package org.apache.cxf.systest.ws.saml;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.soap.SOAPFaultException;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
import org.apache.cxf.systest.ws.saml.server.Server;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/ws/saml/SamlTokenTest.class */
public class SamlTokenTest extends AbstractBusClientServerTestBase {
    static final String PORT = allocatePort(Server.class);
    static final String PORT2 = allocatePort(Server.class, 2);
    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
    private boolean unrestrictedPoliciesInstalled = checkUnrestrictedPoliciesInstalled();

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("Server failed to launch", launchServer(Server.class, true));
    }

    @Test
    public void testSaml1OverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1TransportPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with no SAML Assertion");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("No SAML CallbackHandler available"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with a SAML2 Assertion");
        } catch (SOAPFaultException e2) {
            assertTrue(e2.getMessage().contains("Wrong SAML Version"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        assertTrue(bindingProvider.doubleIt(25) == 50);
    }

    @Test
    public void testSaml2OverSymmetric() throws Exception {
        if (this.unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
            SpringBusFactory.setDefaultBus(createBus);
            SpringBusFactory.setThreadDefaultBus(createBus);
            BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2SymmetricPort"), DoubleItPortType.class);
            updateAddressPort(bindingProvider, PORT);
            try {
                bindingProvider.doubleIt(25);
                fail("Expected failure on an invocation with no SAML Assertion");
            } catch (SOAPFaultException e) {
                assertTrue(e.getMessage().contains("No SAML CallbackHandler available"));
            }
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
            try {
                bindingProvider.doubleIt(25);
                fail("Expected failure on an invocation with a SAML1 Assertion");
            } catch (SOAPFaultException e2) {
                assertTrue(e2.getMessage().contains("Wrong SAML Version"));
            }
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
            assertTrue(bindingProvider.doubleIt(25) == 50);
            try {
                SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
                samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
                bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
                bindingProvider.doubleIt(25);
                fail("Expected failure on an invocation with a invalid SAML2 Assertion");
            } catch (SOAPFaultException e3) {
                assertTrue(e3.getMessage().contains("SAML token security failure"));
            }
        }
    }

    @Test
    public void testSaml2OverSymmetricSupporting() throws Exception {
        if (this.unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
            SpringBusFactory.setDefaultBus(createBus);
            SpringBusFactory.setThreadDefaultBus(createBus);
            BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2SymmetricSupportingPort"), DoubleItPortType.class);
            updateAddressPort(bindingProvider, PORT);
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
            try {
                bindingProvider.doubleIt(25);
                fail("Expected failure on an invocation with an unsigned SAML SV Assertion");
            } catch (SOAPFaultException e) {
                assertTrue(e.getMessage().contains("Assertion fails sender-vouches requirements"));
            }
        }
    }

    @Test
    public void testSaml2OverAsymmetric() throws Exception {
        if (this.unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
            SpringBusFactory.setDefaultBus(createBus);
            SpringBusFactory.setThreadDefaultBus(createBus);
            BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort"), DoubleItPortType.class);
            updateAddressPort(bindingProvider, PORT);
            try {
                bindingProvider.doubleIt(25);
                fail("Expected failure on an invocation with no SAML Assertion");
            } catch (SOAPFaultException e) {
                assertTrue(e.getMessage().contains("No SAML CallbackHandler available"));
            }
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
            try {
                bindingProvider.doubleIt(25);
                fail("Expected failure on an invocation with a SAML1 Assertion");
            } catch (SOAPFaultException e2) {
                assertTrue(e2.getMessage().contains("Wrong SAML Version"));
            }
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
            assertTrue(bindingProvider.doubleIt(25) == 50);
        }
    }

    @Test
    public void testSaml1SelfSignedOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        assertTrue(bindingProvider.doubleIt(25) == 50);
    }

    @Test
    public void testSaml1SelfSignedOverTransportSP11() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        assertTrue(bindingProvider.doubleIt(25) == 50);
        createBus.shutdown(true);
    }

    @Test
    public void testAsymmetricSamlInitiator() throws Exception {
        if (this.unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
            SpringBusFactory.setDefaultBus(createBus);
            SpringBusFactory.setThreadDefaultBus(createBus);
            BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItAsymmetricSamlInitiatorPort"), DoubleItPortType.class);
            updateAddressPort(bindingProvider, PORT);
            SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
            samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
            assertTrue(bindingProvider.doubleIt(25) == 50);
        }
    }

    @Test
    public void testSaml2OverSymmetricSignedElements() throws Exception {
        if (this.unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
            SpringBusFactory.setDefaultBus(createBus);
            SpringBusFactory.setThreadDefaultBus(createBus);
            BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2SymmetricSignedElementsPort"), DoubleItPortType.class);
            updateAddressPort(bindingProvider, PORT);
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
            assertTrue(bindingProvider.doubleIt(25) == 50);
        }
    }

    @Test
    public void testSaml2EndorsingOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(bindingProvider.doubleIt(25) == 50);
    }

    @Test
    public void testSaml2EndorsingPKOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        samlCallbackHandler.setKeyInfoIdentifier(KeyInfoBean.CERT_IDENTIFIER.KEY_VALUE);
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(bindingProvider.doubleIt(25) == 50);
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2EndorsingOverTransportSP11() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(bindingProvider.doubleIt(25) == 50);
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2OverAsymmetricSignedEncrypted() throws Exception {
        if (this.unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
            SpringBusFactory.setDefaultBus(createBus);
            SpringBusFactory.setThreadDefaultBus(createBus);
            BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedPort"), DoubleItPortType.class);
            updateAddressPort(bindingProvider, PORT);
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
            assertTrue(bindingProvider.doubleIt(25) == 50);
        }
    }

    @Test
    public void testSaml2OverAsymmetricEncrypted() throws Exception {
        if (this.unrestrictedPoliciesInstalled) {
            Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
            SpringBusFactory.setDefaultBus(createBus);
            SpringBusFactory.setThreadDefaultBus(createBus);
            BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2AsymmetricEncryptedPort"), DoubleItPortType.class);
            updateAddressPort(bindingProvider, PORT);
            SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
            samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
            assertTrue(bindingProvider.doubleIt(25) == 50);
        }
    }

    @Test
    public void testSaml2EndorsingEncryptedOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(bindingProvider.doubleIt(25) == 50);
    }

    @Test
    public void testNoSamlToken() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        DoubleItPortType doubleItPortType = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItInlinePolicyPort"), DoubleItPortType.class);
        updateAddressPort(doubleItPortType, PORT2);
        try {
            doubleItPortType.doubleIt(25);
            fail("Failure expected on no SamlToken");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("The received token does not match the token inclusion requirement"));
        }
    }

    private boolean checkUnrestrictedPoliciesInstalled() {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23}, "AES");
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(1, secretKeySpec);
            cipher.doFinal(new byte[]{0, 1, 2, 3, 4, 5, 6, 7});
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
