package org.apache.wss4j.integration.test.kerberos;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback;
import org.apache.wss4j.common.spnego.SpnegoTokenContext;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.validate.KerberosTokenValidator;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent;
import org.apache.wss4j.stax.setup.WSSec;
import org.apache.wss4j.stax.test.utils.StAX2DOM;
import org.apache.wss4j.stax.test.utils.XmlReaderToWriter;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/wss4j/integration/test/kerberos/KerberosTest.class */
public class KerberosTest {
    private static DocumentBuilderFactory dbf;
    private static SimpleKdcServer kerbyServer;
    private static final Logger LOG = LoggerFactory.getLogger(KerberosTest.class);
    private static final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
    private static boolean runTests = true;

    @BeforeAll
    public static void setUp() throws Exception {
        WSSConfig.init();
        String property = System.getProperty("basedir");
        if (property == null) {
            property = new File(".").getCanonicalPath();
        }
        System.setProperty("java.security.auth.login.config", property + "/target/test-classes/kerberos/kerberos.jaas");
        System.setProperty("java.security.krb5.conf", property + "/target/krb5.conf");
        kerbyServer = new SimpleKdcServer();
        kerbyServer.setKdcRealm("service.ws.apache.org");
        kerbyServer.setAllowUdp(false);
        kerbyServer.setWorkDir(new File(property + "/target"));
        kerbyServer.init();
        kerbyServer.createPrincipal("alice@service.ws.apache.org", "alice");
        kerbyServer.createPrincipal("bob/service.ws.apache.org@service.ws.apache.org", "bob");
        kerbyServer.start();
        if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
            runTests = false;
        }
        dbf = DocumentBuilderFactory.newInstance();
        dbf.setNamespaceAware(true);
        dbf.setIgnoringComments(false);
        dbf.setCoalescing(false);
        dbf.setIgnoringElementContentWhitespace(false);
        xmlInputFactory.setProperty("javax.xml.stream.isCoalescing", false);
        xmlInputFactory.setProperty("javax.xml.stream.supportDTD", false);
    }

    @AfterAll
    public static void tearDown() throws Exception {
        if (kerbyServer != null) {
            kerbyServer.stop();
        }
    }

    @Test
    public void testKerberosCreationAndProcessing() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                if (passwordCallback.getPrompt().contains("alice")) {
                    passwordCallback.setPassword("alice".toCharArray());
                } else if (passwordCallback.getPrompt().contains("bob")) {
                    passwordCallback.setPassword("bob".toCharArray());
                }
            }
        };
        kerberosSecurity.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, callbackHandler, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testSpnego() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>")).insertSecurityHeader();
        SpnegoTokenContext spnegoTokenContext = new SpnegoTokenContext();
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.2
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                if (passwordCallback.getPrompt().contains("alice")) {
                    passwordCallback.setPassword("alice".toCharArray());
                } else if (passwordCallback.getPrompt().contains("bob")) {
                    passwordCallback.setPassword("bob".toCharArray());
                }
            }
        };
        spnegoTokenContext.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        byte[] token = spnegoTokenContext.getToken();
        Assertions.assertNotNull(token);
        SpnegoTokenContext spnegoTokenContext2 = new SpnegoTokenContext();
        spnegoTokenContext2.validateServiceTicket("bob", callbackHandler, "bob@service.ws.apache.org", token);
        Assertions.assertTrue(spnegoTokenContext2.isEstablished());
    }

    @Test
    public void testKerberosClient() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.3
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                if (passwordCallback.getPrompt().contains("alice")) {
                    passwordCallback.setPassword("alice".toCharArray());
                } else if (passwordCallback.getPrompt().contains("bob")) {
                    passwordCallback.setPassword("bob".toCharArray());
                }
            }
        };
        try {
            new KerberosSecurity(sOAPPart).retrieveServiceTicket("alice2", callbackHandler, "bob@service");
            Assertions.fail("Failure expected on an unknown user");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getMessage().startsWith("An error occurred in trying to obtain a TGT:"));
        }
        try {
            new KerberosSecurity(sOAPPart).retrieveServiceTicket("alice", callbackHandler, "bob2@service");
            Assertions.fail("Failure expected on an unknown user");
        } catch (WSSecurityException e2) {
            Assertions.assertEquals(e2.getMessage(), "An error occurred in trying to obtain a service ticket");
        }
    }

