package org.apache.wss4j.dom.saml;

import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.TreeMap;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.NameIDBean;
import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.common.SAMLElementCallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSAMLToken;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.ReferenceList;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.RetrievalMethod;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.transforms.Transforms;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSInteger;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.Conditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/saml/SamlTokenTest.class */
public class SamlTokenTest {
    private static final Logger LOG = LoggerFactory.getLogger(SamlTokenTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private static final String IP_ADDRESS = "12.34.56.78";

    public SamlTokenTest() {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSConstants.SAML_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidator(WSConstants.SAML2_TOKEN, new CustomSamlAssertionValidator());
        this.secEngine.setWssConfig(newInstance);
    }

    @Test
    public void testSAML1AuthnAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML1CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
        Assertions.assertNull(samlAssertionWrapper.getSignatureValue());
    }

    @Test
    public void testSAML1AuthnAssertionViaElement() throws Exception {
        SAMLElementCallbackHandler sAMLElementCallbackHandler = new SAMLElementCallbackHandler();
        sAMLElementCallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAMLElementCallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
        Assertions.assertNull(samlAssertionWrapper.getSignatureValue());
    }

    @Test
    public void testSAML1AttrAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML1CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML1AuthzAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setResource("http://resource.org");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML1CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2AuthnAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2AttrAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2AuthzAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setResource("http://resource.org");
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSaml1Action() throws Exception {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        RequestData requestData = new RequestData();
        requestData.setWssConfig(newInstance);
        TreeMap treeMap = new TreeMap();
        treeMap.put("samlCallbackRef", new SAML1CallbackHandler());
        requestData.setMsgContext(treeMap);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        new CustomHandler().send(sOAPPart, requestData, Collections.singletonList(new HandlerAction(8)), true);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(sOAPPart);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Unsigned SAML 1.1 authentication assertion via an Action:");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertFalse(prettyDocumentToString.contains("Signature"));
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(sOAPPart).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML1AuthnBadIssuerAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example2.com");
        createAndVerifyMessage(sAML1CallbackHandler, false);
    }

    @Test
    public void testSAML2AuthnBadIssuerAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example2.com");
        createAndVerifyMessage(sAML2CallbackHandler, false);
    }

    @Test
    public void testSAML1SubjectNameIDFormat() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectNameIDFormat() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML1SubjectLocality() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectLocality(IP_ADDRESS, "test-dns");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains(IP_ADDRESS));
        Assertions.assertTrue(prettyDocumentToString.contains("test-dns"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SessionNotOnOrAfter() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setSessionNotOnOrAfter(Instant.now().plus((TemporalAmount) Duration.ofHours(1L)));
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2.0 Authn Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("SessionNotOnOrAfter"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectLocality() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectLocality(IP_ADDRESS, "test-dns");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains(IP_ADDRESS));
        Assertions.assertTrue(prettyDocumentToString.contains("test-dns"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML1Resource() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHZ);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setResource("http://resource.org");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authz Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("http://resource.org"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AttrAssertionCustomAttribute() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
        Conditions buildObject = builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME).buildObject();
        Instant now = Instant.now();
        buildObject.setNotBefore(now);
        buildObject.setNotOnOrAfter(now.plus((TemporalAmount) Duration.ofMinutes(5L)));
        XSAny buildObject2 = builderFactory.getBuilder(XSAny.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME);
        buildObject2.getUnknownXMLObjects().add(buildObject);
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildObject2);
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Attr Assertion (sender vouches):");
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2AttrAssertionIntegerAttribute() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        XSInteger buildObject = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
        buildObject.setValue(5);
        ArrayList arrayList = new ArrayList();
        arrayList.add(buildObject);
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
    }

