package org.apache.wss4j.dom.saml;

import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.TreeMap;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.common.SAMLElementCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSAMLToken;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.joda.time.DateTime;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.opensaml.Configuration;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.schema.XSInteger;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/saml/SamlTokenTest.class */
public class SamlTokenTest extends Assert {
    private static final Logger LOG = LoggerFactory.getLogger(SamlTokenTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public SamlTokenTest() {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSSecurityEngine.SAML_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidator(WSSecurityEngine.SAML2_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidateSamlSubjectConfirmation(false);
        this.secEngine.setWssConfig(newInstance);
    }

    @Test
    public void testSAML1AuthnAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAML1CallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
        assertTrue(samlAssertionWrapper.getSignatureValue() == null);
    }

    @Test
    public void testSAML1AuthnAssertionViaElement() throws Exception {
        SAMLElementCallbackHandler sAMLElementCallbackHandler = new SAMLElementCallbackHandler();
        sAMLElementCallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAMLElementCallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
        assertTrue(samlAssertionWrapper.getSignatureValue() == null);
    }

    @Test
    public void testSAML1AttrAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAML1CallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML1AuthzAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setResource("http://resource.org");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAML1CallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2AuthnAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAML2CallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2AttrAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAML2CallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2AuthzAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setResource("http://resource.org");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAML2CallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSaml1Action() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        TreeMap treeMap = new TreeMap();
        treeMap.put("samlCallbackRef", new SAML1CallbackHandler());
        requestData.setMsgContext(treeMap);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        new CustomHandler().send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(8)), true);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(sOAPPart);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Unsigned SAML 1.1 authentication assertion via an Action:");
            LOG.debug(PrettyDocumentToString);
        }
        assertFalse(PrettyDocumentToString.contains("Signature"));
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(sOAPPart), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML1AuthnBadIssuerAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example2.com");
        createAndVerifyMessage(sAML1CallbackHandler, false);
    }

    @Test
    public void testSAML2AuthnBadIssuerAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example2.com");
        createAndVerifyMessage(sAML2CallbackHandler, false);
    }

    @Test
    public void testSAML1SubjectNameIDFormat() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectNameIDFormat() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML1SubjectLocality() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("12.34.56.78"));
        assertTrue(PrettyDocumentToString.contains("test-dns"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SessionNotOnOrAfter() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setSessionNotOnOrAfter(new DateTime().plusHours(1));
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2.0 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("SessionNotOnOrAfter"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectLocality() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("12.34.56.78"));
        assertTrue(PrettyDocumentToString.contains("test-dns"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML1Resource() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setResource("http://resource.org");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authz Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("http://resource.org"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AttrAssertionCustomAttribute() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        Conditions buildObject = builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME).buildObject();
        DateTime dateTime = new DateTime();
        buildObject.setNotBefore(dateTime);
        buildObject.setNotOnOrAfter(dateTime.plusMinutes(5));
        XSAny buildObject2 = builderFactory.getBuilder(XSAny.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
        buildObject2.getUnknownXMLObjects().add(buildObject);
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildObject2);
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Attr Assertion (sender vouches):");
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AttrAssertionIntegerAttribute() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        XSInteger buildObject = Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
        buildObject.setValue(5);
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildObject);
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(createAndVerifyMessage(sAML2CallbackHandler, true), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper != null);
        assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2SubjectConfirmationData() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean();
        subjectConfirmationDataBean.setAddress("http://apache.org");
        subjectConfirmationDataBean.setInResponseTo("12345");
        subjectConfirmationDataBean.setNotAfter(new DateTime().plusMinutes(5));
        subjectConfirmationDataBean.setRecipient("http://recipient.apache.org");
        sAML2CallbackHandler.setSubjectConfirmationData(subjectConfirmationDataBean);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("http://recipient.apache.org"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2EncryptedAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        wSSecSAMLToken.prepare(sOAPPart, samlAssertionWrapper);
        Element element = wSSecSAMLToken.getElement();
        Element createElementNS = sOAPPart.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "EncryptedAssertion");
        createElementNS.appendChild(element);
        wSSecHeader.getSecurityHeader().appendChild(createElementNS);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        X509Certificate[] x509Certificates = cryptoFactory.getX509Certificates(cryptoType);
        assertTrue((x509Certificates == null || x509Certificates.length <= 0 || x509Certificates[0] == null) ? false : true);
        encryptElement(sOAPPart, element, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", generateKey, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", x509Certificates[0], false, true);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(sOAPPart));
        }
        List processSecurityHeader = this.secEngine.processSecurityHeader(sOAPPart, (String) null, new KeystoreCallbackHandler(), cryptoFactory);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(processSecurityHeader, 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.getElement() != null);
        assertTrue("Assertion".equals(samlAssertionWrapper2.getElement().getLocalName()));
        assertTrue(WSSecurityUtil.fetchActionResult(processSecurityHeader, 4) != null);
    }

