package org.apache.cxf.systest.ws.ut;

import java.io.Closeable;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.soap.SOAPFaultException;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.systest.ws.basicauth.TestUserPasswordLoginModule;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
import org.apache.cxf.systest.ws.common.TestParam;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.policy.WSPolicyFeature;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/cxf/systest/ws/ut/UsernameTokenTest.class */
public class UsernameTokenTest extends AbstractBusClientServerTestBase {
    static final String PORT = allocatePort(Server.class);
    static final String STAX_PORT = allocatePort(StaxServer.class);
    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
    final TestParam test;

    public UsernameTokenTest(TestParam testParam) {
        this.test = testParam;
    }

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("Server failed to launch", launchServer(Server.class, true));
        assertTrue("Server failed to launch", launchServer(StaxServer.class, true));
    }

    @Parameterized.Parameters(name = "{0}")
    public static Collection<TestParam> data() {
        return Arrays.asList(new TestParam(PORT, false), new TestParam(PORT, true), new TestParam(STAX_PORT, false), new TestParam(STAX_PORT, true));
    }

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
        stopAllServers();
    }

    @Test
    public void testPlaintextTLSConfigViaCode() throws Exception {
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        ((BindingProvider) closeable).getRequestContext().put("security.username", TestUserPasswordLoginModule.TESTUSER);
        ((BindingProvider) closeable).getRequestContext().put("security.callback-handler", "org.apache.cxf.systest.ws.common.UTPasswordCallback");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", UsernameTokenTest.class);
        Throwable th = null;
        try {
            keyStore.load(resourceAsStream, "password".toCharArray());
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            trustManagerFactory.init(keyStore);
            TLSClientParameters tLSClientParameters = new TLSClientParameters();
            tLSClientParameters.setTrustManagers(trustManagerFactory.getTrustManagers());
            tLSClientParameters.setDisableCNCheck(true);
            ClientProxy.getClient(closeable).getConduit().setTlsClientParameters(tLSClientParameters);
            assertEquals(50L, closeable.doubleIt(25));
            closeable.close();
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testPlaintextCodeFirst() throws Exception {
        String str = "https://localhost:" + PORT + "/DoubleItUTPlaintext";
        QName qName = new QName(NAMESPACE, "DoubleItPlaintextPort");
        WSPolicyFeature wSPolicyFeature = new WSPolicyFeature();
        wSPolicyFeature.setPolicyElements(Collections.singletonList(StaxUtils.read(getClass().getResourceAsStream("plaintext-pass-timestamp-policy.xml")).getDocumentElement()));
        JaxWsProxyFactoryBean jaxWsProxyFactoryBean = new JaxWsProxyFactoryBean();
        jaxWsProxyFactoryBean.setFeatures(Collections.singletonList(wSPolicyFeature));
        jaxWsProxyFactoryBean.setAddress(str);
        jaxWsProxyFactoryBean.setServiceName(SERVICE_QNAME);
        jaxWsProxyFactoryBean.setEndpointName(qName);
        jaxWsProxyFactoryBean.setServiceClass(DoubleItPortType.class);
        Closeable closeable = (DoubleItPortType) jaxWsProxyFactoryBean.create();
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        ((BindingProvider) closeable).getRequestContext().put("security.username", TestUserPasswordLoginModule.TESTUSER);
        ((BindingProvider) closeable).getRequestContext().put("security.callback-handler", "org.apache.cxf.systest.ws.common.UTPasswordCallback");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", UsernameTokenTest.class);
        Throwable th = null;
        try {
            try {
                keyStore.load(resourceAsStream, "password".toCharArray());
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
                trustManagerFactory.init(keyStore);
                TLSClientParameters tLSClientParameters = new TLSClientParameters();
                tLSClientParameters.setTrustManagers(trustManagerFactory.getTrustManagers());
                tLSClientParameters.setDisableCNCheck(true);
                ClientProxy.getClient(closeable).getConduit().setTlsClientParameters(tLSClientParameters);
                assertEquals(50L, closeable.doubleIt(25));
                closeable.close();
            } finally {
            }
        } catch (Throwable th3) {
            if (resourceAsStream != null) {
                if (th != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testPlaintext() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testPlaintextCreated() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextCreatedPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testPlaintextSupporting() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextSupportingPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testPlaintextSupportingSP11() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextSupportingSP11Port"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testPasswordHashed() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItHashedPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testNoPassword() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItNoPasswordPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSignedEndorsing() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSignedEndorsingPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testSignedEncrypted() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItSignedEncryptedPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testEncrypted() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItEncryptedPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        assertEquals(50L, closeable.doubleIt(25));
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testNoUsernameToken() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItInlinePolicyPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) closeable);
        }
        try {
            closeable.doubleIt(25);
            fail("Failure expected on no UsernameToken");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("The received token does not match the token inclusion requirement") || e.getMessage().contains("UsernameToken not satisfied"));
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testPasswordHashedReplay() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItHashedPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (!this.test.isStreaming()) {
            ClientProxy.getClient(closeable).getOutInterceptors().add(new SecurityHeaderCacheInterceptor());
            assertEquals(50L, closeable.doubleIt(25));
            try {
                closeable.doubleIt(25);
                fail("Failure expected on a replayed UsernameToken");
            } catch (SOAPFaultException e) {
                assertTrue(e.getMessage().contains("A security error was encountered when verifying the message"));
            }
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testPasswordHashedNoBindingReplay() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        Closeable closeable = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItDigestNoBindingPort"), DoubleItPortType.class);
        updateAddressPort(closeable, this.test.getPort());
        if (!this.test.isStreaming() && PORT.equals(this.test.getPort())) {
            ClientProxy.getClient(closeable).getOutInterceptors().add(new SecurityHeaderCacheInterceptor());
            assertEquals(50L, closeable.doubleIt(25));
            try {
                closeable.doubleIt(25);
                fail("Failure expected on a replayed UsernameToken");
            } catch (SOAPFaultException e) {
                assertTrue(e.getMessage().equals("A security error was encountered when verifying the message"));
            }
        }
        closeable.close();
        createBus.shutdown(true);
    }

    @Test
    public void testPlaintextPrincipal() throws Exception {
        Bus createBus = new SpringBusFactory().createBus(UsernameTokenTest.class.getResource("client.xml").toString());
        BusFactory.setDefaultBus(createBus);
        BusFactory.setThreadDefaultBus(createBus);
        BindingProvider bindingProvider = (DoubleItPortType) Service.create(UsernameTokenTest.class.getResource("DoubleItUt.wsdl"), SERVICE_QNAME).getPort(new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort"), DoubleItPortType.class);
        updateAddressPort(bindingProvider, this.test.getPort());
        if (this.test.isStreaming()) {
            SecurityTestUtil.enableStreaming((DoubleItPortType) bindingProvider);
        }
        bindingProvider.getRequestContext().put("security.username", TestUserPasswordLoginModule.TESTUSER);
        assertEquals(50L, bindingProvider.doubleIt(25));
        try {
            bindingProvider.getRequestContext().put("security.username", "Frank");
            bindingProvider.doubleIt(30);
            fail("Failure expected on a user with the wrong role");
        } catch (SOAPFaultException e) {
            assertTrue(e.getMessage().contains("Unauthorized"));
        }
        ((Closeable) bindingProvider).close();
        createBus.shutdown(true);
    }
}
