package org.apache.wss4j.dom.saml;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/saml/SamlTokenSVTest.class */
public class SamlTokenSVTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(SamlTokenSVTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
    private Crypto crypto;

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public SamlTokenSVTest() throws Exception {
        this.crypto = null;
        WSSConfig.init();
        this.crypto = CryptoFactory.getInstance("crypto.properties");
    }

    @Test
    public void testSAML1AuthnAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod(SAML1Constants.CONF_SENDER_VOUCHES);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, null, samlAssertionWrapper, this.crypto, "16c73ab6-b892-458f-abf5-2f875f74882e", "security", wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        List<WSSecurityEngineResult> verify = verify(build);
        assertTrue(((SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 8).get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_SAML_ASSERTION)) != null);
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_DATA_REF_URIS);
        assertTrue(list.size() == 2);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/saml1:Assertion", ((WSDataRef) list.get(1)).getXpath());
    }

    @Test
    public void testSAML1AttrAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML1CallbackHandler.setConfirmationMethod(SAML1Constants.CONF_SENDER_VOUCHES);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, null, samlAssertionWrapper, this.crypto, "16c73ab6-b892-458f-abf5-2f875f74882e", "security", wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Attr Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        List<WSSecurityEngineResult> verify = verify(build);
        assertTrue(((SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 8).get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_SAML_ASSERTION)) != null);
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_DATA_REF_URIS);
        assertTrue(list.size() == 2);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/saml1:Assertion", ((WSDataRef) list.get(1)).getXpath());
    }

    @Test
    public void testSAML2AuthnAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:sender-vouches");
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, null, samlAssertionWrapper, this.crypto, "16c73ab6-b892-458f-abf5-2f875f74882e", "security", wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        List<WSSecurityEngineResult> verify = verify(build);
        assertTrue(((SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 8).get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_SAML_ASSERTION)) != null);
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_DATA_REF_URIS);
        assertTrue(list.size() == 2);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/saml2:Assertion", ((WSDataRef) list.get(1)).getXpath());
    }

    @Test
    public void testSAML2AttrAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:sender-vouches");
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, null, samlAssertionWrapper, this.crypto, "16c73ab6-b892-458f-abf5-2f875f74882e", "security", wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Attr Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        List<WSSecurityEngineResult> verify = verify(build);
        assertTrue(((SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 8).get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_SAML_ASSERTION)) != null);
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get(org.apache.wss4j.dom.engine.WSSecurityEngineResult.TAG_DATA_REF_URIS);
        assertTrue(list.size() == 2);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Header/wsse:Security/saml2:Assertion", ((WSDataRef) list.get(1)).getXpath());
    }

    @Test
    public void testWSS62() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:sender-vouches");
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, null, samlAssertionWrapper, this.crypto, "16c73ab6-b892-458f-abf5-2f875f74882e", "security", wSSecHeader);
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        HashMap hashMap = new HashMap();
        hashMap.put(ConfigurationConstants.SIG_VER_PROP_FILE, "crypto.properties");
        requestData.setMsgContext(hashMap);
        new CustomHandler().receive(Collections.singletonList(16), requestData);
        this.secEngine.processSecurityHeader(build, (String) null, sAML2CallbackHandler, requestData.getSigVerCrypto(), requestData.getDecCrypto());
    }

    private List<WSSecurityEngineResult> verify(Document document) throws Exception {
        List<WSSecurityEngineResult> processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, this.callbackHandler, this.crypto);
        assertTrue(XMLUtils.PrettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }
}
