package org.apache.xml.security.test.dom.encryption;

import java.io.File;
import java.io.FileInputStream;
import java.lang.reflect.Constructor;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.test.dom.DSNamespaceContext;
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.XMLUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.class */
public class XMLEncryption11Test extends Assert {
    private static String cardNumber;
    private boolean haveISOPadding;
    private static int nodeCount = 0;
    static Logger log = LoggerFactory.getLogger(XMLEncryption11Test.class);

    public XMLEncryption11Test() throws Exception {
        if (Security.getProvider("BC") == null) {
            Constructor<?> constructor = null;
            try {
                constructor = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").getConstructor(new Class[0]);
            } catch (Exception e) {
            }
            if (constructor != null) {
                Security.insertProviderAt((Provider) constructor.newInstance(new Object[0]), 2);
            }
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/plaintext.xml";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        Document parse = XMLUtils.createDocumentBuilder(false).parse(new FileInputStream(new File(str)));
        cardNumber = retrieveCCNumber(parse);
        nodeCount = countNodes(parse);
        Init.init();
        this.haveISOPadding = false;
        String translateURItoJCEID = JCEMapper.translateURItoJCEID("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        if (translateURItoJCEID != null) {
            try {
                if (Cipher.getInstance(translateURItoJCEID) != null) {
                    this.haveISOPadding = true;
                }
            } catch (NoSuchAlgorithmException e2) {
            } catch (NoSuchPaddingException e3) {
            }
        }
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Security.removeProvider("BC");
    }

    @Test
    public void testKeyWrappingRSA2048() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA2048 as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-2048_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("src/test/resources/org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-2048__aes128-gcm__rsa-oaep-mgf1p.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey(), (X509Certificate) keyStore.getCertificate("importkey")), true);
    }

    @Test
    public void testKeyWrappingRSA2048EncryptDecrypt() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA2048 as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-2048_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        Certificate certificate = keyStore.getCertificate("importkey");
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey();
        String str2 = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/plaintext.xml";
        if (property != null && !"".equals(property)) {
            str2 = property + "/" + str2;
        }
        Document parse = XMLUtils.createDocumentBuilder(false).parse(new FileInputStream(new File(str2)));
        Key sessionKey = getSessionKey("http://www.w3.org/2009/xmlenc11#aes128-gcm");
        checkDecryptedDoc(decryptElement(encryptDocument(parse, createEncryptedKey(parse, (X509Certificate) certificate, sessionKey, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2000/09/xmldsig#sha1", null, null), sessionKey, "http://www.w3.org/2009/xmlenc11#aes128-gcm"), privateKey, (X509Certificate) certificate), true);
    }

    @Test
    public void testKeyWrappingRSA3072() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA3072 as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("src/test/resources/org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-3072__aes192-gcm__rsa-oaep-mgf1p__Sha256.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey(), (X509Certificate) keyStore.getCertificate("importkey")), true);
    }

    @Test
    public void testKeyWrappingRSA3072EncryptDecrypt() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA3072 as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        Certificate certificate = keyStore.getCertificate("importkey");
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey();
        String str2 = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/plaintext.xml";
        if (property != null && !"".equals(property)) {
            str2 = property + "/" + str2;
        }
        Document parse = XMLUtils.createDocumentBuilder(false).parse(new FileInputStream(new File(str2)));
        Key sessionKey = getSessionKey("http://www.w3.org/2009/xmlenc11#aes192-gcm");
        checkDecryptedDoc(decryptElement(encryptDocument(parse, createEncryptedKey(parse, (X509Certificate) certificate, sessionKey, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2001/04/xmlenc#sha256", null, null), sessionKey, "http://www.w3.org/2009/xmlenc11#aes192-gcm"), privateKey, (X509Certificate) certificate), true);
    }

    @Test
    public void testKeyWrappingRSA3072OAEP() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA307OAEP as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("src/test/resources/org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-3072__aes256-gcm__rsa-oaep__Sha384-MGF_Sha1.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey(), (X509Certificate) keyStore.getCertificate("importkey")), true);
    }

    @Test
    public void testKeyWrappingRSA3072OAEPEncryptDecrypt() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA2048 as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        Certificate certificate = keyStore.getCertificate("importkey");
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey();
        String str2 = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/plaintext.xml";
        if (property != null && !"".equals(property)) {
            str2 = property + "/" + str2;
        }
        Document parse = XMLUtils.createDocumentBuilder(false).parse(new FileInputStream(new File(str2)));
        Key sessionKey = getSessionKey("http://www.w3.org/2009/xmlenc11#aes256-gcm");
        checkDecryptedDoc(decryptElement(encryptDocument(parse, createEncryptedKey(parse, (X509Certificate) certificate, sessionKey, "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2009/xmlenc11#mgf1sha1", null), sessionKey, "http://www.w3.org/2009/xmlenc11#aes256-gcm"), privateKey, (X509Certificate) certificate), true);
    }

    @Test
    public void testKeyWrappingRSA4096() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA4096 as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-4096_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("src/test/resources/org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-4096__aes256-gcm__rsa-oaep__Sha512-MGF_Sha1_PSource.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey(), (X509Certificate) keyStore.getCertificate("importkey")), true);
    }

