package org.apache.wss4j.dom.saml;

import java.security.KeyStore;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.common.AbstractSAMLCallbackHandler;
import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.common.SOAPUtil;
import org.apache.wss4j.dom.common.SecurityTestUtil;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.class */
public class SignedSamlTokenHOKTest extends Assert {
    private static final Logger LOG;
    private Crypto trustCrypto;
    private Crypto issuerCrypto;
    static final /* synthetic */ boolean $assertionsDisabled;
    private WSSecurityEngine secEngine = new WSSecurityEngine();
    private CallbackHandler callbackHandler = new KeystoreCallbackHandler();
    private Crypto userCrypto = CryptoFactory.getInstance("wss40.properties");

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    public SignedSamlTokenHOKTest() throws Exception {
        this.trustCrypto = null;
        this.issuerCrypto = null;
        WSSConfig.init();
        this.issuerCrypto = new Merlin();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        ClassLoader classLoader = Loader.getClassLoader(SignedSamlTokenHOKTest.class);
        keyStore.load(Merlin.loadInputStream(classLoader, "keys/wss40_server.jks"), "security".toCharArray());
        this.issuerCrypto.setKeyStore(keyStore);
        this.trustCrypto = new Merlin();
        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore2.load(Merlin.loadInputStream(classLoader, "keys/wss40CA.jks"), "security".toCharArray());
        this.trustCrypto.setTrustStore(keyStore2);
    }

    @Test
    public void testSAML1AuthnAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("wss40", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, this.userCrypto, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signed SAML 1.1 Authn Assertion (key holder):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("http://www.w3.org/2001/04/xmlenc#sha256"));
        assertTrue(PrettyDocumentToString.contains("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"));
        List<WSSecurityEngineResult> verify = verify(build, this.trustCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.isSigned());
        assertTrue(samlAssertionWrapper2.getSignatureValue() != null);
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    @Test
    public void testSAML1AttrAssertion() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        byte[] ephemeralKey = sAML1CallbackHandler.getEphemeralKey();
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("wss40", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(3);
        wSSecSignatureSAML.setSecretKey(ephemeralKey);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, this.userCrypto, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signed SAML 1.1 Attr Assertion (key holder):");
            LOG.debug(PrettyDocumentToString);
        }
        List<WSSecurityEngineResult> verify = verify(build, this.trustCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.isSigned());
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    @Test
    public void testSAML2AuthnAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("wss40", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, this.userCrypto, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signed SAML 2 Authn Assertion (key holder):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("http://www.w3.org/2001/04/xmlenc#sha256"));
        assertTrue(PrettyDocumentToString.contains("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"));
        List<WSSecurityEngineResult> verify = verify(build, this.trustCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.isSigned());
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    @Test
    public void testSAML2AttrAssertion() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.ATTR);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        byte[] ephemeralKey = sAML2CallbackHandler.getEphemeralKey();
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("wss40", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(3);
        wSSecSignatureSAML.setSecretKey(ephemeralKey);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, this.userCrypto, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signed SAML 2 Attr Assertion (key holder):");
            LOG.debug(PrettyDocumentToString);
        }
        List<WSSecurityEngineResult> verify = verify(build, this.trustCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.isSigned());
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    @Test
    public void testSAML1AuthnAssertionIssuerSerial() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
        sAML1CallbackHandler.setCertIdentifier(KeyInfoBean.CERT_IDENTIFIER.X509_ISSUER_SERIAL);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("wss40", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, this.userCrypto, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion Issuer Serial (holder-of-key):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("X509IssuerSerial"));
        List<WSSecurityEngineResult> verify = verify(build, this.userCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.isSigned());
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    @Test
    public void testSAML1AuthnAssertionKeyValue() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
        sAML1CallbackHandler.setCertIdentifier(KeyInfoBean.CERT_IDENTIFIER.KEY_VALUE);
        sAML1CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("wss40", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, this.userCrypto, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 1.1 Authn Assertion Key Value (holder-of-key):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("KeyValue"));
        List<WSSecurityEngineResult> verify = verify(build, this.userCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        if (!$assertionsDisabled && !samlAssertionWrapper2.isSigned()) {
            throw new AssertionError();
        }
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    @Test
    public void testSAML2AuthnAssertionKeyValue() throws Exception {
        SAML2CallbackHandler sAML2CallbackHandler = new SAML2CallbackHandler();
        sAML2CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML2CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
        sAML2CallbackHandler.setCertIdentifier(KeyInfoBean.CERT_IDENTIFIER.KEY_VALUE);
        sAML2CallbackHandler.setIssuer("www.example.com");
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML2CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("wss40", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, this.userCrypto, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SAML 2 Authn Assertion Key Value (holder-of-key):");
            LOG.debug(PrettyDocumentToString);
        }
        assertTrue(PrettyDocumentToString.contains("KeyValue"));
        List<WSSecurityEngineResult> verify = verify(build, this.userCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.isSigned());
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    @Test
    public void testSAML1AuthnAssertionTrust() throws Exception {
        SAML1CallbackHandler sAML1CallbackHandler = new SAML1CallbackHandler();
        sAML1CallbackHandler.setStatement(AbstractSAMLCallbackHandler.Statement.AUTHN);
        sAML1CallbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key");
        sAML1CallbackHandler.setIssuer("www.example.com");
        Crypto cryptoFactory = CryptoFactory.getInstance("crypto.properties");
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("16c73ab6-b892-458f-abf5-2f875f74882e");
        sAML1CallbackHandler.setCerts(cryptoFactory.getX509Certificates(cryptoType));
        SAMLCallback sAMLCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(sAML1CallbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        samlAssertionWrapper.signAssertion("wss40_server", "security", this.issuerCrypto, false);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
        wSSecSignatureSAML.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        wSSecSignatureSAML.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        wSSecSignatureSAML.setKeyIdentifierType(1);
        Document sOAPPart = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(sOAPPart);
        Document build = wSSecSignatureSAML.build(sOAPPart, cryptoFactory, samlAssertionWrapper, (Crypto) null, (String) null, (String) null, wSSecHeader);
        String PrettyDocumentToString = XMLUtils.PrettyDocumentToString(build);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Signed SAML 1.1 Authn Assertion (key holder):");
            LOG.debug(PrettyDocumentToString);
        }
        List<WSSecurityEngineResult> verify = verify(build, this.trustCrypto);
        SamlAssertionWrapper samlAssertionWrapper2 = (SamlAssertionWrapper) WSSecurityUtil.fetchActionResult(verify, 16).get("saml-assertion");
        assertTrue(samlAssertionWrapper2 != null);
        assertTrue(samlAssertionWrapper2.isSigned());
        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(verify, 2);
        assertTrue(fetchActionResult != null);
        assertFalse(fetchActionResult.isEmpty());
        List list = (List) fetchActionResult.get("data-ref-uris");
        assertTrue(list.size() == 1);
        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", ((WSDataRef) list.get(0)).getXpath());
    }

    private List<WSSecurityEngineResult> verify(Document document, Crypto crypto) throws Exception {
        List<WSSecurityEngineResult> processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, this.callbackHandler, crypto, this.userCrypto);
        assertTrue(XMLUtils.PrettyDocumentToString(document).indexOf("counter_port_type") > 0);
        return processSecurityHeader;
    }

    static {
        $assertionsDisabled = !SignedSamlTokenHOKTest.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(SignedSamlTokenHOKTest.class);
    }
}
