package org.apache.wss4j.stax.test;

import java.io.ByteArrayInputStream;
import java.util.ArrayList;
import javax.xml.xpath.XPathConstants;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/wss4j/stax/test/EncryptionCRLTest.class */
public class EncryptionCRLTest extends AbstractTestBase {
    @Test
    public void testEncryptionWithOutRevocationCheck() throws Exception {
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(WSSConstants.ENCRYPT);
        wSSSecurityProperties.setActions(arrayList);
        wSSSecurityProperties.loadEncryptionKeystore(getClass().getClassLoader().getResource("wss40rev.jks"), "security".toCharArray());
        wSSSecurityProperties.setEncryptionUser("wss40rev");
        wSSSecurityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
        Document parse = this.documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(doOutboundSecurity(wSSSecurityProperties, getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")).toByteArray()));
        Assert.assertEquals(parse.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedKey.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedKey.getLocalPart()).item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
        Assert.assertNotNull((Node) getXPath("/soap:Envelope/soap:Header/wsse:Security/xenc:EncryptedKey/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p']").evaluate(parse, XPathConstants.NODE));
        Assert.assertEquals(parse.getElementsByTagNameNS(WSSConstants.TAG_xenc_DataReference.getNamespaceURI(), WSSConstants.TAG_xenc_DataReference.getLocalPart()).getLength(), 1L);
        NodeList elementsByTagNameNS = parse.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
        Assert.assertEquals(elementsByTagNameNS.getLength(), 1L);
        Node node = (Node) getXPath("/soap:Envelope/soap:Body/xenc:EncryptedData/xenc:EncryptionMethod[@Algorithm='http://www.w3.org/2001/04/xmlenc#aes256-cbc']").evaluate(parse, XPathConstants.NODE);
        Assert.assertNotNull(node);
        Assert.assertEquals(node.getParentNode().getParentNode().getLocalName(), "Body");
        NodeList childNodes = node.getParentNode().getParentNode().getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 3) {
                Assert.assertEquals(item.getTextContent().trim(), "");
            } else if (item.getNodeType() == 1) {
                Assert.assertEquals(item, elementsByTagNameNS.item(0));
            } else {
                Assert.fail("Unexpected Node encountered");
            }
        }
    }

    @Test
    public void testEncryptionWithRevocationCheck() throws Exception {
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(WSSConstants.ENCRYPT);
        wSSSecurityProperties.setEnableRevocation(true);
        wSSSecurityProperties.setActions(arrayList);
        wSSSecurityProperties.loadEncryptionKeystore(getClass().getClassLoader().getResource("wss40rev.jks"), "security".toCharArray());
        wSSSecurityProperties.setEncryptionUser("wss40rev");
        wSSSecurityProperties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
        wSSSecurityProperties.loadCRLCertStore(getClass().getClassLoader().getResource("wss40CACRL.pem"));
        try {
            doOutboundSecurity(wSSSecurityProperties, getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
            Assert.fail("Expected failure on a revocation check");
        } catch (Exception e) {
            String message = e.getMessage();
            Assert.assertTrue(message.contains("Certificate has been revoked") || message.contains("Certificate revocation") || message.contains("Error during certificate path validation"));
        }
    }
}
