package org.apache.wss4j.dom.message;

import java.security.MessageDigest;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.common.EncodedPasswordCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.utils.Base64;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/message/UTDerivedKeyTest.class */
public class UTDerivedKeyTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(UTDerivedKeyTest.class);
    private CallbackHandler callbackHandler = new UsernamePasswordCallbackHandler();
    private Crypto crypto;

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public UTDerivedKeyTest() throws Exception {
        this.crypto = null;
        this.crypto = CryptoFactory.getInstance();
    }

    @Test
    public void testUsernameTokenUnit() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        UsernameToken usernameToken = new UsernameToken(true, sOAPPart, (String) null);
        usernameToken.setName("bob");
        byte[] addSalt = usernameToken.addSalt(sOAPPart, null, false);
        assertTrue(addSalt.length == 16);
        assertTrue(addSalt[0] == 2);
        byte[] salt = usernameToken.getSalt();
        assertTrue(addSalt.length == salt.length);
        for (int i = 0; i < addSalt.length; i++) {
            assertTrue(addSalt[i] == salt[i]);
        }
        usernameToken.addIteration(sOAPPart, 500);
        assertTrue(usernameToken.getIteration() == 500);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), usernameToken.getElement());
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(sOAPPart);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        assertTrue(UsernameTokenUtil.generateDerivedKey("security", addSalt, 500).length == 20);
        assertTrue(UsernameTokenUtil.generateDerivedKey(Base64.decode("c2VjdXJpdHk="), addSalt, 500).length == 20);
    }

    @Test
    public void testDerivedKeyWithEncodedPasswordBaseline() throws Exception {
        assertTrue("the derived key is not as expected", Arrays.equals(Base64.decode("C7Ll/OY4TECb6hZuMMiX/5hzszo="), UsernameTokenUtil.generateDerivedKey(MessageDigest.getInstance("SHA-1").digest("password".getBytes("UTF-8")), Base64.decode("LKpycbfgRzwDnBz6kkhAAQ=="), 1049)));
    }

    @Test
    public void testDerivedKeyEncryption() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("bob", "security");
        wSSecUsernameToken.addDerivedKey(false, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(derivedKey, id);
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        assertFalse(PrettyDocumentToString.contains("testMethod"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        verify(build);
        try {
            verify(build, false);
            fail("Failure expected on deriving keys from a UsernameToken not allowed");
        } catch (WSSecurityException e) {
        }
    }

    @Test
    public void testDerivedKeyEncryptionWithEncodedPassword() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordsAreEncoded(true);
        wSSecUsernameToken.setUserInfo("bob", Base64.encode(MessageDigest.getInstance("SHA-1").digest("security".getBytes("UTF-8"))));
        wSSecUsernameToken.addDerivedKey(false, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(derivedKey, id);
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        assertFalse(PrettyDocumentToString.contains("testMethod"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.getWssConfig().setPasswordsAreEncoded(true);
        wSSecurityEngine.getWssConfig().setAllowUsernameTokenNoPassword(true);
        wSSecurityEngine.processSecurityHeader(build, (String) null, new EncodedPasswordCallbackHandler(), (Crypto) null);
    }

    @Test
    public void testDerivedKeyChangedEncryption() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("bob", "security");
        wSSecUsernameToken.addDerivedKey(false, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        derivedKey[5] = 122;
        derivedKey[6] = 97;
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(derivedKey, id);
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        assertFalse(PrettyDocumentToString.contains("testMethod"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on a bad derived encryption");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testDerivedKeyBadUserEncryption() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("colm", "security");
        wSSecUsernameToken.addDerivedKey(false, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(derivedKey, id);
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        assertFalse(PrettyDocumentToString.contains("testMethod"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on a bad derived encryption");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testDerivedKeySignature() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("bob", "security");
        wSSecUsernameToken.addDerivedKey(true, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(derivedKey, id);
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(((Principal) WSSecurityUtil.fetchActionResult(verify(build), 2).get(WSSecurityEngineResult.TAG_PRINCIPAL)).getName().contains("DK"));
    }

    @Test
    public void testDerivedKeySignatureWithEncodedPassword() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordsAreEncoded(true);
        wSSecUsernameToken.setUserInfo("bob", Base64.encode(MessageDigest.getInstance("SHA-1").digest("security".getBytes("UTF-8"))));
        wSSecUsernameToken.addDerivedKey(true, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(derivedKey, id);
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.getWssConfig().setPasswordsAreEncoded(true);
        wSSecurityEngine.getWssConfig().setAllowUsernameTokenNoPassword(true);
        assertTrue(((Principal) WSSecurityUtil.fetchActionResult(wSSecurityEngine.processSecurityHeader(build, (String) null, new EncodedPasswordCallbackHandler(), (Crypto) null), 2).get(WSSecurityEngineResult.TAG_PRINCIPAL)).getName().contains("DK"));
    }

    @Test
    public void testDerivedKeyChangedSignature() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("bob", "security");
        wSSecUsernameToken.addDerivedKey(true, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        if (derivedKey[5] != 12) {
            derivedKey[5] = 12;
        } else {
            derivedKey[5] = 13;
        }
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(derivedKey, id);
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on a bad derived signature");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
        }
    }

