package org.apache.wss4j.dom.saml;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSAMLToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/saml/SamlAuthnTest.class */
public class SamlAuthnTest {
    private static final Logger LOG = LoggerFactory.getLogger(SamlAuthnTest.class);
    private WSSecurityEngine secEngine = new WSSecurityEngine();

    public SamlAuthnTest() {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setValidator(WSConstants.SAML_TOKEN, new CustomSamlAssertionValidator());
        newInstance.setValidator(WSConstants.SAML2_TOKEN, new CustomSamlAssertionValidator());
        this.secEngine.setWssConfig(newInstance);
    }

    @Test
    public void testSAML1AuthnAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        createAndVerifyMessage(sAML1CallbackHandler, true);
    }

    @Test
    public void testSAML2AuthnAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        createAndVerifyMessage(sAML2CallbackHandler, true);
    }

    @Test
    public void testSAML1FutureAuthnInstant() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setAuthenticationInstant(Instant.now().plus((TemporalAmount) Duration.ofMinutes(70L)));
        createAndVerifyMessage(sAML1CallbackHandler, false);
    }

    @Test
    public void testSAML2FutureAuthnInstant() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setAuthenticationInstant(Instant.now().plus((TemporalAmount) Duration.ofMinutes(70L)));
        createAndVerifyMessage(sAML2CallbackHandler, false);
    }

    @Test
    public void testSAML2StaleSessionNotOnOrAfter() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSessionNotOnOrAfter(Instant.now().minus((TemporalAmount) Duration.ofMinutes(70L)));
        createAndVerifyMessage(sAML2CallbackHandler, false);
    }

    @Test
    public void testSAML1ValidSubjectLocality() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
        createAndVerifyMessage(sAML1CallbackHandler, true);
    }

    @Test
    public void testSAML2ValidSubjectLocality() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
        createAndVerifyMessage(sAML2CallbackHandler, true);
    }

    @Test
    public void testSAML1InvalidSubjectLocality() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setIssuer("www.example.com");
        sAML1CallbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
        createAndVerifyMessage(sAML1CallbackHandler, false);
    }

    @Test
    public void testSAML2InalidSubjectLocality() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setIssuer("www.example.com");
        sAML2CallbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
        createAndVerifyMessage(sAML2CallbackHandler, false);
    }

    private void createAndVerifyMessage(CallbackHandler callbackHandler, boolean z) throws Exception {
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        WSSecHeader wSSecHeader = new WSSecHeader(SOAPUtil.toSOAPPart("<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">15</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>"));
        wSSecHeader.insertSecurityHeader();
        Document build = new WSSecSAMLToken(wSSecHeader).build(samlAssertionWrapper);
        if (LOG.isDebugEnabled()) {
            LOG.debug(XMLUtils.prettyDocumentToString(build));
        }
        try {
            verify(build);
            if (!z) {
                Assertions.fail("Failure expected in processing the SAML assertion");
            }
        } catch (WSSecurityException e) {
            Assertions.assertFalse(z);
            Assertions.assertTrue(e.getMessage().contains("SAML token security failure"));
        }
    }

    private WSHandlerResult verify(Document document) throws Exception {
        RequestData requestData = new RequestData();
        requestData.setValidateSamlSubjectConfirmation(false);
        WSHandlerResult processSecurityHeader = this.secEngine.processSecurityHeader(document, requestData);
        Assertions.assertTrue(XMLUtils.prettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }
}
