package org.apache.xml.security.test.stax.encryption;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.KeyGenerator;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.TransformerException;
import javax.xml.transform.dom.DOMSource;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.stax.ext.OutboundXMLSec;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.XMLSec;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.test.dom.DSNamespaceContext;
import org.apache.xml.security.test.stax.signature.TestSecurityEventListener;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
import org.apache.xml.security.test.stax.utils.XmlReaderToWriter;
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.XMLUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/xml/security/test/stax/encryption/XMLEncryption11Test.class */
public class XMLEncryption11Test extends Assert {
    private String cardNumber;
    private int nodeCount = 0;
    private XMLInputFactory xmlInputFactory;

    @Before
    public void setUp() throws Exception {
        if (Security.getProvider("BC") == null) {
            Constructor<?> constructor = null;
            try {
                constructor = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").getConstructor(new Class[0]);
            } catch (Exception e) {
            }
            if (constructor != null) {
                Security.insertProviderAt((Provider) constructor.newInstance(new Object[0]), 2);
            }
        }
        Init.init();
        this.xmlInputFactory = XMLInputFactory.newInstance();
        this.xmlInputFactory.setEventAllocator(new XMLSecEventAllocator());
        Document parse = XMLUtils.createDocumentBuilder(false).parse(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/plaintext.xml"));
        this.cardNumber = retrieveCCNumber(parse);
        this.nodeCount = countNodes(parse);
    }

    @AfterClass
    public static void cleanup() throws Exception {
        Security.removeProvider("BC");
    }

    @Test
    public void testKeyWrappingRSA2048Outbound() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-2048_SHA256WithRSA.jks"), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-2048__aes128-gcm__rsa-oaep-mgf1p.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey()), true);
    }

    @Test
    public void testKeyWrappingRSA2048EncryptDecrypt() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-2048_SHA256WithRSA.jks"), "passwd".toCharArray());
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        checkDecryptedDoc(decryptElement(encryptDocument("org/w3c/www/interop/xmlenc-core-11/plaintext.xml", new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Element), x509Certificate.getPublicKey(), "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", null, null, keyGenerator.generateKey(), "http://www.w3.org/2009/xmlenc11#aes128-gcm", null), privateKey), true);
    }

    @Test
    public void testKeyWrappingRSA3072() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks"), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-3072__aes192-gcm__rsa-oaep-mgf1p__Sha256.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey()), true);
    }

    @Test
    public void testKeyWrappingRSA3072EncryptDecrypt() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks"), "passwd".toCharArray());
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        checkDecryptedDoc(decryptElement(encryptDocument("org/w3c/www/interop/xmlenc-core-11/plaintext.xml", new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Element), x509Certificate.getPublicKey(), "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", "http://www.w3.org/2001/04/xmlenc#sha256", null, keyGenerator.generateKey(), "http://www.w3.org/2009/xmlenc11#aes192-gcm", null), privateKey), true);
    }

    @Test
    public void testKeyWrappingRSA3072OAEP() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks"), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-3072__aes256-gcm__rsa-oaep__Sha384-MGF_Sha1.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey()), true);
    }

    @Test
    public void testKeyWrappingRSA3072OAEPEncryptDecrypt() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-3072_SHA256WithRSA.jks"), "passwd".toCharArray());
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        checkDecryptedDoc(decryptElement(encryptDocument("org/w3c/www/interop/xmlenc-core-11/plaintext.xml", new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Element), x509Certificate.getPublicKey(), "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmldsig-more#sha384", "http://www.w3.org/2009/xmlenc11#mgf1sha1", keyGenerator.generateKey(), "http://www.w3.org/2009/xmlenc11#aes256-gcm", null), privateKey), true);
    }

    @Test
    public void testKeyWrappingRSA4096() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-4096_SHA256WithRSA.jks"), "passwd".toCharArray());
        checkDecryptedDoc(decryptElement("org/w3c/www/interop/xmlenc-core-11/cipherText__RSA-4096__aes256-gcm__rsa-oaep__Sha512-MGF_Sha1_PSource.xml", ((KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()))).getPrivateKey()), true);
    }

