expected XMLStreamException");
                changeValueOfMaximumAllowedTransformsPerReference(Integer.valueOf(i));
            } catch (XMLStreamException e) {
                Assert.assertTrue(e.getCause() instanceof WSSecurityException);
                Assert.assertEquals(e.getCause().getMessage(), "1 transforms are contained in the Reference, maximum 0 are allowed. You can raise the maximum via the \"MaximumAllowedTransformsPerReference\" property in the configuration.");
                Assert.assertEquals(e.getCause().getFaultCode(), WSSecurityException.INVALID_SECURITY);
                changeValueOfMaximumAllowedTransformsPerReference(Integer.valueOf(i));
            }
        } catch (Throwable th) {
            changeValueOfMaximumAllowedTransformsPerReference(Integer.valueOf(i));
            throw th;
        }
    }

    @Test
    public void testDisallowMD5Algorithm() throws Exception {
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.setEncryptionUser("receiver");
        wSSSecurityProperties.loadEncryptionKeystore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setSignatureUser("transmitter");
        wSSSecurityProperties.loadSignatureKeyStore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
        wSSSecurityProperties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT});
        ByteArrayOutputStream doOutboundSecurity = doOutboundSecurity(wSSSecurityProperties, getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
        WSSSecurityProperties wSSSecurityProperties2 = new WSSSecurityProperties();
        wSSSecurityProperties2.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties2.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.addIgnoreBSPRule(BSPRule.R5421);
        try {
            doInboundSecurity(wSSSecurityProperties2, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(doOutboundSecurity.toByteArray())));
            Assert.fail("Expected XMLStreamException");
        } catch (XMLStreamException e) {
            Assert.assertTrue(e.getCause() instanceof WSSecurityException);
            Assert.assertEquals(e.getCause().getMessage(), "The use of MD5 algorithm is strongly discouraged. Nonetheless can it be enabled via the \"AllowMD5Algorithm\" property in the configuration.");
            Assert.assertEquals(e.getCause().getFaultCode(), WSSecurityException.FAILED_CHECK);
        }
    }

    @Test
    public void testAllowMD5Algorithm() throws Exception {
        if (getJavaSpecificationVersion().doubleValue() >= 1.7d) {
            System.out.println("testAllowMD5Algorithm skipped");
            return;
        }
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.setEncryptionUser("receiver");
        wSSSecurityProperties.loadEncryptionKeystore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setSignatureUser("transmitter");
        wSSSecurityProperties.loadSignatureKeyStore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-md5");
        wSSSecurityProperties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT});
        ByteArrayOutputStream doOutboundSecurity = doOutboundSecurity(wSSSecurityProperties, getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
        WSSSecurityProperties wSSSecurityProperties2 = new WSSSecurityProperties();
        wSSSecurityProperties2.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties2.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.addIgnoreBSPRule(BSPRule.R5421);
        try {
            Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI());
            switchAllowMD5Algorithm(true);
            Assert.assertNotNull(doInboundSecurity(wSSSecurityProperties2, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(doOutboundSecurity.toByteArray()))));
            switchAllowMD5Algorithm(false);
        } catch (Throwable th) {
            switchAllowMD5Algorithm(false);
            throw th;
        }
    }

    @Test
    public void testMaximumAllowedXMLStructureDepth() throws Exception {
        if (getJavaSpecificationVersion().doubleValue() >= 1.7d) {
            System.out.println("testAllowMD5Algorithm skipped");
            return;
        }
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature", properties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        int i = 0;
        try {
            try {
                Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI());
                i = changeValueOfMaximumAllowedXMLStructureDepth(10);
                doInboundSecurity(wSSSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
                Assert.fail("Expected XMLStreamException");
                changeValueOfMaximumAllowedXMLStructureDepth(Integer.valueOf(i));
            } catch (XMLStreamException e) {
                Assert.assertEquals(e.getCause().getMessage(), "Maximum depth (10) of the XML structure reached. You can raise the maximum via the \"MaximumAllowedXMLStructureDepth\" property in the configuration.");
                changeValueOfMaximumAllowedXMLStructureDepth(Integer.valueOf(i));
            }
        } catch (Throwable th) {
            changeValueOfMaximumAllowedXMLStructureDepth(Integer.valueOf(i));
            throw th;
        }
    }

    @Test
    public void testMaximumAllowedXMLStructureDepthInEncryptedContent() throws Exception {
        if (getJavaSpecificationVersion().doubleValue() >= 1.7d) {
            System.out.println("testAllowMD5Algorithm skipped");
            return;
        }
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature Encrypt", properties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        int i = 0;
        try {
            try {
                Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI());
                i = changeValueOfMaximumAllowedXMLStructureDepth(10);
                doInboundSecurity(wSSSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
                Assert.fail("Expected XMLStreamException");
                changeValueOfMaximumAllowedXMLStructureDepth(Integer.valueOf(i));
            } catch (XMLStreamException e) {
                Assert.assertTrue(e.getCause() instanceof WSSecurityException);
                Assert.assertEquals(e.getCause().getMessage(), "Maximum depth (10) of the XML structure reached. You can raise the maximum via the \"MaximumAllowedXMLStructureDepth\" property in the configuration.");
                Assert.assertEquals(e.getCause().getFaultCode(), WSSecurityException.FAILED_CHECK);
                changeValueOfMaximumAllowedXMLStructureDepth(Integer.valueOf(i));
            }
        } catch (Throwable th) {
            changeValueOfMaximumAllowedXMLStructureDepth(Integer.valueOf(i));
            throw th;
        }
    }

