package org.apache.wss4j.dom.misc;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
import org.apache.wss4j.dom.message.token.UsernameToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/misc/FaultCodeTest.class */
public class FaultCodeTest implements CallbackHandler {
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private Crypto crypto = CryptoFactory.getInstance("wss40.properties");

    public FaultCodeTest() throws Exception {
        WSSConfig.init();
    }

    @Test
    public void testFailedCheck() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG));
        wSSecHeader.insertSecurityHeader();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setUserInfo("wss40", "security");
        wSSecEncrypt.setKeyIdentifierType(1);
        try {
            verify(wSSecEncrypt.build(this.crypto, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes128-cbc").generateKey()));
            Assertions.fail("Failure expected with a bad password");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_CHECK);
            Assertions.assertEquals("The private key for the supplied alias does not exist in the keystore", e.getMessage());
            Assertions.assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "FailedCheck")));
        }
    }

    @Test
    public void testUnsupportedAlgorithm() throws Exception {
        try {
            this.secEngine.getWssConfig();
            KeyUtils.getCipherInstance("Bad Algorithm");
            Assertions.fail("Failure expected on an unsupported algorithm");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM);
            Assertions.assertEquals("unsupported key transport encryption algorithm: No such algorithm: \"Bad Algorithm\"", e.getMessage());
            Assertions.assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UnsupportedAlgorithm")));
        }
    }

    @Test
    public void testMessageExpired() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG));
        wSSecHeader.insertSecurityHeader();
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp(wSSecHeader);
        wSSecTimestamp.setTimeToLive(-1);
        try {
            verify(wSSecTimestamp.build());
            Assertions.fail("Failure expected on an expired message");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
            Assertions.assertEquals("Invalid timestamp: The message timestamp has expired", e.getMessage());
            Assertions.assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "MessageExpired")));
        }
    }

    @Test
    public void testFailedAuthentication() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG));
        wSSecHeader.insertSecurityHeader();
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken(wSSecHeader);
        wSSecUsernameToken.addCreated();
        wSSecUsernameToken.addNonce();
        wSSecUsernameToken.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        try {
            verify(wSSecUsernameToken.build());
            Assertions.fail("Failure expected on a bad password");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
            Assertions.assertEquals("The security token could not be authenticated or authorized", e.getMessage());
            Assertions.assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "FailedAuthentication")));
        }
    }

    @Test
    public void testInvalidSecurityToken() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken(wSSecHeader);
        wSSecUsernameToken.addCreated();
        wSSecUsernameToken.addNonce();
        wSSecUsernameToken.setUserInfo((String) null, "security");
        wSSecUsernameToken.build();
        try {
            new UsernameToken(sOAPPart.getDocumentElement(), false, new BSPEnforcer());
            Assertions.fail("Failure expected on an invalid security token");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
            Assertions.assertEquals("Bad element, expected \"{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken\" while got \"{http://schemas.xmlsoap.org/soap/envelope/}Envelope\"", e.getMessage());
            Assertions.assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "InvalidSecurityToken")));
        }
    }

    @Test
    public void testInvalidSecurity() throws Exception {
        try {
            new Reference((Element) null);
            Assertions.fail("Failure expected on processing the security header");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.INVALID_SECURITY);
            Assertions.assertEquals("<Reference> token could not be retrieved", e.getMessage());
            Assertions.assertTrue(e.getFaultCode().equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "InvalidSecurity")));
        }
    }

    private void verify(Document document) throws Exception {
        this.secEngine.processSecurityHeader(document, (String) null, this, this.crypto);
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (!(callbackArr[i] instanceof WSPasswordCallback)) {
                throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
            }
            ((WSPasswordCallback) callbackArr[i]).setPassword("securit");
        }
    }
}