    @Test
    public void testKeyWrappingRSA4096EncryptDecrypt() throws Exception {
        if (!this.haveISOPadding) {
            log.warn("Skipping testRSA2048 as necessary crypto algorithms are not available");
            return;
        }
        String str = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/RSA-4096_SHA256WithRSA.jks";
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(str), "passwd".toCharArray());
        Certificate certificate = keyStore.getCertificate("importkey");
        PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey();
        String str2 = "src/test/resources/org/w3c/www/interop/xmlenc-core-11/plaintext.xml";
        if (property != null && !"".equals(property)) {
            str2 = property + "/" + str2;
        }
        Document parse = XMLUtils.createDocumentBuilder(false).parse(new FileInputStream(new File(str2)));
        Key sessionKey = getSessionKey("http://www.w3.org/2009/xmlenc11#aes256-gcm");
        checkDecryptedDoc(decryptElement(encryptDocument(parse, createEncryptedKey(parse, (X509Certificate) certificate, sessionKey, "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2009/xmlenc11#mgf1sha1", Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8"))), sessionKey, "http://www.w3.org/2009/xmlenc11#aes256-gcm"), privateKey, (X509Certificate) certificate), true);
    }

    private Document decryptElement(String str, Key key, X509Certificate x509Certificate) throws Exception {
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        return decryptElement(XMLUtils.createDocumentBuilder(false).parse(new FileInputStream(new File(str))), key, x509Certificate);
    }

    private Document decryptElement(Document document, Key key, X509Certificate x509Certificate) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance();
        Element element = (Element) document.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
        xMLCipher.init(2, (Key) null);
        EncryptedData loadEncryptedData = xMLCipher.loadEncryptedData(document, element);
        EncryptedKey itemEncryptedKey = loadEncryptedData.getKeyInfo().itemEncryptedKey(0);
        assertTrue(x509Certificate.equals(itemEncryptedKey.getKeyInfo().itemX509Data(0).itemCertificate(0).getX509Certificate()));
        XMLCipher xMLCipher2 = XMLCipher.getInstance();
        xMLCipher2.init(4, key);
        xMLCipher.init(2, xMLCipher2.decryptKey(itemEncryptedKey, loadEncryptedData.getEncryptionMethod().getAlgorithm()));
        return xMLCipher.doFinal(document, element);
    }

    private EncryptedKey createEncryptedKey(Document document, X509Certificate x509Certificate, Key key, String str, String str2, String str3, byte[] bArr) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance(str, (String) null, str2);
        xMLCipher.init(3, x509Certificate.getPublicKey());
        EncryptedKey encryptKey = xMLCipher.encryptKey(document, key, str3, bArr);
        KeyInfo keyInfo = encryptKey.getKeyInfo();
        if (keyInfo == null) {
            keyInfo = new KeyInfo(document);
            encryptKey.setKeyInfo(keyInfo);
        }
        X509Data x509Data = new X509Data(document);
        x509Data.addCertificate(x509Certificate);
        keyInfo.add(x509Data);
        return encryptKey;
    }

    private Key getSessionKey(String str) throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        if (str.contains("128")) {
            keyGenerator.init(128);
        } else if (str.contains("192")) {
            keyGenerator.init(192);
        } else if (str.contains("256")) {
            keyGenerator.init(256);
        }
        return keyGenerator.generateKey();
    }

    private Document encryptDocument(Document document, EncryptedKey encryptedKey, Key key, String str) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance(str);
        xMLCipher.init(1, key);
        EncryptedData encryptedData = xMLCipher.getEncryptedData();
        KeyInfo keyInfo = encryptedData.getKeyInfo();
        if (keyInfo == null) {
            keyInfo = new KeyInfo(document);
            encryptedData.setKeyInfo(keyInfo);
        }
        keyInfo.add(encryptedKey);
        return xMLCipher.doFinal(document, document.getDocumentElement());
    }

    private static int countNodes(Node node) {
        if (node == null) {
            return 0;
        }
        int i = 1;
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return i;
            }
            i += countNodes(node2);
            firstChild = node2.getNextSibling();
        }
    }

    private static String retrieveCCNumber(Document document) throws TransformerException, XPathExpressionException {
        XPath newXPath = XPathFactory.newInstance().newXPath();
        HashMap hashMap = new HashMap();
        hashMap.put("x", "urn:example:po");
        newXPath.setNamespaceContext(new DSNamespaceContext(hashMap));
        Node node = (Node) newXPath.evaluate("//x:Number/text()", document, XPathConstants.NODE);
        if (node != null) {
            return node.getNodeValue();
        }
        return null;
    }

    private void checkDecryptedDoc(Document document, boolean z) throws Exception {
        String retrieveCCNumber = retrieveCCNumber(document);
        log.debug("Retrieved Credit Card : " + retrieveCCNumber);
        assertTrue(retrieveCCNumber, retrieveCCNumber != null && retrieveCCNumber.equals(cardNumber));
        if (z) {
            int countNodes = countNodes(document);
            assertTrue("Node count mismatches", countNodes > 0 && countNodes == nodeCount);
        }
    }
}
