package org.apache.wss4j.dom.message;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.TreeMap;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.WSTimeSource;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.EncodedPasswordCallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.apache.xml.security.utils.Base64;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/wss4j/dom/message/UsernameTokenTest.class */
public class UsernameTokenTest extends Assert implements CallbackHandler {
    private static final Logger LOG = LoggerFactory.getLogger(UsernameTokenTest.class);
    private static final String SOAPUTMSG = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Header><wsse:Security SOAP-ENV:mustUnderstand=\"1\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:UsernameToken wsu:Id=\"UsernameToken-29477163\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:Username>wernerd</wsse:Username><wsse:Password>verySecret</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body>\r\n       \r\n</SOAP-ENV:Envelope>";
    private static final String SOAPUTNOUSERMSG = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Header><wsse:Security SOAP-ENV:mustUnderstand=\"1\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:UsernameToken wsu:Id=\"UsernameToken-29477163\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:Username></wsse:Username><wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\"></wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body>\r\n       \r\n</SOAP-ENV:Envelope>";
    private static final String EMPTY_PASSWORD_MSG = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Header><wsse:Security SOAP-ENV:mustUnderstand=\"1\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:UsernameToken wsu:Id=\"UsernameToken-1\" xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:Username>emptyuser</wsse:Username><wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\"/></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body>\r\n       \r\n</SOAP-ENV:Envelope>";
    private CallbackHandler callbackHandler = new UsernamePasswordCallbackHandler();

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    @Test
    public void testUsernameTokenDigest() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        LOG.info("Before adding UsernameToken PW Digest....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Digest:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        LOG.info("After adding UsernameToken PW Digest....");
        UsernameToken usernameToken = (UsernameToken) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(1)).get(0)).get("username-token");
        assertTrue(usernameToken != null);
        UsernameToken usernameToken2 = new UsernameToken(usernameToken.getElement(), false, new BSPEnforcer());
        assertTrue(usernameToken2.equals(usernameToken));
        assertTrue(usernameToken2.hashCode() == usernameToken.hashCode());
    }

    @Test
    public void testUsernameTokenWithEncodedPasswordBaseline() throws Exception {
        assertEquals("the password digest is not as expected", "C0rena/6gKpRZ9ATj+e6ss5sAbQ=", UsernameToken.doPasswordDigest("0x7bXAPZVn40AdCD0Xbt0g==", "2010-06-28T15:16:37Z", MessageDigest.getInstance("SHA-1").digest("password".getBytes(StandardCharsets.UTF_8))));
    }

    @Test
    public void testUsernameTokenWithEncodedPassword() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordsAreEncoded(true);
        wSSecUsernameToken.setUserInfo("wernerd", Base64.encode(MessageDigest.getInstance("SHA-1").digest("verySecret".getBytes(StandardCharsets.UTF_8))));
        LOG.info("Before adding UsernameToken PW Digest....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Digest:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        LOG.info("After adding UsernameToken PW Digest....");
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setEncodePasswords(true);
        requestData.setCallbackHandler(new EncodedPasswordCallbackHandler());
        wSSecurityEngine.processSecurityHeader(build, requestData);
    }

    @Test
    public void testUsernameTokenBadUsername() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("badusername", "verySecret");
        LOG.info("Before adding UsernameToken PW Digest....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Digest:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        LOG.info("After adding UsernameToken PW Digest....");
        try {
            verify(build);
            fail("Failure expected on a bad username");
        } catch (WSSecurityException e) {
            assertFalse(e.getMessage().contains("badusername"));
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testUsernameTokenBadDigest() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("wernerd", "verySecre");
        LOG.info("Before adding UsernameToken PW Digest....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Digest:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        LOG.info("After adding UsernameToken PW Digest....");
        try {
            verify(build);
            fail("Failure expected on a bad password digest");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testOldUsernameToken() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        RequestData requestData = new RequestData();
        requestData.setUtTTL(-1);
        requestData.setCallbackHandler(this.callbackHandler);
        try {
            new WSSecurityEngine().processSecurityHeader(sOAPPart, requestData);
            fail("The UsernameToken validation should have failed");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
        }
    }

    @Test
    public void testNearFutureCreated() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Element createElementNS = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:UsernameToken");
        Element createElementNS2 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Username");
        createElementNS2.appendChild(sOAPPart.createTextNode("wernerd"));
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Password");
        createElementNS3.setAttributeNS(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        createElementNS3.appendChild(sOAPPart.createTextNode("verySecret"));
        createElementNS.appendChild(createElementNS3);
        Element createElementNS4 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Created");
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        Date date = new Date();
        date.setTime(date.getTime() + 30000);
        createElementNS4.appendChild(sOAPPart.createTextNode(xmlSchemaDateFormat.format(date)));
        createElementNS.appendChild(createElementNS4);
        wSSecHeader.getSecurityHeader().appendChild(createElementNS);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
        try {
            RequestData requestData = new RequestData();
            requestData.setUtFutureTTL(0);
            requestData.setCallbackHandler(this.callbackHandler);
            wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
            fail("The UsernameToken validation should have failed");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
        }
    }