    @Test
    public void testKerberosSignature() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.4
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    } else if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        };
        kerberosSecurity.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecSignature.setKeyIdentifierType(9);
        wSSecSignature.setCustomTokenId(kerberosSecurity.getID());
        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
        wSSecSignature.setSecretKey(kerberosSecurity.getSecretKey().getEncoded());
        Document build = wSSecSignature.build((Crypto) null);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, callbackHandler, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testKerberosSignatureKI() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.5
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    } else if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        };
        kerberosSecurity.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecSignature.setKeyIdentifierType(12);
        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1");
        wSSecSignature.setSecretKey(kerberosSecurity.getSecretKey().getEncoded());
        wSSecSignature.setCustomTokenId(org.apache.xml.security.utils.XMLUtils.encodeToString(KeyUtils.generateDigest(kerberosSecurity.getToken())));
        Document build = wSSecSignature.build((Crypto) null);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(sOAPPart, (String) null, callbackHandler, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testKerberosEncryption() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.6
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    } else if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        };
        kerberosSecurity.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        SecretKey secretKey = kerberosSecurity.getSecretKey();
        wSSecEncrypt.setEncryptSymmKey(false);
        wSSecEncrypt.setCustomReferenceValue("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
        wSSecEncrypt.setEncKeyId(kerberosSecurity.getID());
        try {
            Document build = wSSecEncrypt.build((Crypto) null, secretKey);
            if (LOG.isDebugEnabled()) {
                LOG.debug(XMLUtils.prettyDocumentToString(build));
            }
            WSSConfig newInstance = WSSConfig.getNewInstance();
            KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
            kerberosTokenValidator.setContextName("bob");
            kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
            newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
            WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
            wSSecurityEngine.setWssConfig(newInstance);
            WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(build, (String) null, callbackHandler, (Crypto) null).getActionResults().get(4096)).get(0);
            Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
            Principal principal = (Principal) wSSecurityEngineResult.get("principal");
            Assertions.assertTrue(principal instanceof KerberosPrincipal);
            Assertions.assertTrue(principal.getName().contains("alice"));
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    @Test
    public void testKerberosEncryptionBSTFirst() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.7
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    } else if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        };
        kerberosSecurity.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        SecretKey secretKey = kerberosSecurity.getSecretKey();
        wSSecEncrypt.setEncryptSymmKey(false);
        wSSecEncrypt.setCustomReferenceValue("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
        wSSecEncrypt.setEncKeyId(kerberosSecurity.getID());
        Document build = wSSecEncrypt.build((Crypto) null, secretKey);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(build, (String) null, callbackHandler, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testKerberosEncryptionKI() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.8
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    } else if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        };
        kerberosSecurity.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        SecretKey secretKey = kerberosSecurity.getSecretKey();
        wSSecEncrypt.setEncryptSymmKey(false);
        wSSecEncrypt.setCustomReferenceValue("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1");
        wSSecEncrypt.setEncKeyId(org.apache.xml.security.utils.XMLUtils.encodeToString(KeyUtils.generateDigest(kerberosSecurity.getToken())));
        Document build = wSSecEncrypt.build((Crypto) null, secretKey);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(build, (String) null, callbackHandler, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testKerberosSignatureOutbound() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(WSSConstants.SIGNATURE_WITH_KERBEROS_TOKEN);
        wSSSecurityProperties.setActions(arrayList);
        wSSSecurityProperties.setCallbackHandler(new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.9
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof KerberosContextAndServiceNameCallback) {
                    KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback = (KerberosContextAndServiceNameCallback) callbackArr[0];
                    kerberosContextAndServiceNameCallback.setContextName("alice");
                    kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
                } else if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    }
                }
            }
        });
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = WSSec.getOutboundWSSec(wSSSecurityProperties).processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name(), new ArrayList());
        XmlReaderToWriter.writeAll(xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")), processOutMessage);
        processOutMessage.close();
        Document parse = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        Assertions.assertEquals(parse.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart()).getLength(), 1);
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(parse, (String) null, new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.10
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        }, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testKerberosSignatureInbound() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        kerberosSecurity.retrieveServiceTicket("alice", new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.11
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    }
                }
            }
        }, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecSignature.setKeyIdentifierType(9);
        wSSecSignature.setCustomTokenId(kerberosSecurity.getID());
        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
        wSSecSignature.setSecretKey(kerberosSecurity.getSecretKey().getEncoded());
        wSSecSignature.build((Crypto) null);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(sOAPPart), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.setCallbackHandler(new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.12
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                        return;
                    }
                    return;
                }
                if (callbackArr[0] instanceof KerberosContextAndServiceNameCallback) {
                    KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback = (KerberosContextAndServiceNameCallback) callbackArr[0];
                    kerberosContextAndServiceNameCallback.setContextName("bob");
                    kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
                }
            }
        });
        final ArrayList arrayList = new ArrayList();
        NodeList elementsByTagNameNS = StAX2DOM.readDoc(dbf.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), (List) null, new SecurityEventListener() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.13
            public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
                if (securityEvent instanceof KerberosTokenSecurityEvent) {
                    arrayList.add((KerberosTokenSecurityEvent) securityEvent);
                }
            }
        })).getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
        Assertions.assertEquals(elementsByTagNameNS.getLength(), 1);
        Assertions.assertEquals(elementsByTagNameNS.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
        Assertions.assertEquals(arrayList.size(), 1);
        KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) arrayList.get(0);
        Assertions.assertNotNull(kerberosTokenSecurityEvent.getSecurityToken().getSubject());
        Assertions.assertTrue(kerberosTokenSecurityEvent.getSecurityToken().getPrincipal() instanceof KerberosPrincipal);
        Assertions.assertEquals(kerberosTokenSecurityEvent.getSecurityToken().getPrincipal().getName(), "alice@service.ws.apache.org");
    }

