package org.apache.cxf.systest.ws.saml;

import java.io.Closeable;
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.soap.SOAPFaultException;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
import org.apache.cxf.systest.ws.saml.client.SamlElementCallbackHandler;
import org.apache.cxf.systest.ws.saml.client.SamlRoleCallbackHandler;
import org.apache.cxf.systest.ws.saml.server.Server;
import org.apache.cxf.systest.ws.ut.SecurityHeaderCacheInterceptor;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.ws.security.saml.ext.bean.AudienceRestrictionBean;
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/ws/saml/SamlTokenTest.class */
public class SamlTokenTest extends AbstractBusClientServerTestBase {
    static final String PORT = allocatePort(Server.class);
    static final String PORT2 = allocatePort(Server.class, 2);
    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("Server failed to launch", launchServer(Server.class, true));
    }

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
        stopAllServers();
    }

    @Test
    public void testSaml1OverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Service create = Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME);
        BindingProvider bindingProvider = (DoubleItPortType) create.getPort(new QName(NAMESPACE, "DoubleItSaml1TransportPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with no SAML Assertion");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("No SAML CallbackHandler available"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with a SAML2 Assertion");
        } catch (SOAPFaultException e2) {
            assertTrue(e2.getMessage().contains("Wrong SAML Version"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        assertTrue(bindingProvider.doubleIt(25) == 50);
        Closeable closeable = (DoubleItPortType) create.getPort(new QName(NAMESPACE, "DoubleItSaml1TransportPort2"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        try {
            closeable.doubleIt(25);
            fail("Failure expected on no token");
        } catch (SOAPFaultException e3) {
            assertTrue(e3.getMessage().contains("The received token does not match the token inclusion requirement"));
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml1Supporting() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1SupportingPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        ((BindingProvider) closeable).getRequestContext().put("ws-security.self-sign-saml-assertion", true);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.signature.username", "alice");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.signature.properties", "org/apache/cxf/systest/ws/wssec10/client/alice.properties");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.callback-handler", "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml1SupportingSelfSigned() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1SupportingPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        ((BindingProvider) closeable).getRequestContext().put("ws-security.self-sign-saml-assertion", true);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.signature.username", "alice");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.signature.properties", "org/apache/cxf/systest/ws/wssec10/client/alice.properties");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.callback-handler", "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml1ElementOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1TransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        try {
            closeable.doubleIt(25);
            fail("Expected failure on an invocation with no SAML Assertion");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("No SAML CallbackHandler available"));
        }
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlElementCallbackHandler(false));
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2OverSymmetric() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2SymmetricPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT);
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with no SAML Assertion");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("No SAML CallbackHandler available"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with a SAML1 Assertion");
        } catch (SOAPFaultException e2) {
            assertTrue(e2.getMessage().contains("Wrong SAML Version"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        assertTrue(bindingProvider.doubleIt(25) == 50);
        try {
            SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
            samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
            bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with a invalid SAML2 Assertion");
        } catch (SOAPFaultException e3) {
        }
        ((Closeable) bindingProvider).close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2OverSymmetricSupporting() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2SymmetricSupportingPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        try {
            closeable.doubleIt(25);
            fail("Expected failure on an invocation with an unsigned SAML SV Assertion");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("Assertion fails sender-vouches requirements"));
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2OverAsymmetric() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Service create = Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME);
        BindingProvider bindingProvider = (DoubleItPortType) create.getPort(new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT);
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with no SAML Assertion");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("No SAML CallbackHandler available"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        try {
            bindingProvider.doubleIt(25);
            fail("Expected failure on an invocation with a SAML1 Assertion");
        } catch (SOAPFaultException e2) {
            assertTrue(e2.getMessage().contains("Wrong SAML Version"));
        }
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        assertTrue(bindingProvider.doubleIt(25) == 50);
        Closeable closeable = (DoubleItPortType) create.getPort(new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort2"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        try {
            closeable.doubleIt(25);
            fail("Failure expected on no token");
        } catch (SOAPFaultException e3) {
            assertTrue(e3.getMessage().contains("The received token does not match the token inclusion requirement"));
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml1SelfSignedOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml1SelfSignedOverTransportSP11() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler(false));
