package org.apache.wss4j.dom.saml;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.TreeMap;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/saml/SamlTokenActionTest.class */
public class SamlTokenActionTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(SamlTokenActionTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private Crypto crypto;

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public SamlTokenActionTest() throws WSSecurityException {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        this.crypto = CryptoFactory.getInstance("wss40.properties");
        newInstance.setValidator(WSConstants.SAML_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidator(WSConstants.SAML2_TOKEN, new CustomSamlAssertionValidator());
        this.secEngine.setWssConfig(newInstance);
    }

    @Test
    public void testAssertionAction() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        requestData.setUsername("wss40");
        KeystoreCallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        TreeMap treeMap = new TreeMap();
        treeMap.put("signaturePropFile", "wss40.properties");
        treeMap.put("passwordCallbackRef", keystoreCallbackHandler);
        treeMap.put("samlCallbackRef", sAML1CallbackHandler);
        requestData.setMsgContext(treeMap);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        new CustomHandler().send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(8)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(sOAPPart, keystoreCallbackHandler).getActionResults().get(8)).get(0)).get("saml-assertion");
        assertNotNull(samlAssertionWrapper);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testAssertionActionWithSAAJ() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        requestData.setUsername("wss40");
        KeystoreCallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        TreeMap treeMap = new TreeMap();
        treeMap.put("signaturePropFile", "wss40.properties");
        treeMap.put("passwordCallbackRef", keystoreCallbackHandler);
        treeMap.put("samlCallbackRef", sAML1CallbackHandler);
        requestData.setMsgContext(treeMap);
        Document sAAJSOAPPart = SOAPUtil.toSAAJSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        new CustomHandler().send(sAAJSOAPPart, requestData, Collections.singletonList(new HandlerAction(8)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sAAJSOAPPart));
        }
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(sAAJSOAPPart, keystoreCallbackHandler).getActionResults().get(8)).get(0)).get("saml-assertion");
        assertNotNull(samlAssertionWrapper);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSignedAssertionAction() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        KeystoreCallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setIssuerCrypto(this.crypto);
        sAML1CallbackHandler.setIssuerName("wss40");
        sAML1CallbackHandler.setIssuerPassword("security");
        sAML1CallbackHandler.setSignAssertion(true);
        TreeMap treeMap = new TreeMap();
        treeMap.put("passwordCallbackRef", keystoreCallbackHandler);
        treeMap.put("samlCallbackRef", sAML1CallbackHandler);
        requestData.setMsgContext(treeMap);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        new CustomHandler().send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(16)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(sOAPPart, keystoreCallbackHandler).getActionResults().get(16)).get(0)).get("saml-assertion");
        assertNotNull(samlAssertionWrapper);
        assertTrue(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testAssertionWithSignatureAction() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        requestData.setUsername("wss40");
        KeystoreCallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        TreeMap treeMap = new TreeMap();
        treeMap.put("signaturePropFile", "wss40.properties");
        treeMap.put("passwordCallbackRef", keystoreCallbackHandler);
        treeMap.put("samlCallbackRef", sAML1CallbackHandler);
        treeMap.put("signatureParts", "{}{urn:oasis:names:tc:SAML:1.0:assertion}Assertion;");
        requestData.setMsgContext(treeMap);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        CustomHandler customHandler = new CustomHandler();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new HandlerAction(8));
        arrayList.add(new HandlerAction(2));
        customHandler.send(sOAPPart, requestData, arrayList, true);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(sOAPPart, keystoreCallbackHandler).getActionResults().get(8)).get(0)).get("saml-assertion");
        assertNotNull(samlAssertionWrapper);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSignedSAML2AssertionAction() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        requestData.setUsername("wss40");
        KeystoreCallbackHandler keystoreCallbackHandler = new KeystoreCallbackHandler();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSignAssertion(true);
        sAML2CallbackHandler.setIssuerCrypto(this.crypto);
        sAML2CallbackHandler.setIssuerName("wss40");
        sAML2CallbackHandler.setIssuerPassword("security");
        TreeMap treeMap = new TreeMap();
        treeMap.put("samlCallbackRef", sAML2CallbackHandler);
        requestData.setMsgContext(treeMap);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        new CustomHandler().send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(8)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(sOAPPart, keystoreCallbackHandler).getActionResults().get(16)).get(0)).get("saml-assertion");
        assertNotNull(samlAssertionWrapper);
        assertTrue(samlAssertionWrapper.isSigned());
    }

    private WSHandlerResult verify(Document document, CallbackHandler callbackHandler) throws Exception {
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(callbackHandler);
        requestData.setDecCrypto(this.crypto);
        requestData.setSigVerCrypto(this.crypto);
        requestData.setValidateSamlSubjectConfirmation(false);
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(document, requestData);
        assertTrue(XMLUtils.prettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }
}
