package org.apache.cxf.systest.jaxrs.security.oidc;

import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import javax.ws.rs.core.Form;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/OIDCFlowTest.class */
public class OIDCFlowTest extends AbstractBusClientServerTestBase {
    static final String PORT = TestUtil.getPortNumber("jaxrs-oidc");

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("Server failed to launch", launchServer(OIDCServer.class, true));
    }

    @Test
    public void testAuthorizationCodeFlow() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
    }

    @Test
    public void testAuthorizationCodeOAuth() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "read_balance");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertNull((String) accessTokenWithAuthorizationCode.getParameters().get("id_token"));
        assertFalse(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
    }

    @Test
    public void testAuthorizationCodeFlowWithNonce() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid", "consumer-id", "123456789", null);
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, "123456789");
    }

    @Test
    public void testAuthorizationCodeFlowWithScope() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid read_balance");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("read_balance"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
    }

    @Test
    public void testAuthorizationCodeFlowWithRefresh() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        assertNotNull(accessTokenWithAuthorizationCode.getRefreshToken());
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
        create2.type("application/x-www-form-urlencoded").accept(new String[]{"application/json"});
        Form form = new Form();
        form.param("grant_type", "refresh_token");
        form.param("refresh_token", accessTokenWithAuthorizationCode.getRefreshToken());
        form.param("client_id", "consumer-id");
        form.param("scope", "openid");
        ClientAccessToken clientAccessToken = (ClientAccessToken) create2.post(form).readEntity(ClientAccessToken.class);
        assertNotNull(clientAccessToken.getTokenKey());
        assertNotNull(clientAccessToken.getRefreshToken());
        clientAccessToken.getParameters().get("id_token");
        assertNotNull(str2);
    }

    @Test
    public void testAuthorizationCodeFlowWithState() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid", "consumer-id", null, "123456789");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
    }

    @Test
    public void testAuthorizationCodeFlowWithAudience() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid", "consumer-id-aud", null, null);
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id-aud", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        assertNotNull(OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode, "consumer-id-aud", "https://localhost:" + PORT + "/secured/bookstore/books").getTokenKey());
    }

    @Test
    public void testImplicitFlow() throws Exception {
        WebClient create = WebClient.create("https://localhost:" + PORT + "/services/", OAuth2TestUtils.setupProviders(), "alice", "security", OIDCFlowTest.class.getResource("client.xml").toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        create.type("application/json").accept(new String[]{"application/json"});
        create.query("client_id", new Object[]{"consumer-id"});
        create.query("redirect_uri", new Object[]{"http://www.blah.apache.org"});
        create.query("scope", new Object[]{"openid"});
        create.query("response_type", new Object[]{"id_token token"});
        create.query("nonce", new Object[]{"123456789"});
        create.path("authorize-implicit/");
        OAuthAuthorizationData oAuthAuthorizationData = (OAuthAuthorizationData) create.get().readEntity(OAuthAuthorizationData.class);
        create.path("decision");
        create.type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("session_authenticity_token", oAuthAuthorizationData.getAuthenticityToken());
        form.param("client_id", oAuthAuthorizationData.getClientId());
        form.param("redirect_uri", oAuthAuthorizationData.getRedirectUri());
        form.param("scope", oAuthAuthorizationData.getProposedScope());
        if (oAuthAuthorizationData.getResponseType() != null) {
            form.param("response_type", oAuthAuthorizationData.getResponseType());
        }
        if (oAuthAuthorizationData.getNonce() != null) {
            form.param("nonce", oAuthAuthorizationData.getNonce());
        }
        form.param("oauthDecision", "allow");
        String headerString = create.post(form).getHeaderString("Location");
        String substring = OAuth2TestUtils.getSubstring(headerString, "access_token");
        assertNotNull(substring);
        String substring2 = OAuth2TestUtils.getSubstring(headerString, "id_token");
        assertNotNull(substring2);
        validateIdToken(substring2, null);
        JwtToken jwtToken = new JwsJwtCompactConsumer(substring2).getJwtToken();
        Assert.assertNotNull(jwtToken.getClaims().getClaim("at_hash"));
        Assert.assertNotNull(jwtToken.getClaims().getClaim("nonce"));
        OidcUtils.validateAccessTokenHash(substring, jwtToken, true);
    }