    @Test
    public void testSAML2SubjectConfirmationData() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SubjectConfirmationDataBean subjectConfirmationDataBean = new SubjectConfirmationDataBean();
        subjectConfirmationDataBean.setAddress("http://apache.org");
        subjectConfirmationDataBean.setInResponseTo("12345");
        subjectConfirmationDataBean.setNotAfter(Instant.now().plus((TemporalAmount) Duration.ofMinutes(5L)));
        subjectConfirmationDataBean.setRecipient("http://recipient.apache.org");
        sAML2CallbackHandler.setSubjectConfirmationData(subjectConfirmationDataBean);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper));
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("http://recipient.apache.org"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectConfirmationNameID() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        NameIDBean nameIDBean = new NameIDBean();
        nameIDBean.setNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
        nameIDBean.setNameQualifier("confirmationNameQualifier");
        nameIDBean.setNameValue("confirmationNameQualifierValue");
        nameIDBean.setSPNameQualifier("spNameQualifier");
        sAML2CallbackHandler.setSubjectConfirmationNameID(nameIDBean);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper));
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("confirmationNameQualifierValue"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2EncryptedAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken(wSSecHeader);
        wSSecSAMLToken.prepare(samlAssertionWrapper);
        Element element = wSSecSAMLToken.getElement();
        Element createElementNS = sOAPPart.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "EncryptedAssertion");
        createElementNS.appendChild(element);
        wSSecHeader.getSecurityHeaderElement().appendChild(createElementNS);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        X509Certificate[] x509Certificates = cryptoFactory.getX509Certificates(cryptoType);
        Assertions.assertTrue((x509Certificates == null || x509Certificates.length <= 0 || x509Certificates[0] == null) ? false : true);
        encryptElement(sOAPPart, element, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", generateKey, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", x509Certificates[0], false, true);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        requestData.setCallbackHandler(new KeystoreCallbackHandler());
        requestData.setDecCrypto(cryptoFactory);
        requestData.setSigVerCrypto(cryptoFactory);
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(sOAPPart, requestData);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) processSecurityHeader.getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertNotNull(samlAssertionWrapper2.getElement());
        Assertions.assertTrue("Assertion".equals(samlAssertionWrapper2.getElement().getLocalName()));
        Assertions.assertNotNull((WSSecurityEngineResult) ((List) processSecurityHeader.getActionResults().get(4)).get(0));
    }

    @Test
    public void testSAML2EncryptedAssertionViaSeparateEncryptedKey() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken(wSSecHeader);
        wSSecSAMLToken.prepare(samlAssertionWrapper);
        Element element = wSSecSAMLToken.getElement();
        Element createElementNS = sOAPPart.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "EncryptedAssertion");
        createElementNS.appendChild(element);
        wSSecHeader.getSecurityHeaderElement().appendChild(createElementNS);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        X509Certificate[] x509Certificates = cryptoFactory.getX509Certificates(cryptoType);
        Assertions.assertTrue((x509Certificates == null || x509Certificates.length <= 0 || x509Certificates[0] == null) ? false : true);
        XMLCipher xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        xMLCipher.init(1, generateKey);
        EncryptedData encryptedData = xMLCipher.getEncryptedData();
        KeyInfo keyInfo = encryptedData.getKeyInfo();
        if (keyInfo == null) {
            keyInfo = new KeyInfo(sOAPPart);
            keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
            encryptedData.setKeyInfo(keyInfo);
        }
        String generateID = IDGenerator.generateID((String) null);
        keyInfo.add(new RetrievalMethod(sOAPPart, "#" + generateID, (Transforms) null, "http://www.w3.org/2001/04/xmlenc#EncryptedKey"));
        xMLCipher.doFinal(sOAPPart, element, false);
        String generateID2 = IDGenerator.generateID((String) null);
        ((Element) createElementNS.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0)).setAttributeNS(null, "Id", generateID2);
        XMLCipher xMLCipher2 = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        xMLCipher2.init(3, x509Certificates[0].getPublicKey());
        EncryptedKey encryptKey = xMLCipher2.encryptKey(sOAPPart, generateKey);
        KeyInfo keyInfo2 = encryptKey.getKeyInfo();
        if (keyInfo2 == null) {
            keyInfo2 = new KeyInfo(sOAPPart);
            keyInfo2.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
            encryptKey.setKeyInfo(keyInfo2);
        }
        X509Data x509Data = new X509Data(sOAPPart);
        x509Data.addIssuerSerial(x509Certificates[0].getIssuerX500Principal().getName(), x509Certificates[0].getSerialNumber());
        keyInfo2.add(x509Data);
        ReferenceList createReferenceList = xMLCipher2.createReferenceList(1);
        createReferenceList.add(createReferenceList.newDataReference("#" + generateID2));
        encryptKey.setReferenceList(createReferenceList);
        Element martial = xMLCipher2.martial(encryptKey);
        martial.setAttributeNS(null, "Id", generateID);
        createElementNS.appendChild(martial);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        requestData.setCallbackHandler(new KeystoreCallbackHandler());
        requestData.setDecCrypto(cryptoFactory);
        requestData.setSigVerCrypto(cryptoFactory);
        requestData.setDisableBSPEnforcement(true);
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(sOAPPart, requestData);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) processSecurityHeader.getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertNotNull(samlAssertionWrapper2.getElement());
        Assertions.assertTrue("Assertion".equals(samlAssertionWrapper2.getElement().getLocalName()));
        Assertions.assertNotNull((WSSecurityEngineResult) ((List) processSecurityHeader.getActionResults().get(4)).get(0));
    }

