package org.switchyard.test.quickstarts.demo;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.zip.ZipFile;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.custommonkey.xmlunit.XMLAssert;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.as.arquillian.api.ServerSetup;
import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
import org.jboss.dmr.ModelNode;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.importer.ZipImporter;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
import org.switchyard.common.io.pull.StringPuller;
import org.switchyard.common.xml.XMLHelper;
import org.switchyard.component.test.mixins.http.HTTPMixIn;
import org.switchyard.test.ArquillianUtil;
import org.switchyard.test.quickstarts.util.ResourceDeployer;
import org.w3c.dom.Element;

@ServerSetup({SSLSocketBindingSetupTask.class})
@RunWith(Arquillian.class)
/* loaded from: input_file:org/switchyard/test/quickstarts/demo/PolicySecuritySamlDemoQuickstartTest.class */
public class PolicySecuritySamlDemoQuickstartTest {
    private static String SRC_DIR = System.getProperty("jboss.home") + "/quickstarts/switchyard/demos/policy-security-saml";

    /* loaded from: input_file:org/switchyard/test/quickstarts/demo/PolicySecuritySamlDemoQuickstartTest$SSLSocketBindingSetupTask.class */
    public static class SSLSocketBindingSetupTask implements ServerSetupTask {
        public void setup(ManagementClient managementClient, String str) throws Exception {
            ResourceDeployer.setupSSL(managementClient, new File(PolicySecuritySamlDemoQuickstartTest.SRC_DIR, "connector.jks").getAbsolutePath(), "changeit");
            ModelNode modelNode = new ModelNode();
            modelNode.get("operation").set("add");
            modelNode.get("address").add("subsystem", "security");
            modelNode.get("address").add("security-domain", "picketlink-sts");
            modelNode.get("cache-type").set("default");
            managementClient.getControllerClient().execute(modelNode);
            ModelNode modelNode2 = new ModelNode();
            modelNode2.get("code").set("UsersRoles");
            modelNode2.get("flag").set("required");
            modelNode2.get("module-options").add("usersProperties", "users.properties");
            modelNode2.get("module-options").add("rolesProperties", "roles.properties");
            ModelNode modelNode3 = new ModelNode();
            modelNode3.get("operation").set("add");
            modelNode3.get("address").add("subsystem", "security");
            modelNode3.get("address").add("security-domain", "picketlink-sts");
            modelNode3.get("address").add("authentication", "classic");
            modelNode3.get("login-modules").add(modelNode2);
            modelNode3.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set("true");
            managementClient.getControllerClient().execute(modelNode3);
            ModelNode modelNode4 = new ModelNode();
            modelNode4.get("operation").set("add");
            modelNode4.get("address").add("subsystem", "security");
            modelNode4.get("address").add("security-domain", "saml-validate-token");
            modelNode4.get("cache-type").set("default");
            managementClient.getControllerClient().execute(modelNode4);
            ModelNode modelNode5 = new ModelNode();
            modelNode5.get("code").set("org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule");
            modelNode5.get("flag").set("required");
            modelNode5.get("module-options").add("configFile", new File(PolicySecuritySamlDemoQuickstartTest.SRC_DIR, "sts-client.properties").getAbsolutePath());
            modelNode5.get("module-options").add("useOptionsCredentials", true);
            ModelNode modelNode6 = new ModelNode();
            modelNode6.get("operation").set("add");
            modelNode6.get("address").add("subsystem", "security");
            modelNode6.get("address").add("security-domain", "saml-validate-token");
            modelNode6.get("address").add("authentication", "classic");
            modelNode6.get("login-modules").add(modelNode5);
            modelNode6.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set("true");
            managementClient.getControllerClient().execute(modelNode6);
            Thread.sleep(1000L);
        }

        public void tearDown(ManagementClient managementClient, String str) throws Exception {
            ResourceDeployer.tearDownSSL(managementClient);
            ModelNode modelNode = new ModelNode();
            modelNode.get("operation").set("remove");
            modelNode.get("address").add("subsystem", "security");
            modelNode.get("address").add("security-domain", "picketlink-sts");
            managementClient.getControllerClient().execute(modelNode);
            ModelNode modelNode2 = new ModelNode();
            modelNode2.get("operation").set("remove");
            modelNode2.get("address").add("subsystem", "security");
            modelNode2.get("address").add("security-domain", "saml-validate-token");
            managementClient.getControllerClient().execute(modelNode2);
        }
    }

    @Deployment(testable = false, order = 1, name = "picketlink-sts")
    public static WebArchive createPicketlinkSTSWar() throws Exception {
        File file = new File(SRC_DIR, "picketlink-sts.war");
        if (!file.isFile()) {
            Assert.fail("Failed to resolve artifact '" + file + "'.  The artifact must be declared as a dependency in your POM, thereby making it available in your local repository.");
        }
        return ShrinkWrap.create(ZipImporter.class, file.getName()).importFrom(new ZipFile(file)).as(WebArchive.class);
    }

    @Deployment(testable = false, order = 2)
    public static JavaArchive createDeployment() {
        return ArquillianUtil.createJarDemoDeployment("switchyard-demo-policy-security-saml");
    }

    @Test
    public void testUnsecure() throws Exception {
        Assert.assertTrue(invokeWorkService("http", 8080, "policy-security-saml", null, null).toLowerCase().contains("fault"));
    }

    @Test
    public void testConfidentialSecure() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(new File(SRC_DIR, "connector.jks")), "changeit".toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
        trustManagerFactory.init(keyStore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, "changeit".toCharArray());
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        XMLAssert.assertXpathEvaluatesTo("true", "//received", invokeWorkService("https", 8443, "policy-security-saml", getAssertion(), sSLContext));
    }

    private String invokeWorkService(String str, int i, String str2, Element element, SSLContext sSLContext) throws Exception {
        String replaceAll = ((String) new StringPuller().pull(new File(SRC_DIR, "src/test/resources/xml/soap-request.xml"))).replaceAll("WORK_CMD", "CMD-" + System.currentTimeMillis());
        if (element != null) {
            replaceAll = replaceAll.replaceFirst("<!-- Assertion -->", XMLHelper.toString(element));
        }
        HTTPMixIn hTTPMixIn = new HTTPMixIn(sSLContext);
        hTTPMixIn.initialize();
        try {
            String postString = hTTPMixIn.postString(String.format("%s://localhost:%s/%s/WorkService", str, Integer.valueOf(i), str2), replaceAll);
            hTTPMixIn.uninitialize();
            return postString;
        } catch (Throwable th) {
            hTTPMixIn.uninitialize();
            throw th;
        }
    }

    private Element getAssertion() throws Exception {
        return new WSTrustClient("PicketLinkSTS", "PicketLinkSTSPort", "http://localhost:8080/picketlink-sts/PicketLinkSTS", new WSTrustClient.SecurityInfo("admin", "admin")).issueToken("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
    }
}
