package org.apache.xml.security.test.stax.signature;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.stax.ext.InboundXMLSec;
import org.apache.xml.security.stax.ext.OutboundXMLSec;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.XMLSec;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.test.stax.utils.XmlReaderToWriter;
import org.apache.xml.security.utils.XMLUtils;
import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/xml/security/test/stax/signature/SignatureEncryptionTest.class */
public class SignatureEncryptionTest extends AbstractSignatureCreationTest {
    @Test
    public void testSignatureEncryption() throws Exception {
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(XMLSecurityConstants.SIGNATURE);
        arrayList.add(XMLSecurityConstants.ENCRYPT);
        xMLSecurityProperties.setActions(arrayList);
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
        xMLSecurityProperties.setSignatureKey(keyStore.getKey("transmitter", "default".toCharArray()));
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("transmitter");
        xMLSecurityProperties.setSignatureCerts(new X509Certificate[]{x509Certificate});
        SecretKey generateDESSecretKey = generateDESSecretKey();
        xMLSecurityProperties.setEncryptionKey(generateDESSecretKey);
        xMLSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        xMLSecurityProperties.addSignaturePart(new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Element));
        xMLSecurityProperties.addEncryptionPart(new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Content));
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(xMLSecurityProperties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = outboundXMLSec.processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name());
        XmlReaderToWriter.writeAll(this.xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml")), processOutMessage);
        processOutMessage.close();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        try {
            Document read = XMLUtils.read(byteArrayInputStream, false);
            $closeResource(null, byteArrayInputStream);
            Assert.assertEquals(decryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", generateDESSecretKey, null, read).getElementsByTagNameNS("urn:example:po", "CreditCard").getLength(), 1L);
            verifyUsingDOM(read, x509Certificate, xMLSecurityProperties.getSignatureSecureParts());
            TestSecurityEventListener verifyUsingStAX = verifyUsingStAX(byteArrayOutputStream.toByteArray(), generateDESSecretKey, x509Certificate.getPublicKey());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.SignedElement).size());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.ContentEncrypted).size());
        } catch (Throwable th) {
            $closeResource(null, byteArrayInputStream);
            throw th;
        }
    }

    @Test
    public void testSignatureEncryptionSameElement() throws Exception {
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(XMLSecurityConstants.SIGNATURE);
        arrayList.add(XMLSecurityConstants.ENCRYPT);
        xMLSecurityProperties.setActions(arrayList);
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
        xMLSecurityProperties.setSignatureKey(keyStore.getKey("transmitter", "default".toCharArray()));
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("transmitter");
        xMLSecurityProperties.setSignatureCerts(new X509Certificate[]{x509Certificate});
        SecretKey generateDESSecretKey = generateDESSecretKey();
        xMLSecurityProperties.setEncryptionKey(generateDESSecretKey);
        xMLSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        xMLSecurityProperties.addSignaturePart(new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Element));
        xMLSecurityProperties.addEncryptionPart(new SecurePart(new QName("urn:example:po", "PaymentInfo"), SecurePart.Modifier.Element));
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(xMLSecurityProperties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = outboundXMLSec.processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name());
        XmlReaderToWriter.writeAll(this.xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml")), processOutMessage);
        processOutMessage.close();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        try {
            Document read = XMLUtils.read(byteArrayInputStream, false);
            $closeResource(null, byteArrayInputStream);
            Assert.assertEquals(decryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", generateDESSecretKey, null, read).getElementsByTagNameNS("urn:example:po", "CreditCard").getLength(), 1L);
            verifyUsingDOM(read, x509Certificate, xMLSecurityProperties.getSignatureSecureParts());
            TestSecurityEventListener verifyUsingStAX = verifyUsingStAX(byteArrayOutputStream.toByteArray(), generateDESSecretKey, x509Certificate.getPublicKey());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.SignedElement).size());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.EncryptedElement).size());
        } catch (Throwable th) {
            $closeResource(null, byteArrayInputStream);
            throw th;
        }
    }

