package org.apache.wss4j.stax.test.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Properties;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.ProxyRestrictionBean;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.test.AbstractTestBase;
import org.apache.wss4j.stax.test.CallbackHandlerImpl;
import org.apache.wss4j.stax.test.saml.SAMLCallbackHandlerImpl;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
import org.joda.time.DateTime;
import org.junit.Assert;
import org.junit.Test;
import org.opensaml.saml.config.SAMLConfigurationSupport;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/wss4j/stax/test/saml/SamlConditionsTest.class */
public class SamlConditionsTest extends AbstractTestBase {
    @Test
    public void testSAML1ConditionsOutbound() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(WSSConstants.SAML_TOKEN_SIGNED);
        wSSSecurityProperties.setActions(arrayList);
        SAMLCallbackHandlerImpl sAMLCallbackHandlerImpl = new SAMLCallbackHandlerImpl();
        sAMLCallbackHandlerImpl.setStatement(SAMLCallbackHandlerImpl.Statement.AUTHN);
        sAMLCallbackHandlerImpl.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        DateTime dateTime = new DateTime();
        conditionsBean.setNotBefore(dateTime);
        DateTime plusMinutes = dateTime.plusMinutes(20);
        conditionsBean.setNotAfter(plusMinutes);
        sAMLCallbackHandlerImpl.setConditions(conditionsBean);
        wSSSecurityProperties.setSamlCallbackHandler(sAMLCallbackHandlerImpl);
        wSSSecurityProperties.loadSignatureKeyStore(getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
        wSSSecurityProperties.setSignatureUser("transmitter");
        wSSSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
        XMLStreamWriter processOutMessage = WSSec.getOutboundWSSec(wSSSecurityProperties).processOutMessage(byteArrayOutputStream, "UTF-8", new ArrayList());
        XmlReaderToWriter.writeAll(xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")), processOutMessage);
        processOutMessage.close();
        Document parse = this.documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        NodeList elementsByTagNameNS = parse.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
        Assert.assertEquals(elementsByTagNameNS.getLength(), 2L);
        Assert.assertEquals(elementsByTagNameNS.item(0).getParentNode().getLocalName(), WSSConstants.TAG_saml_Assertion.getLocalPart());
        Assert.assertEquals(elementsByTagNameNS.item(1).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
        NodeList elementsByTagNameNS2 = parse.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", "Conditions");
        Assert.assertEquals(elementsByTagNameNS2.getLength(), 1L);
        Assert.assertEquals(((Element) elementsByTagNameNS2.item(0)).getAttributeNS(null, "NotBefore"), SAMLConfigurationSupport.getSAMLDateFormatter().print(dateTime));
        Assert.assertEquals(((Element) elementsByTagNameNS2.item(0)).getAttributeNS(null, "NotOnOrAfter"), SAMLConfigurationSupport.getSAMLDateFormatter().print(plusMinutes));
        doInboundSecurityWithWSS4J_1(this.documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), "Signature SAMLTokenSigned", new Properties(), false);
    }

    @Test
    public void testSAML1ConditionsInbound() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
        sAML1CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        DateTime dateTime = new DateTime();
        conditionsBean.setNotBefore(dateTime);
        DateTime plusMinutes = dateTime.plusMinutes(20);
        conditionsBean.setNotAfter(plusMinutes);
        sAML1CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML1CallbackHandler);
        Document doOutboundSecurityWithWSS4J = doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties);
        NodeList elementsByTagNameNS = doOutboundSecurityWithWSS4J.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
        Assert.assertEquals(elementsByTagNameNS.getLength(), 2L);
        Assert.assertEquals(elementsByTagNameNS.item(0).getParentNode().getLocalName(), WSSConstants.TAG_saml_Assertion.getLocalPart());
        Assert.assertEquals(elementsByTagNameNS.item(1).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
        NodeList elementsByTagNameNS2 = doOutboundSecurityWithWSS4J.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", "Conditions");
        Assert.assertEquals(elementsByTagNameNS2.getLength(), 1L);
        Assert.assertEquals(((Element) elementsByTagNameNS2.item(0)).getAttributeNS(null, "NotBefore"), SAMLConfigurationSupport.getSAMLDateFormatter().print(dateTime));
        Assert.assertEquals(((Element) elementsByTagNameNS2.item(0)).getAttributeNS(null, "NotOnOrAfter"), SAMLConfigurationSupport.getSAMLDateFormatter().print(plusMinutes));
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML2InvalidAfterConditionsInbound() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        DateTime dateTime = new DateTime();
        conditionsBean.setNotBefore(dateTime.minusMinutes(5));
        conditionsBean.setNotAfter(dateTime.minusMinutes(3));
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("XMLStreamException expected");
        } catch (XMLStreamException e) {
            Assert.assertNotNull(e.getCause());
        }
    }

    @Test
    public void testSAML2StaleNotOnOrAfter() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        DateTime dateTime = new DateTime();
        conditionsBean.setNotAfter(dateTime.minusMinutes(60));
        conditionsBean.setNotBefore(dateTime.minusMinutes(70));
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("XMLStreamException expected");
        } catch (XMLStreamException e) {
            Assert.assertNotNull(e.getCause());
        }
    }

