package org.apache.cxf.systest.ws.wssc;

import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.systest.ws.common.KeystorePasswordCallback;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
import org.apache.cxf.systest.ws.common.TestParam;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.addressing.policy.MetadataConstants;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.DefaultSymmetricBinding;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.neethi.All;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.model.Attachments;
import org.apache.wss4j.policy.model.ProtectionToken;
import org.apache.wss4j.policy.model.SignedParts;
import org.apache.wss4j.policy.model.X509Token;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.w3c.dom.Element;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/cxf/systest/ws/wssc/WSSCUnitTest.class */
public class WSSCUnitTest extends AbstractBusClientServerTestBase {
    static final String PORT = allocatePort(UnitServer.class);
    static final String PORT2 = allocatePort(UnitServer.class, 2);
    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
    final TestParam test;

    /* loaded from: input_file:org/apache/cxf/systest/ws/wssc/WSSCUnitTest$TokenCallbackHandler.class */
    private static class TokenCallbackHandler implements CallbackHandler {
        private SecurityToken securityToken;

        private TokenCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callback;
                if (this.securityToken == null || !wSPasswordCallback.getIdentifier().equals(this.securityToken.getId())) {
                    new KeystorePasswordCallback().handle(callbackArr);
                } else {
                    wSPasswordCallback.setKey(this.securityToken.getSecret());
                }
            }
        }

        public void setSecurityToken(SecurityToken securityToken) {
            this.securityToken = securityToken;
        }
    }

    public WSSCUnitTest(TestParam testParam) {
        this.test = testParam;
    }

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("Server failed to launch", launchServer(UnitServer.class, true));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Parameterized.Parameters(name = "{0}")
    public static Collection<TestParam[]> data() {
        return Arrays.asList(new TestParam[]{new TestParam(PORT, false)}, new TestParam[]{new TestParam(PORT, true)});
    }

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
        stopAllServers();
    }

    @Test
    public void testEndorsingSecureConveration() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(WSSCUnitTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(WSSCUnitTest.class.getResource("DoubleItWSSC.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItTransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming(closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
    }

    @Test
    public void testEndorsingSecureConverationViaCode() throws Exception {
        Closeable closeable = (DoubleItPortType) Service.create(WSSCUnitTest.class.getResource("DoubleItWSSC.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItTransportPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming(closeable);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", WSSCUnitTest.class);
        Throwable th = null;
        try {
            try {
                keyStore.load(resourceAsStream, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                trustManagerFactory.init(keyStore);
                TLSClientParameters tLSClientParameters = new TLSClientParameters();
                tLSClientParameters.setTrustManagers(trustManagerFactory.getTrustManagers());
                tLSClientParameters.setDisableCNCheck(true);
                ClientProxy.getClient(closeable).getConduit().setTlsClientParameters(tLSClientParameters);
                STSClient sTSClient = new STSClient(BusFactory.newInstance().createBus());
                sTSClient.setTlsClientParameters(tLSClientParameters);
                ((BindingProvider) closeable).getRequestContext().put("security.sts.client", sTSClient);
                assertEquals(50L, closeable.doubleIt(25));
                closeable.close();
            } finally {
            }
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (th != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testEndorsingSecureConverationSP12() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(WSSCUnitTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(WSSCUnitTest.class.getResource("DoubleItWSSC.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItTransportSP12Port"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming(closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
    }

    @Test
    public void testIssueUnitTest() throws Exception {
        if (this.test.isStreaming()) {
            return;
        }
        Bus createBus = new SpringBusFactory().createBus(WSSCUnitTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        STSClient sTSClient = new STSClient(createBus);
        sTSClient.setSecureConv(true);
        sTSClient.setLocation("https://localhost:" + PORT + "/DoubleItTransport");
        Policy policy = new Policy();
        ExactlyOne exactlyOne = new ExactlyOne();
        policy.addPolicyComponent(exactlyOne);
        All all = new All();
        all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME, false));
        exactlyOne.addPolicyComponent(all);
        sTSClient.setPolicy(policy);
        sTSClient.requestSecurityToken("http://localhost:" + PORT + "/DoubleItTransport");
    }