    @Test
    public void testKeyWrappingRSA4096EncryptDecrypt() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-4096_SHA256WithRSA.jks"), "passwd".toCharArray());
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        checkDecryptedDoc(decryptElement(encryptDocument("org/w3c/www/interop/xmlenc-core-11/plaintext.xml", new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Element), x509Certificate.getPublicKey(), "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2009/xmlenc11#mgf1sha1", keyGenerator.generateKey(), "http://www.w3.org/2009/xmlenc11#aes256-gcm", Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8"))), privateKey), true);
    }

    @Test
    public void testKeyWrappingRSA4096MGFSHA512EncryptDecrypt() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-4096_SHA256WithRSA.jks"), "passwd".toCharArray());
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        checkDecryptedDoc(decryptElement(encryptDocument("org/w3c/www/interop/xmlenc-core-11/plaintext.xml", new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Element), x509Certificate.getPublicKey(), "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2009/xmlenc11#mgf1sha512", keyGenerator.generateKey(), "http://www.w3.org/2009/xmlenc11#aes256-gcm", Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8"))), privateKey), true);
    }

    @Test
    public void testAESGCMAuthentication() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResourceAsStream("org/w3c/www/interop/xmlenc-core-11/RSA-4096_SHA256WithRSA.jks"), "passwd".toCharArray());
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("importkey", new KeyStore.PasswordProtection("passwd".toCharArray()));
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        Document encryptDocument = encryptDocument("org/w3c/www/interop/xmlenc-core-11/plaintext.xml", new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Element), x509Certificate.getPublicKey(), "http://www.w3.org/2009/xmlenc11#rsa-oaep", "http://www.w3.org/2001/04/xmlenc#sha512", "http://www.w3.org/2009/xmlenc11#mgf1sha512", keyGenerator.generateKey(), "http://www.w3.org/2009/xmlenc11#aes256-gcm", Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
        Element element = (Element) encryptDocument.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "CipherValue").item(1);
        String textContent = element.getTextContent();
        element.setTextContent(textContent.substring(0, 100) + 0 + textContent.substring(100));
        try {
            decryptElementStAX(encryptDocument, privateKey);
            Assert.fail("Exception expected");
        } catch (XMLStreamException e) {
            Assert.assertTrue(e.getCause() instanceof IOException);
            Assert.assertTrue(e.getCause().getCause() instanceof BadPaddingException);
            String message = e.getCause().getCause().getMessage();
            Assert.assertTrue("mac check in GCM failed".equals(message) || "Tag mismatch!".equals(message));
        }
    }

    private Document decryptElement(String str, Key key) throws Exception {
        return decryptElement(XMLUtils.createDocumentBuilder(false).parse(getClass().getClassLoader().getResourceAsStream(str)), key);
    }

    private Document decryptElement(Document document, Key key) throws Exception {
        Document document2 = (Document) document.cloneNode(true);
        decryptElementDOM(document, key);
        return decryptElementStAX(document2, key);
    }

    private Document decryptElementStAX(Document document, Key key) throws Exception {
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        xMLSecurityProperties.setDecryptionKey(key);
        return StAX2DOM.readDoc(XMLUtils.createDocumentBuilder(false), XMLSec.getInboundWSSec(xMLSecurityProperties).processInMessage(this.xmlInputFactory.createXMLStreamReader(new DOMSource(document)), (List) null, new TestSecurityEventListener()));
    }

    private Document decryptElementDOM(Document document, Key key) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance();
        Element element = (Element) document.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
        xMLCipher.init(2, (Key) null);
        EncryptedData loadEncryptedData = xMLCipher.loadEncryptedData(document, element);
        EncryptedKey itemEncryptedKey = loadEncryptedData.getKeyInfo().itemEncryptedKey(0);
        XMLCipher xMLCipher2 = XMLCipher.getInstance();
        xMLCipher2.init(4, key);
        xMLCipher.init(2, xMLCipher2.decryptKey(itemEncryptedKey, loadEncryptedData.getEncryptionMethod().getAlgorithm()));
        return xMLCipher.doFinal(document, element);
    }