    @Test
    public void testFutureCreated() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Element createElementNS = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:UsernameToken");
        Element createElementNS2 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Username");
        createElementNS2.appendChild(sOAPPart.createTextNode("wernerd"));
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Password");
        createElementNS3.setAttributeNS(null, "Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        createElementNS3.appendChild(sOAPPart.createTextNode("verySecret"));
        createElementNS.appendChild(createElementNS3);
        Element createElementNS4 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Created");
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        Date date = new Date();
        date.setTime(date.getTime() + 120000);
        createElementNS4.appendChild(sOAPPart.createTextNode(xmlSchemaDateFormat.format(date)));
        createElementNS.appendChild(createElementNS4);
        wSSecHeader.getSecurityHeader().appendChild(createElementNS);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        try {
            new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
            fail("The UsernameToken validation should have failed");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
        }
    }

    @Test
    public void testUsernameTokenText() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        LOG.info("Before adding UsernameToken PW Text....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Text:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        LOG.info("After adding UsernameToken PW Text....");
        UsernameToken usernameToken = (UsernameToken) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(1)).get(0)).get("username-token");
        assertTrue(usernameToken != null);
        UsernameToken usernameToken2 = new UsernameToken(usernameToken.getElement(), false, new BSPEnforcer());
        assertTrue(usernameToken2.equals(usernameToken));
        assertTrue(usernameToken2.hashCode() == usernameToken.hashCode());
    }

    @Test
    public void testUsernameTokenDigestText() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        byte[] bytes = "verySecret".getBytes();
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.reset();
        messageDigest.update(bytes);
        wSSecUsernameToken.setUserInfo("wernerd", Base64.encode(messageDigest.digest()));
        LOG.info("Before adding UsernameToken PW Text....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Text:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
    }

    @Test
    public void testUsernameTokenBadText() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecre");
        LOG.info("Before adding UsernameToken PW Text....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Text:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        LOG.info("After adding UsernameToken PW Text....");
        try {
            verify(build);
            fail("Failure expected on a bad password text");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testUsernameTokenNoPasswordType() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUTMSG);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
            fail("Expected failure as it is not BSP compliant");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4201));
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testUsernameTokenNoUser() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUTNOUSERMSG);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        try {
            verify(sOAPPart);
            fail("Failure expected on no password");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testUsernameTokenNoPassword() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType((String) null);
        wSSecUsernameToken.setUserInfo("nopassuser", (String) null);
        LOG.info("Before adding UsernameToken with no password....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        assertTrue(((UsernameToken) ((WSSecurityEngineResult) ((List) verify(build, true).getActionResults().get(8192)).get(0)).get("username-token")) != null);
    }

    @Test
    public void testUsernameTokenEmptyPassword() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        wSSecUsernameToken.setUserInfo("emptyuser", "");
        LOG.info("Before adding UsernameToken with an empty password....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, this, (Crypto) null);
    }

    @Test
    public void testEmptyPasswordProcessing() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(EMPTY_PASSWORD_MSG);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Empty password message: ");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, this, (Crypto) null);
    }

    @Test
    public void testUsernameTokenCustomFail() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("RandomType");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW Text:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            new WSSecurityEngine().processSecurityHeader(build, (String) null, this, (Crypto) null);
            fail("Custom token types are not permitted");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testUsernameTokenCustomPass() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("RandomType");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Message with UserNameToken PW custom type:");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setHandleCustomPasswordTypes(true);
        requestData.setCallbackHandler(this.callbackHandler);
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testNullNonce() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        wSSecUsernameToken.setUserInfo("wernerd", "BAD_PASSWORD");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.getUsernameTokenElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Nonce").item(0).getFirstChild().setNodeValue("");
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Expected failure due to a bad password");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testNullCreated() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        wSSecUsernameToken.setUserInfo("wernerd", "BAD_PASSWORD");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        wSSecUsernameToken.getUsernameTokenElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Created").item(0).getFirstChild().setNodeValue("");
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            verify(build);
            fail("Expected failure due to a bad password");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    @Test
    public void testUsernameTokenNonceEncodingType() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        LOG.info("Before adding UsernameToken PW Digest....");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        assertTrue(XMLUtils.prettyDocumentToString(wSSecUsernameToken.build(sOAPPart, wSSecHeader)).contains("EncodingType"));
    }