    @Test
    public void testSAML2EncryptedAssertionNoSTR() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        wSSecSAMLToken.prepare(sOAPPart, samlAssertionWrapper);
        Element element = wSSecSAMLToken.getElement();
        Element createElementNS = sOAPPart.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "EncryptedAssertion");
        createElementNS.appendChild(element);
        wSSecHeader.getSecurityHeader().appendChild(createElementNS);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        X509Certificate[] x509Certificates = cryptoFactory.getX509Certificates(cryptoType);
        assertTrue((x509Certificates == null || x509Certificates.length <= 0 || x509Certificates[0] == null) ? false : true);
        encryptElement(sOAPPart, element, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", generateKey, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", x509Certificates[0], false, false);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(sOAPPart));
        }
        RequestData requestData = new RequestData();
        requestData.setDecCrypto(cryptoFactory);
        ArrayList arrayList = new ArrayList();
        arrayList.add(BSPRule.R5426);
        requestData.setIgnoredBSPRules(arrayList);
        requestData.setCallbackHandler(new KeystoreCallbackHandler());
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSSecurityEngine.SAML_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidator(WSSecurityEngine.SAML2_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidateSamlSubjectConfirmation(false);
        wSSecurityEngine.setWssConfig(newInstance);
        List processSecurityHeader = wSSecurityEngine.processSecurityHeader(sOAPPart, "", requestData);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(processSecurityHeader, 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.getElement() != null);
        assertTrue("Assertion".equals(samlAssertionWrapper2.getElement().getLocalName()));
        assertTrue(WSSecurityUtil.fetchActionResult(processSecurityHeader, 4) != null);
    }

    @Test
    public void testAssertionWrapper() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        String assertionToString = new SamlAssertionWrapper(sAMLCallback).assertionToString();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        assertEquals(assertionToString, new SamlAssertionWrapper(newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(assertionToString.getBytes())).getDocumentElement()).assertionToString());
    }

    @Test
    public void testRequiredSubjectConfirmationMethod() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        WSSConfig newInstance = WSSConfig.getNewInstance();
        SamlAssertionValidator samlAssertionValidator = new SamlAssertionValidator();
        samlAssertionValidator.setRequiredSubjectConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:sender-vouches");
        newInstance.setValidator(WSSecurityEngine.SAML_TOKEN, samlAssertionValidator);
        newInstance.setValidator(WSSecurityEngine.SAML2_TOKEN, samlAssertionValidator);
        newInstance.setValidateSamlSubjectConfirmation(false);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        wSSecurityEngine.processSecurityHeader(build, (String) null, (CallbackHandler) null, (Crypto) null);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        SAMLCallback sAMLCallback2 = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback2);
        SamlAssertionWrapper samlAssertionWrapper2 = new SamlAssertionWrapper(sAMLCallback2);
        WSSecSAMLToken wSSecSAMLToken2 = new WSSecSAMLToken();
        Document sOAPPart2 = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader2 = new WSSecHeader();
        wSSecHeader2.insertSecurityHeader(sOAPPart2);
        try {
            wSSecurityEngine.processSecurityHeader(wSSecSAMLToken2.build(sOAPPart2, samlAssertionWrapper2, wSSecHeader2), (String) null, (CallbackHandler) null, (Crypto) null);
            fail("Failure expected on an incorrect subject confirmation method");
        } catch (WSSecurityException e) {
        }
    }

    @Test
    public void testStandardSubjectConfirmationMethod() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:custom");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(build, (String) null, (CallbackHandler) null, (Crypto) null);
            fail("Failure expected on an unknown subject confirmation method");
        } catch (WSSecurityException e) {
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        SamlAssertionValidator samlAssertionValidator = new SamlAssertionValidator();
        samlAssertionValidator.setRequireStandardSubjectConfirmationMethod(false);
        newInstance.setValidator(WSSecurityEngine.SAML_TOKEN, samlAssertionValidator);
        newInstance.setValidator(WSSecurityEngine.SAML2_TOKEN, samlAssertionValidator);
        newInstance.setValidateSamlSubjectConfirmation(false);
        wSSecurityEngine.setWssConfig(newInstance);
        wSSecurityEngine.processSecurityHeader(build, (String) null, (CallbackHandler) null, (Crypto) null);
    }