    private Document encryptDocument(String str, SecurePart securePart, Key key, String str2, String str3, String str4, Key key2, String str5, byte[] bArr) throws Exception {
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(XMLSecurityConstants.ENCRYPT);
        xMLSecurityProperties.setActions(arrayList);
        xMLSecurityProperties.setEncryptionTransportKey(key);
        xMLSecurityProperties.setEncryptionKeyTransportAlgorithm(str2);
        xMLSecurityProperties.setEncryptionKeyTransportDigestAlgorithm(str3);
        xMLSecurityProperties.setEncryptionKeyTransportMGFAlgorithm(str4);
        xMLSecurityProperties.setEncryptionKeyTransportOAEPParams(bArr);
        xMLSecurityProperties.setEncryptionKey(key2);
        xMLSecurityProperties.setEncryptionSymAlgorithm(str5);
        xMLSecurityProperties.addEncryptionPart(securePart);
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(xMLSecurityProperties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = outboundXMLSec.processOutMessage(byteArrayOutputStream, "UTF-8");
        XmlReaderToWriter.writeAll(this.xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream(str)), processOutMessage);
        processOutMessage.close();
        Document parse = XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        Assert.assertEquals(parse.getElementsByTagNameNS("urn:example:po", "PaymentInfo").getLength(), 0L);
        NodeList elementsByTagNameNS = parse.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptionMethod");
        Assert.assertEquals(2L, elementsByTagNameNS.getLength());
        Assert.assertEquals(str5, ((Element) elementsByTagNameNS.item(0)).getAttribute("Algorithm"));
        Assert.assertEquals(str2, ((Element) elementsByTagNameNS.item(1)).getAttribute("Algorithm"));
        if (str3 != null) {
            NodeList elementsByTagNameNS2 = parse.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "DigestMethod");
            Assert.assertEquals(1L, elementsByTagNameNS2.getLength());
            Assert.assertEquals(str3, ((Element) elementsByTagNameNS2.item(0)).getAttribute("Algorithm"));
        }
        if (str4 != null) {
            NodeList elementsByTagNameNS3 = parse.getElementsByTagNameNS("http://www.w3.org/2009/xmlenc11#", "MGF");
            Assert.assertEquals(1L, elementsByTagNameNS3.getLength());
            Assert.assertEquals(str4, ((Element) elementsByTagNameNS3.item(0)).getAttribute("Algorithm"));
        }
        if (bArr != null) {
            NodeList elementsByTagNameNS4 = parse.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "OAEPparams");
            Assert.assertEquals(1L, elementsByTagNameNS4.getLength());
            Assert.assertArrayEquals(bArr, Base64.decode((Element) elementsByTagNameNS4.item(0)));
        }
        return parse;
    }

    private static int countNodes(Node node) {
        if (node == null) {
            return 0;
        }
        int i = 1;
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return i;
            }
            i += countNodes(node2);
            firstChild = node2.getNextSibling();
        }
    }

    private static String retrieveCCNumber(Document document) throws TransformerException, XPathExpressionException {
        XPath newXPath = XPathFactory.newInstance().newXPath();
        HashMap hashMap = new HashMap();
        hashMap.put("x", "urn:example:po");
        newXPath.setNamespaceContext(new DSNamespaceContext(hashMap));
        Node node = (Node) newXPath.evaluate("//x:Number/text()", document, XPathConstants.NODE);
        if (node != null) {
            return node.getNodeValue();
        }
        return null;
    }

    private void checkDecryptedDoc(Document document, boolean z) throws Exception {
        String retrieveCCNumber = retrieveCCNumber(document);
        assertTrue(retrieveCCNumber, retrieveCCNumber != null && retrieveCCNumber.equals(this.cardNumber));
        if (z) {
            int countNodes = countNodes(document);
            assertTrue("Node count mismatches", countNodes > 0 && countNodes == this.nodeCount);
        }
    }
}
