package org.apache.cxf.systest.jaxrs.security.saml;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.WebApplicationException;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.saml.SamlEnvelopedOutInterceptor;
import org.apache.cxf.systest.jaxrs.security.Book;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlAuthorizationTest.class */
public class JAXRSSamlAuthorizationTest extends AbstractBusClientServerTestBase {
    public static final String PORT = BookServerSaml.PORT;

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("server did not launch correctly", launchServer(SecureBookServerSaml.class, true));
    }

    @Test
    public void testPostBookUserRole() throws Exception {
        WebClient createWebClient = createWebClient("https://localhost:" + PORT + "/saml-roles/bookstore/books", null);
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        try {
            createWebClient.post(new Book("CXF", 125L), Book.class);
            fail("403 is expected");
        } catch (WebApplicationException e) {
            assertEquals(403L, e.getResponse().getStatus());
        }
    }

    @Test
    public void testPostBookAdminRole() throws Exception {
        WebClient createWebClient = createWebClient("https://localhost:" + PORT + "/saml-roles/bookstore/books", Collections.singletonMap("saml.roles", Collections.singletonList("admin")));
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        assertEquals(125L, ((Book) createWebClient.post(new Book("CXF", 125L), Book.class)).getId());
    }

    @Test
    public void testPostBookAdminRoleWithWrongSubjectNameFormat() throws Exception {
        WebClient createWebClient = createWebClient("https://localhost:" + PORT + "/saml-roles2/bookstore/books", Collections.singletonMap("saml.roles", Collections.singletonList("admin")));
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        try {
            createWebClient.post(new Book("CXF", 125L), Book.class);
            fail("403 is expected");
        } catch (WebApplicationException e) {
            assertEquals(403L, e.getResponse().getStatus());
        }
    }

    @Test
    public void testPostBookAdminRoleWithGoodSubjectName() throws Exception {
        String str = "https://localhost:" + PORT + "/saml-roles2/bookstore/books";
        HashMap hashMap = new HashMap();
        hashMap.put("saml.roles", Collections.singletonList("admin"));
        hashMap.put("saml.subject.name", "bob@mycompany.com");
        WebClient createWebClient = createWebClient(str, hashMap);
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        assertEquals(125L, ((Book) createWebClient.post(new Book("CXF", 125L), Book.class)).getId());
    }

    @Test
    public void testPostBookAdminWithWeakClaims() throws Exception {
        WebClient createWebClient = createWebClient("https://localhost:" + PORT + "/saml-claims/bookstore/books", new HashMap());
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        try {
            createWebClient.post(new Book("CXF", 125L), Book.class);
            fail("403 is expected");
        } catch (WebApplicationException e) {
            assertEquals(403L, e.getResponse().getStatus());
        }
    }

    @Test
    public void testPostBookAdminWithWeakClaims2() throws Exception {
        String str = "https://localhost:" + PORT + "/saml-claims/bookstore/books";
        HashMap hashMap = new HashMap();
        hashMap.put("saml.roles", Collections.singletonList("admin"));
        hashMap.put("saml.auth", Collections.singletonList("password"));
        WebClient createWebClient = createWebClient(str, hashMap);
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        try {
            createWebClient.post(new Book("CXF", 125L), Book.class);
            fail("403 is expected");
        } catch (WebApplicationException e) {
            assertEquals(403L, e.getResponse().getStatus());
        }
    }

    @Test
    public void testPostBookAdminWithClaims() throws Exception {
        String str = "https://localhost:" + PORT + "/saml-claims/bookstore/books";
        HashMap hashMap = new HashMap();
        hashMap.put("saml.roles", Collections.singletonList("admin"));
        hashMap.put("saml.auth", Collections.singletonList("smartcard"));
        WebClient createWebClient = createWebClient(str, hashMap);
        createWebClient.type("application/xml").accept(new String[]{"application/xml"});
        assertEquals(125L, ((Book) createWebClient.post(new Book("CXF", 125L), Book.class)).getId());
    }

    private WebClient createWebClient(String str, Map<String, Object> map) {
        JAXRSClientFactoryBean jAXRSClientFactoryBean = new JAXRSClientFactoryBean();
        jAXRSClientFactoryBean.setAddress(str);
        jAXRSClientFactoryBean.setBus(new SpringBusFactory().createBus(JAXRSSamlAuthorizationTest.class.getResource("client.xml").toString()));
        HashMap hashMap = new HashMap();
        hashMap.put("ws-security.saml-callback-handler", "org.apache.cxf.systest.jaxrs.security.saml.SamlCallbackHandler");
        if (map != null) {
            hashMap.putAll(map);
        }
        jAXRSClientFactoryBean.setProperties(hashMap);
        jAXRSClientFactoryBean.getOutInterceptors().add(new SamlEnvelopedOutInterceptor());
        return jAXRSClientFactoryBean.createWebClient();
    }
}