    @Test
    public void testUsernameTokenWSHandler() throws Exception {
        CustomHandler customHandler = new CustomHandler();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        RequestData requestData = new RequestData();
        TreeMap treeMap = new TreeMap();
        treeMap.put("password", "verySecret");
        treeMap.put("passwordType", "PasswordText");
        requestData.setUsername("wernerd");
        requestData.setMsgContext(treeMap);
        customHandler.send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(1)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Username Token via WSHandler");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
    }

    @Test
    public void testUsernameTokenWSHandlerNoPassword() throws Exception {
        CustomHandler customHandler = new CustomHandler();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        RequestData requestData = new RequestData();
        TreeMap treeMap = new TreeMap();
        treeMap.put("passwordType", "PasswordNone");
        requestData.setUsername("wernerd");
        requestData.setMsgContext(treeMap);
        customHandler.send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(1)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Username Token via WSHandler");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
    }

    @Test
    public void testUsernameTokenWSHandlerNoPassword2() throws Exception {
        CustomHandler customHandler = new CustomHandler();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        RequestData requestData = new RequestData();
        TreeMap treeMap = new TreeMap();
        requestData.setUsername("wernerd");
        requestData.setMsgContext(treeMap);
        customHandler.send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(8192)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Username Token via WSHandler");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
    }

    @Test
    public void testUsernameTokenWSHandlerEmptyPassword() throws Exception {
        CustomHandler customHandler = new CustomHandler();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        RequestData requestData = new RequestData();
        TreeMap treeMap = new TreeMap();
        treeMap.put("passwordType", "PasswordText");
        treeMap.put("passwordCallbackRef", this);
        requestData.setUsername("emptyuser");
        requestData.setMsgContext(treeMap);
        customHandler.send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(1)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Username Token with an empty password via WSHandler");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
    }

    @Test
    public void testMultipleNonce() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        Node item = wSSecUsernameToken.getUsernameTokenElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Nonce").item(0);
        item.getParentNode().insertBefore(item.cloneNode(true), item);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
            fail("Expected failure as it is not BSP compliant");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4225));
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testMultipleCreated() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        Node item = wSSecUsernameToken.getUsernameTokenElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Created").item(0);
        item.getParentNode().insertBefore(item.cloneNode(true), item);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
            fail("Expected failure as it is not BSP compliant");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4223));
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testMultiplePassword() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        Node item = wSSecUsernameToken.getUsernameTokenElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Password").item(0);
        item.getParentNode().insertBefore(item.cloneNode(true), item);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
            fail("Expected failure as it is not BSP compliant");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4222));
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testNonceBadEncodingType() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        ((Element) wSSecUsernameToken.getUsernameTokenElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Nonce").item(0)).setAttributeNS(null, "EncodingType", "http://bad_encoding_type");
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
            fail("Expected failure as it is not BSP compliant");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
        }
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(this.callbackHandler);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R4221));
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testUsernameTokenWSHandlerNonceCreated() throws Exception {
        CustomHandler customHandler = new CustomHandler();
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        RequestData requestData = new RequestData();
        TreeMap treeMap = new TreeMap();
        treeMap.put("password", "verySecret");
        treeMap.put("passwordType", "PasswordText");
        treeMap.put("addUsernameTokenNonce", "true");
        treeMap.put("addUsernameTokenCreated", "true");
        requestData.setUsername("wernerd");
        requestData.setMsgContext(treeMap);
        customHandler.send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(1)), true);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Username Token via WSHandler");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
    }

    @Test
    public void testSpoofedUsernameToken() throws Exception {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo("wernerd", "verySecret");
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        wSSecUsernameToken.setWsTimeSource(new WSTimeSource() { // from class: org.apache.wss4j.dom.message.UsernameTokenTest.1
            public Date now() {
                Date date = new Date();
                date.setTime(date.getTime() - 500000);
                return date;
            }
        });
        Document build = wSSecUsernameToken.build(sOAPPart, wSSecHeader);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            new WSSecurityEngine().processSecurityHeader(sOAPPart, (String) null, this.callbackHandler, (Crypto) null);
            fail("The UsernameToken validation should have failed");
        } catch (WSSecurityException e) {
            assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
        }
    }

    private WSHandlerResult verify(Document document) throws Exception {
        return verify(document, false);
    }

    private WSHandlerResult verify(Document document, boolean z) throws Exception {
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setAllowUsernameTokenNoPassword(z);
        requestData.setCallbackHandler(this.callbackHandler);
        return wSSecurityEngine.processSecurityHeader(document, requestData);
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (!(callbackArr[i] instanceof WSPasswordCallback)) {
                throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
            }
            WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callbackArr[i];
            if (wSPasswordCallback.getUsage() == 2) {
                if ("emptyuser".equals(wSPasswordCallback.getIdentifier())) {
                    wSPasswordCallback.setPassword("");
                } else if ("customUser".equals(wSPasswordCallback.getIdentifier()) || null == wSPasswordCallback.getIdentifier()) {
                    return;
                }
            }
        }
    }
}