    @Test
    public void testKerberosSignatureKIInbound() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        kerberosSecurity.retrieveServiceTicket("alice", new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.14
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    }
                }
            }
        }, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
        wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        wSSecSignature.setKeyIdentifierType(12);
        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1");
        wSSecSignature.setSecretKey(kerberosSecurity.getSecretKey().getEncoded());
        wSSecSignature.setCustomTokenId(org.apache.xml.security.utils.XMLUtils.encodeToString(KeyUtils.generateDigest(kerberosSecurity.getToken())));
        wSSecSignature.build((Crypto) null);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(sOAPPart), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadSignatureVerificationKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.setCallbackHandler(new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.15
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                        return;
                    }
                    return;
                }
                if (callbackArr[0] instanceof KerberosContextAndServiceNameCallback) {
                    KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback = (KerberosContextAndServiceNameCallback) callbackArr[0];
                    kerberosContextAndServiceNameCallback.setContextName("bob");
                    kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
                }
            }
        });
        final ArrayList arrayList = new ArrayList();
        NodeList elementsByTagNameNS = StAX2DOM.readDoc(dbf.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), (List) null, new SecurityEventListener() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.16
            public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
                if (securityEvent instanceof KerberosTokenSecurityEvent) {
                    arrayList.add((KerberosTokenSecurityEvent) securityEvent);
                }
            }
        })).getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
        Assertions.assertEquals(elementsByTagNameNS.getLength(), 1);
        Assertions.assertEquals(elementsByTagNameNS.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
        Assertions.assertEquals(arrayList.size(), 1);
    }