    @Test
    public void testIssueAndCancelUnitTest() throws Exception {
        if (this.test.isStreaming()) {
            return;
        }
        Bus createBus = new SpringBusFactory().createBus(WSSCUnitTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        STSClient sTSClient = new STSClient(createBus);
        sTSClient.setSecureConv(true);
        sTSClient.setLocation("http://localhost:" + PORT2 + "/DoubleItSymmetric");
        sTSClient.setPolicy(createSymmetricBindingPolicy());
        HashMap hashMap = new HashMap();
        hashMap.put("security.encryption.username", "bob");
        TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler();
        hashMap.put("security.callback-handler", tokenCallbackHandler);
        hashMap.put("security.signature.properties", "alice.properties");
        hashMap.put("security.encryption.properties", "bob.properties");
        sTSClient.setProperties(hashMap);
        SecurityToken requestSecurityToken = sTSClient.requestSecurityToken("http://localhost:" + PORT2 + "/DoubleItSymmetric");
        assertNotNull(requestSecurityToken);
        tokenCallbackHandler.setSecurityToken(requestSecurityToken);
        assertTrue(sTSClient.cancelSecurityToken(requestSecurityToken));
    }

    @Test
    public void testIssueAndRenewUnitTest() throws Exception {
        if (this.test.isStreaming()) {
            return;
        }
        Bus createBus = new SpringBusFactory().createBus(WSSCUnitTest.class.getResource("client.xml").toString());
        SpringBusFactory.setDefaultBus(createBus);
        SpringBusFactory.setThreadDefaultBus(createBus);
        STSClient sTSClient = new STSClient(createBus);
        sTSClient.setSecureConv(true);
        sTSClient.setLocation("http://localhost:" + PORT2 + "/DoubleItSymmetric");
        sTSClient.setPolicy(createSymmetricBindingPolicy());
        HashMap hashMap = new HashMap();
        hashMap.put("security.encryption.username", "bob");
        TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler();
        hashMap.put("security.callback-handler", tokenCallbackHandler);
        hashMap.put("security.signature.properties", "alice.properties");
        hashMap.put("security.encryption.properties", "bob.properties");
        sTSClient.setProperties(hashMap);
        SecurityToken requestSecurityToken = sTSClient.requestSecurityToken("http://localhost:" + PORT2 + "/DoubleItSymmetric");
        assertNotNull(requestSecurityToken);
        tokenCallbackHandler.setSecurityToken(requestSecurityToken);
        assertNotNull(sTSClient.renewSecurityToken(requestSecurityToken));
    }

    private Policy createSymmetricBindingPolicy() {
        Policy policy = new Policy();
        ExactlyOne exactlyOne = new ExactlyOne();
        policy.addPolicyComponent(exactlyOne);
        All all = new All();
        all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME, false));
        exactlyOne.addPolicyComponent(all);
        X509Token x509Token = new X509Token(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER, (Element) null, (String) null, (Element) null, new Policy());
        Policy policy2 = new Policy();
        ExactlyOne exactlyOne2 = new ExactlyOne();
        policy2.addPolicyComponent(exactlyOne2);
        All all2 = new All();
        all2.addPolicyComponent(x509Token);
        exactlyOne2.addPolicyComponent(all2);
        Policy policy3 = new Policy();
        ExactlyOne exactlyOne3 = new ExactlyOne();
        policy3.addPolicyComponent(exactlyOne3);
        All all3 = new All();
        all3.addAssertion(new PrimitiveAssertion(new QName("http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702", "Basic128")));
        exactlyOne3.addPolicyComponent(all3);
        AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SPVersion.SP12, policy3);
        Policy policy4 = new Policy();
        ExactlyOne exactlyOne4 = new ExactlyOne();
        policy4.addPolicyComponent(exactlyOne4);
        All all4 = new All();
        all4.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, policy2));
        all4.addPolicyComponent(algorithmSuite);
        all4.addAssertion(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
        all4.addAssertion(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
        exactlyOne4.addPolicyComponent(all4);
        DefaultSymmetricBinding defaultSymmetricBinding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, policy4);
        defaultSymmetricBinding.setOnlySignEntireHeadersAndBody(true);
        defaultSymmetricBinding.setProtectTokens(false);
        all.addPolicyComponent(defaultSymmetricBinding);
        all.addPolicyComponent(new SignedParts(SPConstants.SPVersion.SP12, true, (Attachments) null, new ArrayList(), false));
        return policy;
    }
}
