package org.eclipse.microprofile.jwt.tck.parsing;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.KeySourceException;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.proc.BadJWSException;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.BadJWTException;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.tck.TCKConstants;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.testng.annotations.Test;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/parsing/DebugTest.class */
public class DebugTest {
    @Test(groups = {TCKConstants.TEST_GROUP_DEBUG}, description = "Validate how to use the HS256 signature alg")
    public void testHS256() throws Exception {
        new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), JWTClaimsSet.parse("{\"sub\":\"jdoe\"}")).sign(new MACSigner(BigInteger.probablePrime(256, new SecureRandom()).toByteArray()));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_DEBUG}, description = "Illustrate validation of a JWT using the nimbus library")
    public void testNimbusValidation() throws Exception {
        validateToken(TokenUtils.generateTokenString("/Token1.json"), (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem"), 60);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_DEBUG}, expectedExceptions = {BadJWTException.class}, description = "Illustrate validation of iss")
    public void testNimbusFailIssuer() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ISSUER);
        validateToken(TokenUtils.generateTokenString("/Token1.json", hashSet), (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem"), 60);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_DEBUG}, expectedExceptions = {BadJWSException.class}, description = "Illustrate validation of signer")
    public void testNimbusFailSignature() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.SIGNER);
        validateToken(TokenUtils.generateTokenString("/Token1.json", hashSet), (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem"), 60);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_DEBUG}, expectedExceptions = {BadJWTException.class}, description = "Illustrate validation of exp")
    public void testNimbusFailExpired() throws Exception {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.EXP);
        validateToken(TokenUtils.generateTokenString("/Token1.json", hashSet, hashMap), (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem"), 60);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_DEBUG}, expectedExceptions = {BadJWTException.class}, description = "Illustrate validation of exp that has just expired")
    public void testNimbusFailJustExpired() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(Claims.exp.name(), Long.valueOf(TokenUtils.currentTimeInSecs() - 61));
        validateToken(TokenUtils.generateTokenString("/Token1.json", (Set) null, hashMap), (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem"), 60);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_DEBUG}, description = "Illustrate validation of exp that is in grace period")
    public void testNimbusExpGrace() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(Claims.exp.name(), Long.valueOf(TokenUtils.currentTimeInSecs() - 45));
        validateToken(TokenUtils.generateTokenString("/Token1.json", (Set) null, hashMap), (RSAPublicKey) TokenUtils.readPublicKey("/publicKey.pem"), 60);
    }

    private void validateToken(String str, RSAPublicKey rSAPublicKey, int i) throws Exception {
        SignedJWT parse = SignedJWT.parse(str);
        parse.verify(new RSASSAVerifier(rSAPublicKey));
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWTClaimsSetVerifier((jWTClaimsSet, securityContext) -> {
            String issuer = jWTClaimsSet.getIssuer();
            if (issuer == null || !issuer.equals(TCKConstants.TEST_ISSUER)) {
                System.err.printf("issuer(%s) != %s\n", issuer, TCKConstants.TEST_ISSUER);
                throw new BadJWTException("Invalid token issuer");
            }
            if (i > 0) {
                try {
                    Date dateClaim = jWTClaimsSet.getDateClaim("exp");
                    long currentTimeMillis = System.currentTimeMillis() - (i * 1000);
                    if (currentTimeMillis > dateClaim.getTime()) {
                        System.err.printf("exp(%d) < upper bound(%d)\n", Long.valueOf(dateClaim.getTime()), Long.valueOf(currentTimeMillis));
                        throw new BadJWTException("Token is expired");
                    }
                } catch (ParseException e) {
                    System.err.printf("Failed to get exp claim\n", new Object[0]);
                    e.printStackTrace();
                    throw new BadJWTException("Failed to get exp claim", e);
                }
            }
        });
        defaultJWTProcessor.setJWSKeySelector((jWSHeader, securityContext2) -> {
            if (jWSHeader.getAlgorithm() != JWSAlgorithm.RS256) {
                throw new KeySourceException("RS256 algorithm not specified");
            }
            return Collections.singletonList(rSAPublicKey);
        });
        defaultJWTProcessor.process(parse, (SecurityContext) null);
        System.out.printf("Validated JWT, claimsSet: %s\n", parse.getJWTClaimsSet());
    }
}