    @Test
    public void testKerberosEncryptionOutbound() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(WSSConstants.ENCRYPTION_WITH_KERBEROS_TOKEN);
        wSSSecurityProperties.setActions(arrayList);
        wSSSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSSecurityProperties.setCallbackHandler(new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.17
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof KerberosContextAndServiceNameCallback) {
                    KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback = (KerberosContextAndServiceNameCallback) callbackArr[0];
                    kerberosContextAndServiceNameCallback.setContextName("alice");
                    kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
                } else if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    }
                }
            }
        });
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = WSSec.getOutboundWSSec(wSSSecurityProperties).processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name(), new ArrayList());
        XmlReaderToWriter.writeAll(xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")), processOutMessage);
        processOutMessage.close();
        Document parse = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        Assertions.assertEquals(1, parse.getElementsByTagNameNS(WSSConstants.TAG_xenc_ReferenceList.getNamespaceURI(), WSSConstants.TAG_xenc_ReferenceList.getLocalPart()).getLength());
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(parse, (String) null, new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.18
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        }, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testKerberosEncryptionOutboundDeprecatedTag() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        ArrayList arrayList = new ArrayList();
        arrayList.add(WSSConstants.ENCRYPT_WITH_KERBEROS_TOKEN);
        wSSSecurityProperties.setActions(arrayList);
        wSSSecurityProperties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        wSSSecurityProperties.setCallbackHandler(new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.19
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof KerberosContextAndServiceNameCallback) {
                    KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback = (KerberosContextAndServiceNameCallback) callbackArr[0];
                    kerberosContextAndServiceNameCallback.setContextName("alice");
                    kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
                } else if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    }
                }
            }
        });
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLStreamWriter processOutMessage = WSSec.getOutboundWSSec(wSSSecurityProperties).processOutMessage(byteArrayOutputStream, StandardCharsets.UTF_8.name(), new ArrayList());
        XmlReaderToWriter.writeAll(xmlInputFactory.createXMLStreamReader(getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml")), processOutMessage);
        processOutMessage.close();
        Document parse = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        Assertions.assertEquals(1, parse.getElementsByTagNameNS(WSSConstants.TAG_xenc_ReferenceList.getNamespaceURI(), WSSConstants.TAG_xenc_ReferenceList.getLocalPart()).getLength());
        WSSConfig newInstance = WSSConfig.getNewInstance();
        KerberosTokenValidator kerberosTokenValidator = new KerberosTokenValidator();
        kerberosTokenValidator.setContextName("bob");
        kerberosTokenValidator.setServiceName("bob@service.ws.apache.org");
        newInstance.setValidator(WSConstants.BINARY_TOKEN, kerberosTokenValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) wSSecurityEngine.processSecurityHeader(parse, (String) null, new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.20
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                    }
                }
            }
        }, (Crypto) null).getActionResults().get(4096)).get(0);
        Assertions.assertNotNull((BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
        Principal principal = (Principal) wSSecurityEngineResult.get("principal");
        Assertions.assertTrue(principal instanceof KerberosPrincipal);
        Assertions.assertTrue(principal.getName().contains("alice"));
    }

    @Test
    public void testKerberosEncryptionInbound() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        kerberosSecurity.retrieveServiceTicket("alice", new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.21
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    }
                }
            }
        }, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
        SecretKey secretKey = kerberosSecurity.getSecretKey();
        wSSecEncrypt.setEncryptSymmKey(false);
        wSSecEncrypt.setCustomReferenceValue("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
        wSSecEncrypt.setEncKeyId(kerberosSecurity.getID());
        wSSecEncrypt.build((Crypto) null, secretKey);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(sOAPPart), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.setCallbackHandler(new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.22
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                        return;
                    }
                    return;
                }
                if (callbackArr[0] instanceof KerberosContextAndServiceNameCallback) {
                    KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback = (KerberosContextAndServiceNameCallback) callbackArr[0];
                    kerberosContextAndServiceNameCallback.setContextName("bob");
                    kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
                }
            }
        });
        final ArrayList arrayList = new ArrayList();
        Document readDoc = StAX2DOM.readDoc(dbf.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), (List) null, new SecurityEventListener() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.23
            public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
                if (securityEvent instanceof KerberosTokenSecurityEvent) {
                    arrayList.add((KerberosTokenSecurityEvent) securityEvent);
                }
            }
        }));
        NodeList elementsByTagNameNS = readDoc.getElementsByTagNameNS(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN.getNamespaceURI(), WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN.getLocalPart());
        Assertions.assertEquals(elementsByTagNameNS.getLength(), 1);
        Assertions.assertEquals(elementsByTagNameNS.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
        Assertions.assertEquals(readDoc.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart()).getLength(), 0);
        Assertions.assertEquals(arrayList.size(), 1);
    }

