package org.apache.cxf.systest.jaxrs.security.saml;

import java.util.HashMap;
import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Form;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.interceptor.Interceptor;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.provider.FormEncodingProvider;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.saml.SamlEnvelopedOutInterceptor;
import org.apache.cxf.rs.security.saml.SamlFormOutInterceptor;
import org.apache.cxf.rs.security.saml.SamlHeaderOutInterceptor;
import org.apache.cxf.rs.security.xml.XmlSigOutInterceptor;
import org.apache.cxf.systest.jaxrs.security.Book;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.class */
public class JAXRSSamlTest extends AbstractBusClientServerTestBase {
    public static final String PORT = BookServerSaml.PORT;

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(BookServerSaml.class, true));
    }

    @Test
    public void testGetBookSAMLTokenAsHeader() throws Exception {
        try {
            assertEquals(123L, ((Book) createWebClient("https://localhost:" + PORT + "/samlheader/bookstore/books/123", new SamlHeaderOutInterceptor(), null).get(Book.class)).getId());
        } catch (WebApplicationException e) {
            fail(e.getMessage());
        } catch (ProcessingException e2) {
            if (e2.getCause() == null || e2.getCause().getMessage() == null) {
                fail(e2.getMessage());
            } else {
                fail(e2.getCause().getMessage());
            }
        }
    }

    @Test
    public void testInvalidSAMLTokenAsHeader() throws Exception {
        String str = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
        JAXRSClientFactoryBean jAXRSClientFactoryBean = new JAXRSClientFactoryBean();
        jAXRSClientFactoryBean.setAddress(str);
        jAXRSClientFactoryBean.setBus(new SpringBusFactory().createBus(JAXRSSamlTest.class.getResource("client.xml").toString()));
        jAXRSClientFactoryBean.createWebClient().header("Authorization", new Object[]{"SAML invalid_grant"});
        assertEquals(401L, r0.get().getStatus());
    }

    @Test
    public void testGetBookSAMLTokenInForm() throws Exception {
        String str = "https://localhost:" + PORT + "/samlform/bookstore/books";
        FormEncodingProvider formEncodingProvider = new FormEncodingProvider();
        formEncodingProvider.setExpectedEncoded(true);
        WebClient createWebClient = createWebClient(str, new SamlFormOutInterceptor<>(), formEncodingProvider);
        createWebClient.type("application/x-www-form-urlencoded").accept(new String[]{"application/xml"});
        try {
            assertEquals(125L, ((Book) createWebClient.post(new Form(new MetadataMap()).param("name", "CXF").param("id", "125"), Book.class)).getId());
        } catch (WebApplicationException e) {
            fail(e.getMessage());
        } catch (ProcessingException e2) {
            if (e2.getCause() == null || e2.getCause().getMessage() == null) {
                fail(e2.getMessage());
            } else {
                fail(e2.getCause().getMessage());
            }
        }
    }

    @Test
    public void testEnvelopedSelfSignedSAMLToken() throws Exception {
        doTestEnvelopedSAMLToken(true);
    }

    @Test
    public void testBearerSignedDifferentAlgorithms() throws Exception {
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        samlCallbackHandler.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        samlCallbackHandler.setDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
        samlCallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        samlCallbackHandler.setSignAssertion(true);
        doTestEnvelopedSAMLToken(true, samlCallbackHandler);
    }

    @Test
    public void testEnvelopedUnsignedSAMLToken() throws Exception {
        doTestEnvelopedSAMLToken(false);
    }

    @Test
    public void testGetBookPreviousSAMLTokenAsHeader() throws Exception {
        try {
            assertEquals(123L, ((Book) createWebClientForExistingToken("https://localhost:" + PORT + "/samlheader/bookstore/books/123", new SamlHeaderOutInterceptor(), null).get(Book.class)).getId());
        } catch (WebApplicationException e) {
            fail(e.getMessage());
        } catch (ProcessingException e2) {
            if (e2.getCause() == null || e2.getCause().getMessage() == null) {
                fail(e2.getMessage());
            } else {
                fail(e2.getCause().getMessage());
            }
        }
    }