    @Test
    public void testEnvelopedSignatureEncryptionElement() throws Exception {
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(XMLSecurityConstants.SIGNATURE);
        arrayList.add(XMLSecurityConstants.ENCRYPT);
        xMLSecurityProperties.setActions(arrayList);
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
        xMLSecurityProperties.setSignatureKey(keyStore.getKey("transmitter", "default".toCharArray()));
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("transmitter");
        xMLSecurityProperties.setSignatureCerts(new X509Certificate[]{x509Certificate});
        SecretKey generateDESSecretKey = generateDESSecretKey();
        xMLSecurityProperties.setEncryptionKey(generateDESSecretKey);
        xMLSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        xMLSecurityProperties.addSignaturePart(new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Content, new String[]{"http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"}, "http://www.w3.org/2000/09/xmldsig#sha1"));
        xMLSecurityProperties.addEncryptionPart(new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Element));
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(xMLSecurityProperties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = outboundXMLSec.processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name());
        XmlReaderToWriter.writeAll(this.xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml")), processOutMessage);
        processOutMessage.close();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        try {
            Document read = XMLUtils.read(byteArrayInputStream, false);
            $closeResource(null, byteArrayInputStream);
            Assert.assertEquals(decryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", generateDESSecretKey, null, read).getElementsByTagNameNS("urn:example:po", "CreditCard").getLength(), 1L);
            verifyUsingDOM(read, x509Certificate, xMLSecurityProperties.getSignatureSecureParts());
            TestSecurityEventListener verifyUsingStAX = verifyUsingStAX(byteArrayOutputStream.toByteArray(), generateDESSecretKey, x509Certificate.getPublicKey());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.SignedElement).size());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.EncryptedElement).size());
        } catch (Throwable th) {
            $closeResource(null, byteArrayInputStream);
            throw th;
        }
    }

    @Test
    public void testEnvelopedSignatureEncryptionContent() throws Exception {
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(XMLSecurityConstants.SIGNATURE);
        arrayList.add(XMLSecurityConstants.ENCRYPT);
        xMLSecurityProperties.setActions(arrayList);
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
        xMLSecurityProperties.setSignatureKey(keyStore.getKey("transmitter", "default".toCharArray()));
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("transmitter");
        xMLSecurityProperties.setSignatureCerts(new X509Certificate[]{x509Certificate});
        SecretKey generateDESSecretKey = generateDESSecretKey();
        xMLSecurityProperties.setEncryptionKey(generateDESSecretKey);
        xMLSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        xMLSecurityProperties.addSignaturePart(new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Content, new String[]{"http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"}, "http://www.w3.org/2000/09/xmldsig#sha1"));
        xMLSecurityProperties.addEncryptionPart(new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Content));
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(xMLSecurityProperties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = outboundXMLSec.processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name());
        XmlReaderToWriter.writeAll(this.xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml")), processOutMessage);
        processOutMessage.close();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        try {
            Document read = XMLUtils.read(byteArrayInputStream, false);
            $closeResource(null, byteArrayInputStream);
            Assert.assertEquals(decryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", generateDESSecretKey, null, read).getElementsByTagNameNS("urn:example:po", "CreditCard").getLength(), 1L);
            verifyUsingDOM(read, x509Certificate, xMLSecurityProperties.getSignatureSecureParts());
            TestSecurityEventListener verifyUsingStAX = verifyUsingStAX(byteArrayOutputStream.toByteArray(), generateDESSecretKey, x509Certificate.getPublicKey());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.SignedElement).size());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.ContentEncrypted).size());
        } catch (Throwable th) {
            $closeResource(null, byteArrayInputStream);
            throw th;
        }
    }

