package org.apache.wss4j.stax.test.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.message.WSSecDKSign;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.InboundWSSec;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.test.AbstractTestBase;
import org.apache.wss4j.stax.test.CallbackHandlerImpl;
import org.apache.wss4j.stax.test.utils.SOAPUtil;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.class */
public class SamlTokenDerivedTest extends AbstractTestBase {
    /* JADX WARN: Type inference failed for: r0v1, types: [javax.security.auth.callback.CallbackHandler, org.apache.wss4j.stax.test.saml.SAML1CallbackHandler] */
    @Test
    public void testSAML1AuthnAssertionDerivedInbound() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ?? sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback((CallbackHandler) sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        SecurityTokenReference createSamlSTR = createSamlSTR(sOAPPart, samlAssertionWrapper, WSSConfig.getNewInstance());
        Element dom = samlAssertionWrapper.toDOM(sOAPPart);
        Element element = createSamlSTR.getElement();
        wSSecHeader.getSecurityHeader().appendChild(dom);
        wSSecHeader.getSecurityHeader().appendChild(element);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(createDKSign(sOAPPart, createSamlSTR).build(sOAPPart, wSSecHeader)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        InboundWSSec inboundWSSec = WSSec.getInboundWSSec(wSSSecurityProperties);
        AbstractTestBase.TestSecurityEventListener testSecurityEventListener = new AbstractTestBase.TestSecurityEventListener(new SecurityEventConstants.Event[]{WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.AlgorithmSuite, WSSecurityEventConstants.X509Token, WSSecurityEventConstants.SamlToken, WSSecurityEventConstants.SignatureValue, WSSecurityEventConstants.SignedElement, WSSecurityEventConstants.SignedPart, WSSecurityEventConstants.Operation});
        NodeList elementsByTagNameNS = StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), inboundWSSec.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), (List) null, testSecurityEventListener)).getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
        Assert.assertEquals(elementsByTagNameNS.getLength(), 1L);
        Assert.assertEquals(elementsByTagNameNS.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
        testSecurityEventListener.compare();
    }

    private SecurityTokenReference createSamlSTR(Document document, SamlAssertionWrapper samlAssertionWrapper, WSSConfig wSSConfig) {
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
        securityTokenReference.setID(wSSConfig.getIdAllocator().createSecureId("STRSAMLId-", securityTokenReference));
        Reference reference = new Reference(document);
        reference.setURI("#" + samlAssertionWrapper.getId());
        reference.setValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
        securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        securityTokenReference.setReference(reference);
        return securityTokenReference;
    }

    private WSSecDKSign createDKSign(Document document, SecurityTokenReference securityTokenReference) throws WSSecurityException {
        SecurityTokenReference securityTokenReference2 = new SecurityTokenReference(document);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("transmitter");
        Crypto cryptoFactory = CryptoFactory.getInstance("transmitter-crypto.properties");
        securityTokenReference2.setKeyIdentifierThumb(cryptoFactory.getX509Certificates(cryptoType)[0]);
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(cryptoFactory.getPrivateKey("transmitter", "default").getEncoded(), securityTokenReference2.getElement());
        wSSecDKSign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecDKSign.getParts().add(new WSEncryptionPart("Body", WSSecurityUtil.getSOAPNamespace(document.getDocumentElement()), "Content"));
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart("STRTransform", "", "Element");
        wSEncryptionPart.setId(securityTokenReference.getID());
        wSEncryptionPart.setElement(securityTokenReference.getElement());
        wSSecDKSign.getParts().add(wSEncryptionPart);
        return wSSecDKSign;
    }
}