    @Test
    public void testDerivedKeyBadUserSignature() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("colm", "security");
        wSSecUsernameToken.addDerivedKey(true, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(derivedKey, id);
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKSign.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on a bad derived signature");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testNoSaltEncryption() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        UsernameToken usernameToken = new UsernameToken(true, sOAPPart, (String) null);
        usernameToken.setName("bob");
        usernameToken.setID(WSSConfig.getNewInstance().getIdAllocator().createId("UsernameToken-", usernameToken));
        byte[] generateSalt = UsernameTokenUtil.generateSalt(false);
        usernameToken.addIteration(sOAPPart, 1000);
        byte[] generateDerivedKey = UsernameTokenUtil.generateDerivedKey("security", generateSalt, 1000);
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(generateDerivedKey, usernameToken.getID());
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), usernameToken.getElement());
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(sOAPPart);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertFalse(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on no salt element");
        } catch (WSSecurityException e) {
        }
    }

    @Test
    public void testNoIterationEncryption() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        UsernameToken usernameToken = new UsernameToken(true, sOAPPart, (String) null);
        usernameToken.setName("bob");
        usernameToken.setID(WSSConfig.getNewInstance().getIdAllocator().createId("UsernameToken-", usernameToken));
        byte[] generateDerivedKey = UsernameTokenUtil.generateDerivedKey("security", usernameToken.addSalt(sOAPPart, null, false), 1000);
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(generateDerivedKey, usernameToken.getID());
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), usernameToken.getElement());
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(sOAPPart);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertFalse(PrettyDocumentToString.contains("wsse11:Iteration"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on no iteration element");
        } catch (WSSecurityException e) {
        }
    }

    @Test
    public void testLowIterationEncryption() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        UsernameToken usernameToken = new UsernameToken(true, sOAPPart, (String) null);
        usernameToken.setName("bob");
        WSSConfig newInstance = WSSConfig.getNewInstance();
        usernameToken.setID(newInstance.getIdAllocator().createId("UsernameToken-", usernameToken));
        usernameToken.addIteration(sOAPPart, 500);
        byte[] generateDerivedKey = UsernameTokenUtil.generateDerivedKey("security", usernameToken.addSalt(sOAPPart, null, false), 500);
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(generateDerivedKey, usernameToken.getID());
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), usernameToken.getElement());
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(sOAPPart);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on a low iteration value");
        } catch (WSSecurityException e) {
        }
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setDecCrypto(this.crypto);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4218));
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        newInstance.setAllowUsernameTokenNoPassword(true);
        wSSecurityEngine.setWssConfig(newInstance);
        wSSecurityEngine.processSecurityHeader(sOAPPart, "", requestData);
    }

    @Test
    public void testBadValueType() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("bob", "security");
        wSSecUsernameToken.addDerivedKey(false, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSecDKEncrypt.setExternalKey(derivedKey, id);
        wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        assertFalse(PrettyDocumentToString.contains("testMethod"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on a bad value type");
        } catch (WSSecurityException e) {
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setDecCrypto(this.crypto);
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setAllowUsernameTokenNoPassword(true);
        wSSecurityEngine.setWssConfig(newInstance);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4214));
        wSSecurityEngine.processSecurityHeader(build, "", requestData);
    }

    @Test
    public void testKeyIdentifier() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("bob", "security");
        wSSecUsernameToken.addDerivedKey(false, null, 1000);
        wSSecUsernameToken.prepare(sOAPPart);
        byte[] derivedKey = wSSecUsernameToken.getDerivedKey();
        assertTrue(derivedKey.length == 20);
        String id = wSSecUsernameToken.getId();
        WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
        wSSecDKEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(sOAPPart);
        securityTokenReference.setKeyIdentifier("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken", id, true);
        wSSecDKEncrypt.setExternalKey(derivedKey, securityTokenReference.getElement());
        Document build = wSSecDKEncrypt.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.prependToHeader(wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        assertTrue(PrettyDocumentToString.contains("wsse:Username"));
        assertFalse(PrettyDocumentToString.contains("wsse:Password"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Salt"));
        assertTrue(PrettyDocumentToString.contains("wsse11:Iteration"));
        assertFalse(PrettyDocumentToString.contains("testMethod"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        try {
            verify(build);
            fail("Failure expected on a key identifier");
        } catch (WSSecurityException e) {
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setDecCrypto(this.crypto);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4215));
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setAllowUsernameTokenNoPassword(true);
        wSSecurityEngine.setWssConfig(newInstance);
        wSSecurityEngine.processSecurityHeader(build, "", requestData);
    }

    private List<org.apache.wss4j.dom.WSSecurityEngineResult> verify(Document document) throws Exception {
        return verify(document, true);
    }

    private List<org.apache.wss4j.dom.WSSecurityEngineResult> verify(Document document, boolean z) throws Exception {
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setAllowUsernameTokenNoPassword(z);
        wSSecurityEngine.setWssConfig(newInstance);
        return wSSecurityEngine.processSecurityHeader(document, (String) null, this.callbackHandler, this.crypto);
    }
}