    @Test
    public void testSAML2FutureNotBefore() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        DateTime dateTime = new DateTime();
        conditionsBean.setNotAfter(new DateTime().plusMinutes(70));
        conditionsBean.setNotBefore(dateTime.plusMinutes(60));
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("XMLStreamException expected");
        } catch (XMLStreamException e) {
            Assert.assertNotNull(e.getCause());
        }
    }

    @Test
    public void testSAML2InvalidBeforeConditionsInbound() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        DateTime dateTime = new DateTime();
        conditionsBean.setNotBefore(dateTime.plusMinutes(2));
        conditionsBean.setNotAfter(dateTime.plusMinutes(5));
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("XMLStreamException expected");
        } catch (XMLStreamException e) {
            Assert.assertNotNull(e.getCause());
        }
    }

    @Test
    public void testSAML2FutureTTLConditions() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        DateTime dateTime = new DateTime();
        conditionsBean.setNotBefore(dateTime.plusSeconds(30));
        conditionsBean.setNotAfter(dateTime.plusMinutes(5));
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML2OneTimeUse() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        conditionsBean.setOneTimeUse(true);
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML2ProxyRestriction() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        ProxyRestrictionBean proxyRestrictionBean = new ProxyRestrictionBean();
        ArrayList arrayList = new ArrayList();
        arrayList.add("http://apache.org/one");
        arrayList.add("http://apache.org/two");
        proxyRestrictionBean.getAudienceURIs().addAll(arrayList);
        proxyRestrictionBean.setCount(5);
        conditionsBean.setProxyRestriction(proxyRestrictionBean);
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML2AudienceRestriction() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        ArrayList arrayList = new ArrayList();
        arrayList.add("http://apache.org/one");
        arrayList.add("http://apache.org/two");
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(arrayList);
        conditionsBean.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML2AudienceRestrictionValidation() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ArrayList arrayList = new ArrayList();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        arrayList.add("http://apache.org/one");
        arrayList.add("http://apache.org/two");
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(arrayList);
        conditionsBean.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        arrayList.clear();
        arrayList.add("http://apache.org/three");
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.setAudienceRestrictions(arrayList);
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("XMLStreamException expected");
        } catch (XMLStreamException e) {
            Assert.assertNotNull(e.getCause());
        }
        arrayList.add("http://apache.org/one");
        WSSSecurityProperties wSSSecurityProperties2 = new WSSSecurityProperties();
        wSSSecurityProperties2.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.setAudienceRestrictions(arrayList);
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties2).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML1AudienceRestrictionValidation() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ArrayList arrayList = new ArrayList();
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        arrayList.add("http://apache.org/one");
        arrayList.add("http://apache.org/two");
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(arrayList);
        conditionsBean.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
        sAML1CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML1CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        arrayList.clear();
        arrayList.add("http://apache.org/three");
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.setAudienceRestrictions(arrayList);
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("XMLStreamException expected");
        } catch (XMLStreamException e) {
            Assert.assertNotNull(e.getCause());
        }
        arrayList.add("http://apache.org/one");
        WSSSecurityProperties wSSSecurityProperties2 = new WSSSecurityProperties();
        wSSSecurityProperties2.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.setAudienceRestrictions(arrayList);
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties2).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML2AudienceRestrictionSeparateRestrictions() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        ArrayList arrayList = new ArrayList();
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(Collections.singletonList("http://apache.org/one"));
        arrayList.add(audienceRestrictionBean);
        AudienceRestrictionBean audienceRestrictionBean2 = new AudienceRestrictionBean();
        audienceRestrictionBean2.setAudienceURIs(Collections.singletonList("http://apache.org/two"));
        arrayList.add(audienceRestrictionBean2);
        conditionsBean.setAudienceRestrictions(arrayList);
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }

    @Test
    public void testSAML1AudienceRestrictionSeparateRestrictionsValidation() throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        ConditionsBean conditionsBean = new ConditionsBean();
        conditionsBean.setTokenPeriodMinutes(5);
        ArrayList arrayList = new ArrayList();
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(Collections.singletonList("http://apache.org/one"));
        arrayList.add(audienceRestrictionBean);
        AudienceRestrictionBean audienceRestrictionBean2 = new AudienceRestrictionBean();
        audienceRestrictionBean2.setAudienceURIs(Collections.singletonList("http://apache.org/two"));
        arrayList.add(audienceRestrictionBean2);
        conditionsBean.setAudienceRestrictions(arrayList);
        sAML2CallbackHandler.setConditions(conditionsBean);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
        Properties properties = new Properties();
        properties.put("samlCallbackRef", sAML2CallbackHandler);
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(doOutboundSecurityWithWSS4J(resourceAsStream, "SAMLTokenSigned", properties)), new StreamResult(byteArrayOutputStream));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("http://apache.org/three");
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.setAudienceRestrictions(arrayList2);
        try {
            StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()))));
            Assert.fail("XMLStreamException expected");
        } catch (XMLStreamException e) {
            Assert.assertNotNull(e.getCause());
        }
        arrayList2.add("http://apache.org/one");
        WSSSecurityProperties wSSSecurityProperties2 = new WSSSecurityProperties();
        wSSSecurityProperties2.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties2.setAudienceRestrictions(arrayList2);
        Assert.assertNotNull(StAX2DOM.readDoc(this.documentBuilderFactory.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties2).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())))));
    }
}