    @Test
    public void testMaximumAllowedDecompressedBytes() throws Exception {
        long j = 0;
        try {
            try {
                Init.init(WSSec.class.getClassLoader().getResource("wss/wss-config.xml").toURI());
                Field declaredField = TransformerAlgorithmMapper.class.getDeclaredField("algorithmsClassMapOut");
                declaredField.setAccessible(true);
                ((Map) declaredField.get(null)).put("http://www.apache.org/2012/04/xmlsec/xz", XZCompressorOutputStream.class);
                Field declaredField2 = TransformerAlgorithmMapper.class.getDeclaredField("algorithmsClassMapIn");
                declaredField2.setAccessible(true);
                ((Map) declaredField2.get(null)).put("http://www.apache.org/2012/04/xmlsec/xz", XZCompressorInputStream.class);
                j = changeValueOfMaximumAllowedDecompressedBytes(101L);
                WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
                wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
                wSSSecurityProperties.setEncryptionUser("receiver");
                wSSSecurityProperties.loadEncryptionKeystore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
                wSSSecurityProperties.setSignatureUser("transmitter");
                wSSSecurityProperties.loadSignatureKeyStore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
                wSSSecurityProperties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT});
                wSSSecurityProperties.setEncryptionCompressionAlgorithm("http://www.apache.org/2012/04/xmlsec/xz");
                ByteArrayOutputStream doOutboundSecurity = doOutboundSecurity(wSSSecurityProperties, getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
                WSSSecurityProperties wSSSecurityProperties2 = new WSSSecurityProperties();
                wSSSecurityProperties2.setCallbackHandler(new CallbackHandlerImpl());
                wSSSecurityProperties2.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
                wSSSecurityProperties2.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
                doInboundSecurity(wSSSecurityProperties2, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(doOutboundSecurity.toByteArray())));
                Assert.fail("Expected XMLStreamException");
                changeValueOfMaximumAllowedDecompressedBytes(Long.valueOf(j));
            } catch (XMLStreamException e) {
                Assert.assertTrue(e.getCause() instanceof IOException);
                Assert.assertEquals(e.getCause().getMessage(), "Maximum byte count (101) reached.");
                changeValueOfMaximumAllowedDecompressedBytes(Long.valueOf(j));
            }
        } catch (Throwable th) {
            changeValueOfMaximumAllowedDecompressedBytes(Long.valueOf(j));
            throw th;
        }
    }

    @Test
    public void testModifiedEncryptedKeyCipherValue() throws Exception {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.setProperty("signatureParts", "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "Timestamp Signature Encrypt", properties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Element element = (Element) doOutboundSecurityWithWSS4J.getElementsByTagNameNS(WSSConstants.TAG_xenc_CipherValue.getNamespaceURI(), WSSConstants.TAG_xenc_CipherValue.getLocalPart()).item(0);
        Assert.assertEquals(element.getParentNode().getParentNode().getLocalName(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart());
        StringBuilder sb = new StringBuilder(element.getTextContent());
        int length = sb.length() / 2;
        sb.setCharAt(length, sb.charAt(length) != 'A' ? 'A' : 'B');
        element.setTextContent(sb.toString());
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        try {
            doInboundSecurity(wSSSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
            Assert.fail("Expected XMLStreamException");
        } catch (XMLStreamException e) {
            Assert.assertFalse(e.getMessage().contains("data hash wrong"));
        }
    }

    @Test
    public void testDisallowRSA15Algorithm() throws Exception {
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties.setEncryptionUser("receiver");
        wSSSecurityProperties.loadEncryptionKeystore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setSignatureUser("transmitter");
        wSSSecurityProperties.loadSignatureKeyStore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        wSSSecurityProperties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT});
        ByteArrayOutputStream doOutboundSecurity = doOutboundSecurity(wSSSecurityProperties, getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
        WSSSecurityProperties wSSSecurityProperties2 = new WSSSecurityProperties();
        wSSSecurityProperties2.setCallbackHandler(new CallbackHandlerImpl());
        wSSSecurityProperties2.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.addIgnoreBSPRule(BSPRule.R5421);
        try {
            doInboundSecurity(wSSSecurityProperties2, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(doOutboundSecurity.toByteArray())));
            Assert.fail("Expected XMLStreamException");
        } catch (XMLStreamException e) {
            Assert.assertTrue(e.getCause() instanceof WSSecurityException);
            Assert.assertEquals(e.getCause().getMessage(), "The use of RSAv1.5 key transport algorithm is discouraged. Nonetheless can it be enabled via the \"AllowRSA15KeyTransportAlgorithm\" property in the configuration.");
            Assert.assertEquals(e.getCause().getFaultCode(), WSSecurityException.FAILED_CHECK);
        }
    }
}
