package org.apache.wss4j.dom.saml;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.TreeMap;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.common.SAMLElementCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSAMLToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.joda.time.DateTime;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.XSInteger;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/saml/SamlTokenTest.class */
public class SamlTokenTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(SamlTokenTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public SamlTokenTest() {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSSecurityEngine.SAML_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidator(WSSecurityEngine.SAML2_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidateSamlSubjectConfirmation(false);
        this.secEngine.setWssConfig(newInstance);
    }

    @Test
    public void testSAML1AuthnAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
        assertTrue(samlAssertionWrapper2.getSignatureValue() == null);
    }

    @Test
    public void testSAML1AuthnAssertionViaElement() throws Exception {
        SAMLElementCallbackHandler sAMLElementCallbackHandler = new SAMLElementCallbackHandler();
        sAMLElementCallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAMLElementCallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches - from an Element):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
        assertTrue(samlAssertionWrapper2.getSignatureValue() == null);
    }

    @Test
    public void testSAML1AttrAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Attr Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML1AuthzAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setResource("http://resource.org");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authz Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AuthnAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AttrAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Attr Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AuthzAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setResource("http://resource.org");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authz Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSaml1Action() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        TreeMap treeMap = new TreeMap();
        treeMap.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
        requestData.setMsgContext(treeMap);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        new CustomHandler().send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(8)), true);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(sOAPPart);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Unsigned SAML 1.1 authentication assertion via an Action:");
            LOG.debug(PrettyDocumentToString);
        }
        assertFalse(PrettyDocumentToString.contains("Signature"));
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(sOAPPart), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML1AuthnBadIssuerAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example2.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Failure expected on a bad issuer");
        } catch (WSSecurityException e) {
        }
    }

    @Test
    public void testSAML2AuthnBadIssuerAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example2.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Failure expected on a bad issuer");
        } catch (WSSecurityException e) {
        }
    }

    @Test
    public void testSAML1SubjectNameIDFormat() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectNameIDFormat() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML1SubjectLocality() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("12.34.56.780"));
        assertTrue(PrettyDocumentToString.contains("test-dns"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SessionNotOnOrAfter() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setSessionNotOnOrAfter(new DateTime().plusHours(1));
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2.0 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains(AuthnStatement.SESSION_NOT_ON_OR_AFTER_ATTRIB_NAME));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectLocality() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("12.34.56.780"));
        assertTrue(PrettyDocumentToString.contains("test-dns"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML1Resource() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setResource("http://resource.org");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authz Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("http://resource.org"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AttrAssertionCustomAttribute() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        Conditions conditions = (Conditions) ((SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME)).mo3142buildObject();
        DateTime dateTime = new DateTime();
        conditions.setNotBefore(dateTime);
        conditions.setNotOnOrAfter(dateTime.plusMinutes(5));
        XSAny xSAny = (XSAny) builderFactory.getBuilder(XSAny.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
        xSAny.getUnknownXMLObjects().add(conditions);
        ArrayList arrayList = new ArrayList();
        arrayList.add(xSAny);
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Attr Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AttrAssertionIntegerAttribute() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        XSInteger xSInteger = (XSInteger) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
        xSInteger.setValue(5);
        ArrayList arrayList = new ArrayList();
        arrayList.add(xSInteger);
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectConfirmationData() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean();
        subjectConfirmationDataBean.setAddress("http://apache.org");
        subjectConfirmationDataBean.setInResponseTo("12345");
        subjectConfirmationDataBean.setNotAfter(new DateTime().plusMinutes(5));
        subjectConfirmationDataBean.setRecipient("http://recipient.apache.org");
        sAML2CallbackHandler.setSubjectConfirmationData(subjectConfirmationDataBean);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("http://recipient.apache.org"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    private List<org.apache.wss4j.dom.WSSecurityEngineResult> verify(Document document) throws Exception {
        List<org.apache.wss4j.dom.WSSecurityEngineResult> processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, (CallbackHandler) null, (Crypto) null);
        assertTrue(XMLUtils.PrettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }
}