    @Test
    public void testEncryptionSignature() throws Exception {
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(XMLSecurityConstants.ENCRYPT);
        arrayList.add(XMLSecurityConstants.SIGNATURE);
        xMLSecurityProperties.setActions(arrayList);
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
        xMLSecurityProperties.setSignatureKey(keyStore.getKey("transmitter", "default".toCharArray()));
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("transmitter");
        xMLSecurityProperties.setSignatureCerts(new X509Certificate[]{x509Certificate});
        SecretKey generateDESSecretKey = generateDESSecretKey();
        xMLSecurityProperties.setEncryptionKey(generateDESSecretKey);
        xMLSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
        xMLSecurityProperties.addSignaturePart(new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Content, new String[]{"http://www.w3.org/2000/09/xmldsig#enveloped-signature", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"}, "http://www.w3.org/2000/09/xmldsig#sha1"));
        xMLSecurityProperties.addEncryptionPart(new SecurePart(new QName("urn:example:po", "PurchaseOrder"), SecurePart.Modifier.Content));
        OutboundXMLSec outboundXMLSec = XMLSec.getOutboundXMLSec(xMLSecurityProperties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = outboundXMLSec.processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name());
        XmlReaderToWriter.writeAll(this.xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml")), processOutMessage);
        processOutMessage.close();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        try {
            Document read = XMLUtils.read(byteArrayInputStream, false);
            $closeResource(null, byteArrayInputStream);
            verifyUsingDOM(read, x509Certificate, xMLSecurityProperties.getSignatureSecureParts());
            Assert.assertEquals(decryptUsingDOM("http://www.w3.org/2001/04/xmlenc#tripledes-cbc", generateDESSecretKey, null, read).getElementsByTagNameNS("urn:example:po", "CreditCard").getLength(), 1L);
            TestSecurityEventListener verifyUsingStAX = verifyUsingStAX(byteArrayOutputStream.toByteArray(), generateDESSecretKey, x509Certificate.getPublicKey());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.SignedElement).size());
            Assert.assertEquals(1L, verifyUsingStAX.getSecurityEvents(SecurityEventConstants.ContentEncrypted).size());
        } catch (Throwable th) {
            $closeResource(null, byteArrayInputStream);
            throw th;
        }
    }

    @Test
    public void testUnsecuredDocument() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(getClass().getClassLoader().getResource("transmitter.jks").openStream(), "default".toCharArray());
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("transmitter");
        SecretKey generateDESSecretKey = generateDESSecretKey();
        try {
            verifyUsingStAX(getClass().getClassLoader().getResourceAsStream("ie/baltimore/merlin-examples/merlin-xmlenc-five/plaintext.xml"), generateDESSecretKey, x509Certificate.getPublicKey());
            Assert.fail("Exception expected");
        } catch (XMLStreamException e) {
            Assert.assertEquals("Unsecured message. Neither a Signature nor a EncryptedData element found.", e.getCause().getMessage());
        }
    }

    private SecretKey generateDESSecretKey() throws Exception {
        return SecretKeyFactory.getInstance("DESede").generateSecret(new DESedeKeySpec("abcdefghijklmnopqrstuvwx".getBytes()));
    }

    private Document decryptUsingDOM(String str, SecretKey secretKey, Key key, Document document) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance(str);
        xMLCipher.init(2, secretKey);
        if (key != null) {
            xMLCipher.setKEK(key);
        }
        return xMLCipher.doFinal(document, (Element) document.getElementsByTagNameNS(XMLSecurityConstants.TAG_xenc_EncryptedData.getNamespaceURI(), XMLSecurityConstants.TAG_xenc_EncryptedData.getLocalPart()).item(0));
    }

    private TestSecurityEventListener verifyUsingStAX(byte[] bArr, Key key, PublicKey publicKey) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            try {
                TestSecurityEventListener verifyUsingStAX = verifyUsingStAX(byteArrayInputStream, key, publicKey);
                $closeResource(null, byteArrayInputStream);
                return verifyUsingStAX;
            } finally {
            }
        } catch (Throwable th2) {
            $closeResource(th, byteArrayInputStream);
            throw th2;
        }
    }

    private TestSecurityEventListener verifyUsingStAX(InputStream inputStream, Key key, PublicKey publicKey) throws Exception {
        XMLStreamReader createXMLStreamReader = this.xmlInputFactory.createXMLStreamReader(inputStream);
        XMLSecurityProperties xMLSecurityProperties = new XMLSecurityProperties();
        xMLSecurityProperties.setDecryptionKey(key);
        xMLSecurityProperties.setSignatureVerificationKey(publicKey);
        InboundXMLSec inboundWSSec = XMLSec.getInboundWSSec(xMLSecurityProperties);
        TestSecurityEventListener testSecurityEventListener = new TestSecurityEventListener();
        Assert.assertEquals(StAX2DOM.readDoc(inboundWSSec.processInMessage(createXMLStreamReader, (List) null, testSecurityEventListener)).getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").getLength(), 0L);
        return testSecurityEventListener;
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
