package org.apache.cxf.systest.kerberos.wssec.kerberos;

import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import org.apache.commons.io.IOUtils;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.kerberos.common.SecurityTestUtil;
import org.apache.cxf.systest.kerberos.wssec.sts.STSServer;
import org.apache.cxf.systest.kerberos.wssec.sts.StaxSTSServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.directory.server.annotations.CreateKdcServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreateIndex;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.wss4j.dom.WSSConfig;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@CreateKdcServer(transports = {@CreateTransport(protocol = "UDP", address = "127.0.0.1")}, primaryRealm = "service.ws.apache.org", kdcPrincipal = "krbtgt/service.ws.apache.org@service.ws.apache.org")
@RunWith(FrameworkRunner.class)
@CreateDS(name = "AbstractKerberosTest-class", enableAccessControl = false, allowAnonAccess = false, enableChangeLog = true, partitions = {@CreatePartition(name = "example", suffix = "dc=example,dc=com", indexes = {@CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou")})}, additionalInterceptors = {KeyDerivationInterceptor.class})
@ApplyLdifFiles({"kerberos.ldif"})
/* loaded from: input_file:org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.class */
public class KerberosTokenTest extends AbstractLdapTestUnit {
    static final String PORT = TestUtil.getPortNumber(Server.class);
    static final String STAX_PORT = TestUtil.getPortNumber(StaxServer.class);
    static final String PORT2 = TestUtil.getPortNumber(Server.class, 2);
    static final String STAX_PORT2 = TestUtil.getPortNumber(StaxServer.class, 2);
    static final String PORT3 = TestUtil.getPortNumber(Server.class, 3);
    static final String STSPORT = TestUtil.getPortNumber(STSServer.class);
    static final String STAX_STSPORT = TestUtil.getPortNumber(StaxSTSServer.class);
    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
    private static boolean unrestrictedPoliciesInstalled = SecurityTestUtil.checkUnrestrictedPoliciesInstalled();
    private static boolean runTests;
    private static boolean portUpdated;

    @Before
    public void updatePort() throws Exception {
        if (portUpdated) {
            return;
        }
        String property = System.getProperty("basedir");
        if (property == null) {
            property = new File(".").getCanonicalPath();
        }
        FileInputStream fileInputStream = new FileInputStream(new File(property + "/src/test/resources/krb5.conf"));
        String iOUtils = IOUtils.toString(fileInputStream, "UTF-8");
        fileInputStream.close();
        String replaceAll = iOUtils.replaceAll("port", "" + AbstractLdapTestUnit.getKdcServer().getTransports()[0].getPort());
        File file = new File(property + "/target/test-classes/wssec.kerberos.krb5.conf");
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        IOUtils.write(replaceAll, fileOutputStream, "UTF-8");
        fileOutputStream.close();
        System.setProperty("java.security.krb5.conf", file.getPath());
        portUpdated = true;
    }

    @BeforeClass
    public static void startServers() throws Exception {
        WSSConfig.init();
        if (!"IBM Corporation".equals(System.getProperty("java.vendor"))) {
            runTests = true;
            String property = System.getProperty("basedir");
            if (property == null) {
                property = new File(".").getCanonicalPath();
            }
            System.setProperty("java.security.auth.login.config", property + "/src/test/resources/kerberos.jaas");
        }
        Assert.assertTrue("Server failed to launch", AbstractBusClientServerTestBase.launchServer(Server.class, true));
        Assert.assertTrue("Server failed to launch", AbstractBusClientServerTestBase.launchServer(StaxServer.class, true));
        Assert.assertTrue("Server failed to launch", AbstractBusClientServerTestBase.launchServer(STSServer.class, true));
        Assert.assertTrue("Server failed to launch", AbstractBusClientServerTestBase.launchServer(StaxSTSServer.class, true));
    }

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
        AbstractBusClientServerTestBase.stopAllServers();
    }

    @Test
    public void testKerberosOverTransport() throws Exception {
        if (runTests) {
            runKerberosTest("DoubleItKerberosTransportPort", false, PORT2);
            runKerberosTest("DoubleItKerberosTransportPort", false, STAX_PORT2);
            runKerberosTest("DoubleItKerberosTransportPort", true, PORT2);
            runKerberosTest("DoubleItKerberosTransportPort", true, STAX_PORT2);
        }
    }

    @Test
    public void testKerberosOverTransportDifferentConfiguration() throws Exception {
        if (runTests) {
            runKerberosTest("DoubleItKerberosTransportPort2", false, PORT2);
            runKerberosTest("DoubleItKerberosTransportPort2", false, STAX_PORT2);
            runKerberosTest("DoubleItKerberosTransportPort2", true, PORT2);
            runKerberosTest("DoubleItKerberosTransportPort2", true, STAX_PORT2);
        }
    }