    @Test
    public void testKerberosEncryptionKIInbound() throws Exception {
        if (!runTests) {
            System.out.println("Skipping test because kerberos server could not be started");
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        KerberosSecurity kerberosSecurity = new KerberosSecurity(sOAPPart);
        kerberosSecurity.retrieveServiceTicket("alice", new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.24
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("alice")) {
                        passwordCallback.setPassword("alice".toCharArray());
                    }
                }
            }
        }, "bob@service.ws.apache.org");
        kerberosSecurity.setID("Id-" + kerberosSecurity.hashCode());
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
        wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        SecretKey secretKey = kerberosSecurity.getSecretKey();
        wSSecEncrypt.setEncryptSymmKey(false);
        wSSecEncrypt.setCustomReferenceValue("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1");
        wSSecEncrypt.setEncKeyId(org.apache.xml.security.utils.XMLUtils.encodeToString(KeyUtils.generateDigest(kerberosSecurity.getToken())));
        wSSecEncrypt.build((Crypto) null, secretKey);
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeaderElement(), kerberosSecurity.getElement());
        TRANSFORMER_FACTORY.newTransformer().transform(new DOMSource(sOAPPart), new StreamResult(byteArrayOutputStream));
        WSSSecurityProperties wSSSecurityProperties = new WSSSecurityProperties();
        wSSSecurityProperties.loadDecryptionKeystore(getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
        wSSSecurityProperties.setCallbackHandler(new CallbackHandler() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.25
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (callbackArr[0] instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callbackArr[0];
                    if (passwordCallback.getPrompt().contains("bob")) {
                        passwordCallback.setPassword("bob".toCharArray());
                        return;
                    }
                    return;
                }
                if (callbackArr[0] instanceof KerberosContextAndServiceNameCallback) {
                    KerberosContextAndServiceNameCallback kerberosContextAndServiceNameCallback = (KerberosContextAndServiceNameCallback) callbackArr[0];
                    kerberosContextAndServiceNameCallback.setContextName("bob");
                    kerberosContextAndServiceNameCallback.setServiceName("bob@service.ws.apache.org");
                }
            }
        });
        final ArrayList arrayList = new ArrayList();
        Document readDoc = StAX2DOM.readDoc(dbf.newDocumentBuilder(), WSSec.getInboundWSSec(wSSSecurityProperties).processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())), (List) null, new SecurityEventListener() { // from class: org.apache.wss4j.integration.test.kerberos.KerberosTest.26
            public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
                if (securityEvent instanceof KerberosTokenSecurityEvent) {
                    arrayList.add((KerberosTokenSecurityEvent) securityEvent);
                }
            }
        }));
        NodeList elementsByTagNameNS = readDoc.getElementsByTagNameNS(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN.getNamespaceURI(), WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN.getLocalPart());
        Assertions.assertEquals(elementsByTagNameNS.getLength(), 1);
        Assertions.assertEquals(elementsByTagNameNS.item(0).getParentNode().getLocalName(), WSSConstants.TAG_WSSE_SECURITY.getLocalPart());
        Assertions.assertEquals(readDoc.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart()).getLength(), 0);
        Assertions.assertEquals(arrayList.size(), 1);
    }
}