    @Test
    public void testSAML2EncryptedAssertionNoSTR() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken(wSSecHeader);
        wSSecSAMLToken.prepare(samlAssertionWrapper);
        Element element = wSSecSAMLToken.getElement();
        Element createElementNS = sOAPPart.createElementNS("urn:oasis:names:tc:SAML:2.0:assertion", "EncryptedAssertion");
        createElementNS.appendChild(element);
        wSSecHeader.getSecurityHeaderElement().appendChild(createElementNS);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        SecretKey generateKey = keyGenerator.generateKey();
        Crypto cryptoFactory = CryptoFactory.getInstance("wss40.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("wss40");
        X509Certificate[] x509Certificates = cryptoFactory.getX509Certificates(cryptoType);
        Assertions.assertTrue((x509Certificates == null || x509Certificates.length <= 0 || x509Certificates[0] == null) ? false : true);
        encryptElement(sOAPPart, element, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", generateKey, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", x509Certificates[0], false, false);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(sOAPPart));
        }
        RequestData requestData = new RequestData();
        requestData.setDecCrypto(cryptoFactory);
        ArrayList arrayList = new ArrayList();
        arrayList.add(BSPRule.R5426);
        requestData.setIgnoredBSPRules(arrayList);
        requestData.setCallbackHandler(new KeystoreCallbackHandler());
        requestData.setValidateSamlSubjectConfirmation(false);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSConstants.SAML_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidator(WSConstants.SAML2_TOKEN, new CustomSamlAssertionValidator());
        wSSecurityEngine.setWssConfig(newInstance);
        WSHandlerResult processSecurityHeader = wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) processSecurityHeader.getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertNotNull(samlAssertionWrapper2.getElement());
        Assertions.assertTrue("Assertion".equals(samlAssertionWrapper2.getElement().getLocalName()));
        Assertions.assertNotNull((WSSecurityEngineResult) ((List) processSecurityHeader.getActionResults().get(4)).get(0));
    }

    @Test
    public void testAssertionWrapper() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        String nodeToString = DOM2Writer.nodeToString(samlAssertionWrapper.toDOM(newInstance.newDocumentBuilder().newDocument()));
        Assertions.assertEquals(nodeToString, new SamlAssertionWrapper(newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(nodeToString.getBytes())).getDocumentElement()).assertionToString());
    }

    @Test
    public void testAssertionWrapperNoDocument() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        String nodeToString = DOM2Writer.nodeToString(new SamlAssertionWrapper(sAMLCallback).toDOM((Document) null));
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(nodeToString.getBytes());
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Assertions.assertEquals(nodeToString, new SamlAssertionWrapper(newInstance.newDocumentBuilder().parse(byteArrayInputStream).getDocumentElement()).assertionToString());
    }

    @Test
    public void testRequiredSubjectConfirmationMethod() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        WSSConfig newInstance = WSSConfig.getNewInstance();
        SamlAssertionValidator samlAssertionValidator = new SamlAssertionValidator();
        samlAssertionValidator.setRequiredSubjectConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:sender-vouches");
        newInstance.setValidator(WSConstants.SAML_TOKEN, samlAssertionValidator);
        newInstance.setValidator(WSConstants.SAML2_TOKEN, samlAssertionValidator);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(newInstance);
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        SAMLCallback sAMLCallback2 = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback2);
        SamlAssertionWrapper samlAssertionWrapper2 = new SamlAssertionWrapper(sAMLCallback2);
        WSSecHeader wSSecHeader2 = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader2.insertSecurityHeader();
        try {
            wSSecurityEngine.processSecurityHeader(new WSSecSAMLToken(wSSecHeader2).build(samlAssertionWrapper2), (String) null, (CallbackHandler) null, (Crypto) null);
            Assertions.fail("Failure expected on an incorrect subject confirmation method");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
        }
    }

    @Test
    public void testStandardSubjectConfirmationMethod() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:custom");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(build, (String) null, (CallbackHandler) null, (Crypto) null);
            Assertions.fail("Failure expected on an unknown subject confirmation method");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        SamlAssertionValidator samlAssertionValidator = new SamlAssertionValidator();
        samlAssertionValidator.setRequireStandardSubjectConfirmationMethod(false);
        newInstance.setValidator(WSConstants.SAML_TOKEN, samlAssertionValidator);
        newInstance.setValidator(WSConstants.SAML2_TOKEN, samlAssertionValidator);
        wSSecurityEngine.setWssConfig(newInstance);
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testUnsignedBearer() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        try {
            wSSecurityEngine.processSecurityHeader(build, (String) null, (CallbackHandler) null, (Crypto) null);
            Assertions.fail("Failure expected on an unsigned bearer token");
        } catch (WSSecurityException e) {
            Assertions.assertTrue(e.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
        }
        WSSConfig newInstance = WSSConfig.getNewInstance();
        SamlAssertionValidator samlAssertionValidator = new SamlAssertionValidator();
        samlAssertionValidator.setRequireBearerSignature(false);
        newInstance.setValidator(WSConstants.SAML_TOKEN, samlAssertionValidator);
        newInstance.setValidator(WSConstants.SAML2_TOKEN, samlAssertionValidator);
        wSSecurityEngine.setWssConfig(newInstance);
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        wSSecurityEngine.processSecurityHeader(sOAPPart, requestData);
    }

