package org.apache.wss4j.dom.misc;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.bsp.BSPEnforcer;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
import org.apache.wss4j.dom.message.token.Reference;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/misc/FaultCodeTest.class */
public class FaultCodeTest extends Assert implements CallbackHandler {
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private Crypto crypto;

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public FaultCodeTest() throws Exception {
        this.crypto = null;
        this.crypto = CryptoFactory.getInstance("wss40.properties");
        WSSConfig.init();
    }

    @Test
    public void testFailedCheck() throws Exception {
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(this.secEngine.getWssConfig());
        wSSecEncrypt.setUserInfo("wss40", "security");
        wSSecEncrypt.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        try {
            verify(wSSecEncrypt.build(sOAPPart, this.crypto, wSSecHeader));
            fail("Failure expected with a bad password");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
            assertEquals("The private key for the supplied alias does not exist in the keystore", e.getMessage());
            assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "FailedCheck")));
        }
    }

    @Test
    public void testUnsupportedAlgorithm() throws Exception {
        try {
            this.secEngine.getWssConfig();
            WSSecurityUtil.getCipherInstance("Bad Algorithm");
            fail("Failure expected on an unsupported algorithm");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM);
            assertEquals("unsupported key transport encryption algorithm: No such algorithm: Bad Algorithm", e.getMessage());
            assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UnsupportedAlgorithm")));
        }
    }

    @Test
    public void testMessageExpired() throws Exception {
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp(this.secEngine.getWssConfig());
        wSSecTimestamp.setTimeToLive(-1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        try {
            verify(wSSecTimestamp.build(sOAPPart, wSSecHeader));
            fail("Failure expected on an expired message");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
            assertEquals("Invalid timestamp: The security semantics of the message have expired", e.getMessage());
            assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "MessageExpired")));
        }
    }

    @Test
    public void testFailedAuthentication() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken(this.secEngine.getWssConfig());
        wSSecUsernameToken.addCreated();
        wSSecUsernameToken.addNonce();
        wSSecUsernameToken.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        try {
            verify(wSSecUsernameToken.build(sOAPPart, wSSecHeader));
            fail("Failure expected on a bad password");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
            assertEquals(WSSecurityException.FAILED_AUTHENTICATION_ERR, e.getMessage());
            assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "FailedAuthentication")));
        }
    }

    @Test
    public void testInvalidSecurityToken() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken(this.secEngine.getWssConfig());
        wSSecUsernameToken.addCreated();
        wSSecUsernameToken.addNonce();
        wSSecUsernameToken.setUserInfo(null, "security");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        try {
            new UsernameToken(sOAPPart.getDocumentElement(), false, new BSPEnforcer());
            fail("Failure expected on an invalid security token");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
            assertEquals("Bad element, expected \"{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken\" while got \"{http://schemas.xmlsoap.org/soap/envelope/}Envelope\"", e.getMessage());
            assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "InvalidSecurityToken")));
        }
    }

    @Test
    public void testInvalidSecurity() throws Exception {
        try {
            new Reference((Element) null);
            fail("Failure expected on processing the security header");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
            assertEquals("<Reference> token could not be retrieved", e.getMessage());
            assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "InvalidSecurity")));
        }
    }

    private void verify(Document document) throws Exception {
        this.secEngine.processSecurityHeader(document, (String) null, this, this.crypto);
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (!(callbackArr[i] instanceof WSPasswordCallback)) {
                throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
            }
            ((WSPasswordCallback) callbackArr[i]).setPassword("securit");
        }
    }
}