    @Test
    public void testKerberosOverSymmetric() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSymmetricPort", false, PORT);
            runKerberosTest("DoubleItKerberosSymmetricPort", false, STAX_PORT);
            runKerberosTest("DoubleItKerberosSymmetricPort", true, PORT);
            runKerberosTest("DoubleItKerberosSymmetricPort", true, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverSymmetricSupporting() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSymmetricSupportingPort", false, PORT);
            runKerberosTest("DoubleItKerberosSymmetricSupportingPort", false, STAX_PORT);
            runKerberosTest("DoubleItKerberosSymmetricSupportingPort", true, PORT);
            runKerberosTest("DoubleItKerberosSymmetricSupportingPort", true, STAX_PORT);
        }
    }

    @Test
    public void testKerberosSupporting() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSupportingPort", false, PORT);
            runKerberosTest("DoubleItKerberosSupportingPort", false, STAX_PORT);
            runKerberosTest("DoubleItKerberosSupportingPort", true, PORT);
            runKerberosTest("DoubleItKerberosSupportingPort", true, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverAsymmetric() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosAsymmetricPort", false, PORT);
            runKerberosTest("DoubleItKerberosAsymmetricPort", false, STAX_PORT);
            runKerberosTest("DoubleItKerberosAsymmetricPort", true, PORT);
            runKerberosTest("DoubleItKerberosAsymmetricPort", true, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverTransportEndorsing() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosTransportEndorsingPort", false, PORT2);
            runKerberosTest("DoubleItKerberosTransportEndorsingPort", false, STAX_PORT2);
            runKerberosTest("DoubleItKerberosTransportEndorsingPort", true, PORT2);
            runKerberosTest("DoubleItKerberosTransportEndorsingPort", true, STAX_PORT2);
        }
    }

    @Test
    public void testKerberosOverAsymmetricEndorsing() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosAsymmetricEndorsingPort", false, PORT);
            runKerberosTest("DoubleItKerberosAsymmetricEndorsingPort", false, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverSymmetricProtection() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSymmetricProtectionPort", false, PORT);
            runKerberosTest("DoubleItKerberosSymmetricProtectionPort", false, STAX_PORT);
            runKerberosTest("DoubleItKerberosSymmetricProtectionPort", true, PORT);
            runKerberosTest("DoubleItKerberosSymmetricProtectionPort", true, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverSymmetricDerivedProtection() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSymmetricDerivedProtectionPort", false, PORT);
        }
    }

    @Test
    public void testKerberosOverAsymmetricSignedEndorsing() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosAsymmetricSignedEndorsingPort", false, PORT);
            runKerberosTest("DoubleItKerberosAsymmetricSignedEndorsingPort", false, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverAsymmetricSignedEncrypted() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosAsymmetricSignedEncryptedPort", false, PORT);
            runKerberosTest("DoubleItKerberosAsymmetricSignedEncryptedPort", false, STAX_PORT);
            runKerberosTest("DoubleItKerberosAsymmetricSignedEncryptedPort", true, PORT);
            runKerberosTest("DoubleItKerberosAsymmetricSignedEncryptedPort", true, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverSymmetricEndorsingEncrypted() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSymmetricEndorsingEncryptedPort", false, PORT);
            runKerberosTest("DoubleItKerberosSymmetricEndorsingEncryptedPort", false, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverSymmetricSignedEndorsingEncrypted() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSymmetricSignedEndorsingEncryptedPort", false, PORT);
            runKerberosTest("DoubleItKerberosSymmetricSignedEndorsingEncryptedPort", false, STAX_PORT);
        }
    }

    @Test
    public void testKerberosOverSymmetricSecureConversation() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosTest("DoubleItKerberosSymmetricSecureConversationPort", false, PORT);
        }
    }

    @Test
    public void testWSTrustKerberosToken() throws Exception {
        if (runTests && unrestrictedPoliciesInstalled) {
            runKerberosSTSTest("DoubleItTransportSAML2Port", false, PORT3, STSPORT);
            runKerberosSTSTest("DoubleItTransportSAML2Port", true, PORT3, STSPORT);
            runKerberosSTSTest("DoubleItTransportSAML2Port", false, PORT3, STAX_STSPORT);
            runKerberosSTSTest("DoubleItTransportSAML2Port", true, PORT3, STAX_STSPORT);
        }
    }

    private void runKerberosTest(String str, boolean z, String str2) throws Exception {
        Bus createBus = new SpringBusFactory().createBus(KerberosTokenTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(KerberosTokenTest.class.getResource("DoubleItKerberos.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, str), DoubleItPortType.class);
        TestUtil.updateAddressPort(closeable, str2);
        if (z) {
            SecurityTestUtil.enableStreaming(closeable);
        }
        Assert.assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    private void runKerberosSTSTest(String str, boolean z, String str2, String str3) throws Exception {
        Bus createBus = new SpringBusFactory().createBus(KerberosTokenTest.class.getResource("sts-client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(KerberosTokenTest.class.getResource("DoubleItKerberos.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, str), DoubleItPortType.class);
        TestUtil.updateAddressPort(closeable, str2);
        SecurityTestUtil.updateSTSPort((BindingProvider) closeable, str3);
        if (z) {
            SecurityTestUtil.enableStreaming(closeable);
        }
        Assert.assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }
}
