package org.apache.wss4j.dom.validate;

import java.util.Collections;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.UsernamePasswordCallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/validate/ValidatorTest.class */
public class ValidatorTest {
    private static final Logger LOG = LoggerFactory.getLogger(ValidatorTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();

    /* loaded from: input_file:org/apache/wss4j/dom/validate/ValidatorTest$BSTValidator.class */
    private static class BSTValidator implements Validator {
        private BSTValidator() {
        }

        public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
            if (credential.getBinarySecurityToken() == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
            }
            try {
                SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
                sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
                sAML1CallbackHandler.setIssuer("www.example.com");
                SAMLCallback sAMLCallback = new SAMLCallback();
                SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
                credential.setTransformedToken(new SamlAssertionWrapper(sAMLCallback));
                return credential;
            } catch (Exception e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
            }
        }
    }

    @Test
    public void testExpiredTimestamp() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp(wSSecHeader);
        wSSecTimestamp.setTimeToLive(-1);
        Document build = wSSecTimestamp.build();
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        try {
            verify(build, newInstance, null, null);
            Assertions.fail("Expected failure on an expired timestamp");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
        }
        newInstance.setValidator(WSConstants.TIMESTAMP, NoOpValidator.class);
        verify(build, newInstance, null, null);
    }

    @Test
    public void testUntrustedSignature() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setUserInfo("wss40", "security");
        wSSecSignature.setKeyIdentifierType(3);
        Document build = wSSecSignature.build(CryptoFactory.getInstance("wss40.properties"));
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        Crypto cryptoFactory = CryptoFactory.getInstance("crypto.properties");
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        RequestData requestData = new RequestData();
        requestData.setSigVerCrypto(cryptoFactory);
        requestData.setIgnoredBSPRules(Collections.singletonList(BSPRule.R3063));
        try {
            wSSecurityEngine.processSecurityHeader(build, requestData);
            Assertions.fail("Failure expected on issuer serial");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSConstants.SIGNATURE, NoOpValidator.class);
        wSSecurityEngine.setWssConfig(newInstance);
        requestData.setWssConfig(newInstance);
        wSSecurityEngine.processSecurityHeader(build, requestData);
    }

    @Test
    public void testUsernameTokenBadText() throws Exception {
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken(wSSecHeader);
        wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        wSSecUsernameToken.setUserInfo("wernerd", "verySecre");
        Document build = wSSecUsernameToken.build();
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        try {
            verify(build, newInstance, new UsernamePasswordCallbackHandler(), null);
            Assertions.fail("Failure expected on a bad password text");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        newInstance.setValidator(WSConstants.USERNAME_TOKEN, NoOpValidator.class);
        verify(build, newInstance, new UsernamePasswordCallbackHandler(), null);
    }

    @Test
    public void testTransformedBST() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        X509Security x509Security = new X509Security(sOAPPart);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        x509Security.setX509Certificate(cryptoFactory.getX509Certificates(cryptoType)[0]);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), x509Security.getElement());
        if (LOG.isDebugEnabled()) {
            LOG.debug("BST output");
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSConstants.BINARY_TOKEN, new BSTValidator());
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, (CallbackHandler) null, cryptoFactory).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Assertions.assertNotNull((SamlAssertionWrapper) wSSecurityEngineResult.get("transformed-token"));
    }

    @Test
    public void testValidatedBSTSignature() throws Exception {
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        wSSecSignature.setKeyIdentifierType(1);
        Document build = wSSecSignature.build(CryptoFactory.getInstance());
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        WSSConfig newInstance = WSSConfig.getNewInstance();
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        try {
            wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, (CallbackHandler) null, cryptoFactory);
            Assertions.fail("Expected failure on untrusted signature");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
        }
        newInstance.setValidator(WSConstants.BINARY_TOKEN, new BSTValidator());
        Assertions.assertNotNull((BinarySecurity) ((WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, (CallbackHandler) null, cryptoFactory).getActionResults().get(4096)).get(0)).get("binary-security-token"));
    }

    private WSHandlerResult verify(Document document, WSSConfig wSSConfig, CallbackHandler callbackHandler, Crypto crypto) throws Exception {
        this.secEngine.setWssConfig(wSSConfig);
        return this.secEngine.processSecurityHeader(document, (String) null, callbackHandler, crypto);
    }
}