    @Test
    public void testGetBookPreviousSAMLTokenInForm() throws Exception {
        String str = "https://localhost:" + PORT + "/samlform/bookstore/books";
        FormEncodingProvider formEncodingProvider = new FormEncodingProvider();
        formEncodingProvider.setExpectedEncoded(true);
        WebClient createWebClientForExistingToken = createWebClientForExistingToken(str, new SamlFormOutInterceptor<>(), formEncodingProvider);
        createWebClientForExistingToken.type("application/x-www-form-urlencoded").accept(new String[]{"application/xml"});
        try {
            assertEquals(125L, ((Book) createWebClientForExistingToken.post(new Form(new MetadataMap()).param("name", "CXF").param("id", "125"), Book.class)).getId());
        } catch (WebApplicationException e) {
            fail(e.getMessage());
        } catch (ProcessingException e2) {
            if (e2.getCause() == null || e2.getCause().getMessage() == null) {
                fail(e2.getMessage());
            } else {
                fail(e2.getCause().getMessage());
            }
        }
    }

    public void doTestEnvelopedSAMLToken(boolean z) throws Exception {
        doTestEnvelopedSAMLToken(z, new SamlCallbackHandler());
    }

    public void doTestEnvelopedSAMLToken(boolean z, CallbackHandler callbackHandler) throws Exception {
        WebClient createWebClient = createWebClient("https://localhost:" + PORT + "/samlxml/bookstore/books", new SamlEnvelopedOutInterceptor(!z), null, callbackHandler);
        XmlSigOutInterceptor xmlSigOutInterceptor = new XmlSigOutInterceptor();
        if (z) {
            xmlSigOutInterceptor.setStyle("detached");
        }
        WebClient.getConfig(createWebClient).getOutInterceptors().add(xmlSigOutInterceptor);
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        try {
            assertEquals(125L, ((Book) createWebClient.post(new Book("CXF", 125L), Book.class)).getId());
        } catch (WebApplicationException e) {
            fail(e.getMessage());
        } catch (ProcessingException e2) {
            if (e2.getCause() == null || e2.getCause().getMessage() == null) {
                fail(e2.getMessage());
            } else {
                fail(e2.getCause().getMessage());
            }
        }
    }

    private WebClient createWebClient(String str, Interceptor<Message> interceptor, Object obj) {
        return createWebClient(str, interceptor, obj, new SamlCallbackHandler());
    }

    private WebClient createWebClient(String str, Interceptor<Message> interceptor, Object obj, CallbackHandler callbackHandler) {
        JAXRSClientFactoryBean jAXRSClientFactoryBean = new JAXRSClientFactoryBean();
        jAXRSClientFactoryBean.setAddress(str);
        jAXRSClientFactoryBean.setBus(new SpringBusFactory().createBus(JAXRSSamlTest.class.getResource("client.xml").toString()));
        HashMap hashMap = new HashMap();
        hashMap.put("security.callback-handler", "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
        hashMap.put("security.saml-callback-handler", callbackHandler);
        hashMap.put("security.signature.username", "alice");
        hashMap.put("security.signature.properties", "org/apache/cxf/systest/jaxrs/security/alice.properties");
        jAXRSClientFactoryBean.setProperties(hashMap);
        jAXRSClientFactoryBean.getOutInterceptors().add(interceptor);
        if (obj != null) {
            jAXRSClientFactoryBean.setProvider(obj);
        }
        return jAXRSClientFactoryBean.createWebClient();
    }

    private WebClient createWebClientForExistingToken(String str, Interceptor<Message> interceptor, Object obj) {
        JAXRSClientFactoryBean jAXRSClientFactoryBean = new JAXRSClientFactoryBean();
        jAXRSClientFactoryBean.setAddress(str);
        jAXRSClientFactoryBean.setBus(new SpringBusFactory().createBus(JAXRSSamlTest.class.getResource("client.xml").toString()));
        jAXRSClientFactoryBean.getOutInterceptors().add(interceptor);
        jAXRSClientFactoryBean.getOutInterceptors().add(new SamlRetrievalInterceptor());
        if (obj != null) {
            jAXRSClientFactoryBean.setProvider(obj);
        }
        return jAXRSClientFactoryBean.createWebClient();
    }
}