    @Test
    public void testSAML2Advice() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        Element dom = samlAssertionWrapper.toDOM(sOAPPart);
        SAML2CallbackHandler sAML2CallbackHandler2 = new SAML2CallbackHandler();
        sAML2CallbackHandler2.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler2.setIssuer("www.example.com");
        sAML2CallbackHandler2.setAssertionAdviceElement(dom);
        SAMLCallback sAMLCallback2 = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler2, sAMLCallback2);
        SamlAssertionWrapper samlAssertionWrapper2 = new SamlAssertionWrapper(sAMLCallback2);
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper2);
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("Advice"));
        SamlAssertionWrapper samlAssertionWrapper3 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) verify(build).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper3);
        Assertions.assertFalse(samlAssertionWrapper3.isSigned());
    }

    @Test
    public void testSAML2SpecialCharacter() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectName("uid=jöe,ou=people,ou=saml-demo,o=example.com");
        ArrayList arrayList = new ArrayList(1);
        arrayList.add("jöan");
        sAML2CallbackHandler.setCustomAttributeValues(arrayList);
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        Document sOAPPart = SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>");
        WSSecHeader wSSecHeader = new WSSecHeader(sOAPPart);
        wSSecHeader.insertSecurityHeader();
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper));
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) new WSSecurityEngine().processSecurityHeader(sOAPPart, requestData).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2IssuerFormat() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setIssuerFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        String prettyDocumentToString = XMLUtils.prettyDocumentToString(new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper));
        if (LOG.isDebugEnabled()) {
            LOG.debug(prettyDocumentToString);
        }
        Assertions.assertTrue(prettyDocumentToString.contains("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) ((WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0)).get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper2);
        Assertions.assertFalse(samlAssertionWrapper2.isSigned());
    }

    @Test
    public void testSAML2SubjectWithComment() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectName("uid=joe,ou=people<!---->o=example.com");
        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) ((List) createAndVerifyMessage(sAML2CallbackHandler, true).getActionResults().get(8)).get(0);
        SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) wSSecurityEngineResult.get("saml-assertion");
        Assertions.assertNotNull(samlAssertionWrapper);
        Assertions.assertFalse(samlAssertionWrapper.isSigned());
        Assertions.assertEquals("uid=joe,ou=people<!---->o=example.com", ((Principal) wSSecurityEngineResult.get("principal")).getName());
    }

    private void encryptElement(Document document, Element element, String str, Key key, String str2, X509Certificate x509Certificate, boolean z, boolean z2) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance(str);
        xMLCipher.init(1, key);
        if (x509Certificate != null) {
            XMLCipher xMLCipher2 = XMLCipher.getInstance(str2);
            xMLCipher2.init(3, x509Certificate.getPublicKey());
            EncryptedKey encryptKey = xMLCipher2.encryptKey(document, key);
            KeyInfo keyInfo = encryptKey.getKeyInfo();
            if (keyInfo == null) {
                keyInfo = new KeyInfo(document);
                keyInfo.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
                encryptKey.setKeyInfo(keyInfo);
            }
            if (z2) {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
                securityTokenReference.addWSSENamespace();
                securityTokenReference.setKeyIdentifierSKI(x509Certificate, (Crypto) null);
                keyInfo.addUnknownElement(securityTokenReference.getElement());
            } else {
                X509Data x509Data = new X509Data(document);
                x509Data.addIssuerSerial(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber());
                keyInfo.add(x509Data);
            }
            EncryptedData encryptedData = xMLCipher.getEncryptedData();
            KeyInfo keyInfo2 = encryptedData.getKeyInfo();
            if (keyInfo2 == null) {
                keyInfo2 = new KeyInfo(document);
                keyInfo2.getElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
                encryptedData.setKeyInfo(keyInfo2);
            }
            keyInfo2.add(encryptKey);
        }
        xMLCipher.doFinal(document, element, z);
    }

    private WSHandlerResult createAndVerifyMessage(CallbackHandler callbackHandler, boolean z) throws Exception {
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            WSHandlerResult verify = verify(build);
            if (!z) {
                Assertions.fail("Failure expected in processing the SAML assertion");
            }
            return verify;
        } catch (WSSecurityException e) {
            Assertions.assertFalse(z);
            Assertions.assertTrue(e.getMessage().contains("SAML token security failure"));
            return null;
        }
    }

    private WSHandlerResult verify(Document document) throws Exception {
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(document, requestData);
        Assertions.assertTrue(XMLUtils.prettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }
}