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testAsymmetricSamlInitiator() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItAsymmetricSamlInitiatorPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2OverSymmetricSignedElements() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2SymmetricSignedElementsPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2EndorsingOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2EndorsingPKOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        samlCallbackHandler.setKeyInfoIdentifier(KeyInfoBean.CERT_IDENTIFIER.KEY_VALUE);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2EndorsingOverTransportSP11() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2OverAsymmetricSignedEncrypted() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2OverAsymmetricEncrypted() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2AsymmetricEncryptedPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2EndorsingEncryptedOverTransport() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        assertTrue(closeable.doubleIt(25) == 50);
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testNoSamlToken() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItInlinePolicyPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        try {
            closeable.doubleIt(25);
            fail("Failure expected on no SamlToken");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("The received token does not match the token inclusion requirement"));
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2PEP() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2PEPPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT);
        try {
            closeable.doubleIt(25);
            fail("Failure expected as Assertion doesn't contain Role information");
        } catch (SOAPFaultException e) {
        }
        SamlRoleCallbackHandler samlRoleCallbackHandler = new SamlRoleCallbackHandler();
        samlRoleCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.self-sign-saml-assertion", true);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.signature.username", "alice");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.signature.properties", "org/apache/cxf/systest/ws/wssec10/client/alice.properties");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.callback-handler", "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
        samlRoleCallbackHandler.setRoleName("manager");
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlRoleCallbackHandler);
        assertTrue(closeable.doubleIt(25) == 50);
        samlRoleCallbackHandler.setRoleName("boss");
        try {
            closeable.doubleIt(25);
            fail("Failure expected as Assertion doesn't contain correct role");
        } catch (SOAPFaultException e2) {
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSaml2Replay() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSaml2TransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, PORT2);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", new SamlCallbackHandler());
        Client client = ClientProxy.getClient(closeable);
        SecurityHeaderCacheInterceptor securityHeaderCacheInterceptor = new SecurityHeaderCacheInterceptor();
        client.getOutInterceptors().add(securityHeaderCacheInterceptor);
        closeable.doubleIt(25);
        closeable.doubleIt(25);
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        conditionsBean.setOneTimeUse(true);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConditions(conditionsBean);
        ((BindingProvider) closeable).getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        client.getOutInterceptors().remove(securityHeaderCacheInterceptor);
        client.getOutInterceptors().add(new SecurityHeaderCacheInterceptor());
        closeable.doubleIt(25);
        try {
            closeable.doubleIt(25);
            fail("Failure expected on a replayed SAML Assertion");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("A replay attack has been detected"));
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testAudienceRestriction() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Service create = Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME);
        BindingProvider bindingProvider = (DoubleItPortType) create.getPort(new QName(NAMESPACE, "DoubleItSaml2TransportPort2"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        ConditionsBean conditionsBean = new ConditionsBean();
        ArrayList arrayList = new ArrayList();
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(Collections.singletonList("https://localhost:" + PORT2 + "/DoubleItSaml2Transport2"));
        arrayList.add(audienceRestrictionBean);
        conditionsBean.setAudienceRestrictions(arrayList);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConditions(conditionsBean);
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        bindingProvider.doubleIt(25);
        try {
            AudienceRestrictionBean audienceRestrictionBean2 = new AudienceRestrictionBean();
            audienceRestrictionBean2.setAudienceURIs(Collections.singletonList("https://localhost:" + PORT2 + "/DoubleItSaml2Transport2unknown"));
            arrayList.clear();
            arrayList.add(audienceRestrictionBean2);
            conditionsBean.setAudienceRestrictions(arrayList);
            samlCallbackHandler.setConditions(conditionsBean);
            BindingProvider bindingProvider2 = (DoubleItPortType) create.getPort(new QName(NAMESPACE, "DoubleItSaml2TransportPort3"), DoubleItPortType.class);
            updateAddressPort(bindingProvider2, PORT2);
            bindingProvider2.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
            bindingProvider2.doubleIt(25);
            fail("Failure expected on unknown AudienceRestriction");
        } catch (SOAPFaultException e) {
        }
    }

    @Test
    public void testAudienceRestrictionServiceName() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(SamlTokenTest.class.getResource("client/client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Service create = Service.create(SamlTokenTest.class.getResource("DoubleItSaml.wsdl"), SERVICE_QNAME);
        BindingProvider bindingProvider = (DoubleItPortType) create.getPort(new QName(NAMESPACE, "DoubleItSaml2TransportPort2"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, PORT2);
        ConditionsBean conditionsBean = new ConditionsBean();
        ArrayList arrayList = new ArrayList();
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(Collections.singletonList(create.getServiceName().toString()));
        arrayList.add(audienceRestrictionBean);
        conditionsBean.setAudienceRestrictions(arrayList);
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setConditions(conditionsBean);
        bindingProvider.getRequestContext().put("ws-security.saml-callback-handler", samlCallbackHandler);
        bindingProvider.doubleIt(25);
    }
}