    @Test
    public void testUnsignedBearer() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(build, (String) null, (CallbackHandler) null, (Crypto) null);
            fail("Failure expected on an unsigned bearer token");
        } catch (WSSecurityException e) {
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        SamlAssertionValidator samlAssertionValidator = new SamlAssertionValidator();
        samlAssertionValidator.setRequireBearerSignature(false);
        newInstance.setValidator(WSSecurityEngine.SAML_TOKEN, samlAssertionValidator);
        newInstance.setValidator(WSSecurityEngine.SAML2_TOKEN, samlAssertionValidator);
        newInstance.setValidateSamlSubjectConfirmation(false);
        wSSecurityEngine.setWssConfig(newInstance);
        wSSecurityEngine.processSecurityHeader(build, (String) null, (CallbackHandler) null, (Crypto) null);
    }

    @Test
    public void testSAML2Advice() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        Element dom = samlAssertionWrapper.toDOM(sOAPPart);
        SAML2CallbackHandler sAML2CallbackHandler2 = new SAML2CallbackHandler();
        sAML2CallbackHandler2.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler2.setIssuer("www.example.com");
        sAML2CallbackHandler2.setAssertionAdviceElement(dom);
        SAMLCallback sAMLCallback2 = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler2, sAMLCallback2);
        SamlAssertionWrapper samlAssertionWrapper2 = new SamlAssertionWrapper(sAMLCallback2);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper2, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("Advice"));
        SamlAssertionWrapper samlAssertionWrapper3 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify(build), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper3 != null);
        assertFalse(samlAssertionWrapper3.isSigned());
    }

    @Test
    public void testSAML2SpecialCharacter() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectName("uid=jöe,ou=people,ou=saml-demo,o=example.com");
        ArrayList arrayList = new ArrayList(1);
        arrayList.add("jöan");
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader));
        if (LOG.isDebugEnabled()) {
            LOG.debug(PrettyDocumentToString);
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidateSamlSubjectConfirmation(false);
        wSSecurityEngine.setWssConfig(newInstance);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, (CallbackHandler) null, (Crypto) null), 8).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertFalse(samlAssertionWrapper2.isSigned());
    }

    private void encryptElement(Document document, Element element, String str, Key key, String str2, X509Certificate x509Certificate, boolean z, boolean z2) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance(str);
        xMLCipher.init(1, key);
        if (x509Certificate != null) {
            XMLCipher xMLCipher2 = XMLCipher.getInstance(str2);
            xMLCipher2.init(3, x509Certificate.getPublicKey());
            EncryptedKey encryptKey = xMLCipher2.encryptKey(document, key);
            KeyInfo keyInfo = encryptKey.getKeyInfo();
            if (keyInfo == null) {
                keyInfo = new KeyInfo(document);
                keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
                encryptKey.setKeyInfo(keyInfo);
            }
            if (z2) {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
                securityTokenReference.addWSSENamespace();
                securityTokenReference.setKeyIdentifierSKI(x509Certificate, (Crypto) null);
                keyInfo.addUnknownElement(securityTokenReference.getElement());
            } else {
                X509Data x509Data = new X509Data(document);
                x509Data.addIssuerSerial(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber());
                keyInfo.add(x509Data);
            }
            EncryptedData encryptedData = xMLCipher.getEncryptedData();
            KeyInfo keyInfo2 = encryptedData.getKeyInfo();
            if (keyInfo2 == null) {
                keyInfo2 = new KeyInfo(document);
                keyInfo2.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
                encryptedData.setKeyInfo(keyInfo2);
            }
            keyInfo2.add(encryptKey);
        }
        xMLCipher.doFinal(document, element, z);
    }

    private List<WSSecurityEngineResult> createAndVerifyMessage(CallbackHandler callbackHandler, boolean z) throws Exception {
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSAMLToken.build(sOAPPart, samlAssertionWrapper, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.PrettyDocumentToString(build));
        }
        try {
            List<WSSecurityEngineResult> verify = verify(build);
            if (!z) {
                fail("Failure expected in processing the SAML assertion");
            }
            return verify;
        } catch (WSSecurityException e) {
            assertFalse(z);
            assertTrue(e.getMessage().contains("SAML token security failure"));
            return null;
        }
    }

    private List<WSSecurityEngineResult> verify(Document document) throws Exception {
        List<WSSecurityEngineResult> processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, (CallbackHandler) null, (Crypto) null);
        assertTrue(XMLUtils.PrettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }
}