    @Test
    public void testImplicitFlowNoAccessToken() throws Exception {
        WebClient create = WebClient.create("https://localhost:" + PORT + "/services/", OAuth2TestUtils.setupProviders(), "alice", "security", OIDCFlowTest.class.getResource("client.xml").toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        create.type("application/json").accept(new String[]{"application/json"});
        create.query("client_id", new Object[]{"consumer-id"});
        create.query("redirect_uri", new Object[]{"http://www.blah.apache.org"});
        create.query("scope", new Object[]{"openid"});
        create.query("response_type", new Object[]{"id_token"});
        create.query("nonce", new Object[]{"123456789"});
        create.path("authorize-implicit/");
        OAuthAuthorizationData oAuthAuthorizationData = (OAuthAuthorizationData) create.get().readEntity(OAuthAuthorizationData.class);
        create.path("decision");
        create.type("application/x-www-form-urlencoded");
        Form form = new Form();
        form.param("session_authenticity_token", oAuthAuthorizationData.getAuthenticityToken());
        form.param("client_id", oAuthAuthorizationData.getClientId());
        form.param("redirect_uri", oAuthAuthorizationData.getRedirectUri());
        form.param("scope", oAuthAuthorizationData.getProposedScope());
        if (oAuthAuthorizationData.getResponseType() != null) {
            form.param("response_type", oAuthAuthorizationData.getResponseType());
        }
        if (oAuthAuthorizationData.getNonce() != null) {
            form.param("nonce", oAuthAuthorizationData.getNonce());
        }
        form.param("oauthDecision", "allow");
        String headerString = create.post(form).getHeaderString("Location");
        assertNull(OAuth2TestUtils.getSubstring(headerString, "access_token"));
        String substring = OAuth2TestUtils.getSubstring(headerString, "id_token");
        assertNotNull(substring);
        validateIdToken(substring, null);
        JwtToken jwtToken = new JwsJwtCompactConsumer(substring).getJwtToken();
        Assert.assertNull(jwtToken.getClaims().getClaim("at_hash"));
        Assert.assertNotNull(jwtToken.getClaims().getClaim("nonce"));
    }

    @Test
    public void testHybridCodeIdToken() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getHttpConduit().getClient().setReceiveTimeout(100000000L);
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        OAuth2TestUtils.AuthorizationCodeParameters authorizationCodeParameters = new OAuth2TestUtils.AuthorizationCodeParameters();
        authorizationCodeParameters.setConsumerId("consumer-id");
        authorizationCodeParameters.setScope("openid");
        authorizationCodeParameters.setNonce("123456789");
        authorizationCodeParameters.setResponseType("code id_token");
        authorizationCodeParameters.setPath("authorize-hybrid/");
        String location = OAuth2TestUtils.getLocation(create, authorizationCodeParameters);
        assertNotNull(location);
        String substring = OAuth2TestUtils.getSubstring(location, "code");
        assertNotNull(substring);
        String substring2 = OAuth2TestUtils.getSubstring(location, "id_token");
        assertNotNull(substring2);
        validateIdToken(substring2, "123456789");
        Assert.assertNotNull(new JwsJwtCompactConsumer(substring2).getJwtToken().getClaims().getClaim("c_hash"));
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, substring);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
        Assert.assertNotNull(new JwsJwtCompactConsumer(str2).getJwtToken().getClaims().getClaim("c_hash"));
    }

    @Test
    public void testHybridCodeToken() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        OAuth2TestUtils.AuthorizationCodeParameters authorizationCodeParameters = new OAuth2TestUtils.AuthorizationCodeParameters();
        authorizationCodeParameters.setConsumerId("consumer-id");
        authorizationCodeParameters.setScope("openid");
        authorizationCodeParameters.setNonce("123456789");
        authorizationCodeParameters.setResponseType("code token");
        authorizationCodeParameters.setPath("authorize-hybrid/");
        String location = OAuth2TestUtils.getLocation(create, authorizationCodeParameters);
        assertNotNull(location);
        String substring = OAuth2TestUtils.getSubstring(location, "code");
        assertNotNull(substring);
        assertNull(OAuth2TestUtils.getSubstring(location, "id_token"));
        assertNotNull(OAuth2TestUtils.getSubstring(location, "access_token"));
        assertNull(OAuth2TestUtils.getSubstring(location, "id_token"));
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, substring);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
        Assert.assertNull(new JwsJwtCompactConsumer(str2).getJwtClaims().getClaim("c_hash"));
    }

    @Test
    public void testHybridCodeIdTokenToken() throws Exception {
        WebClient create = WebClient.create("https://localhost:" + PORT + "/services/", OAuth2TestUtils.setupProviders(), "alice", "security", OIDCFlowTest.class.getResource("client.xml").toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        OAuth2TestUtils.AuthorizationCodeParameters authorizationCodeParameters = new OAuth2TestUtils.AuthorizationCodeParameters();
        authorizationCodeParameters.setConsumerId("consumer-id");
        authorizationCodeParameters.setScope("openid");
        authorizationCodeParameters.setNonce("123456789");
        authorizationCodeParameters.setResponseType("code id_token token");
        authorizationCodeParameters.setPath("authorize-hybrid/");
        String location = OAuth2TestUtils.getLocation(create, authorizationCodeParameters);
        assertNotNull(location);
        assertNotNull(OAuth2TestUtils.getSubstring(location, "code"));
        String substring = OAuth2TestUtils.getSubstring(location, "id_token");
        assertNotNull(substring);
        validateIdToken(substring, "123456789");
        Assert.assertNotNull(new JwsJwtCompactConsumer(substring).getJwtToken().getClaims().getClaim("c_hash"));
        String substring2 = OAuth2TestUtils.getSubstring(location, "access_token");
        assertNotNull(substring2);
        JwtToken jwtToken = new JwsJwtCompactConsumer(substring).getJwtToken();
        Assert.assertNotNull(jwtToken.getClaims().getClaim("at_hash"));
        OidcUtils.validateAccessTokenHash(substring2, jwtToken, true);
        Assert.assertNotNull(jwtToken.getClaims().getClaim("c_hash"));
    }

    @Test
    public void testAuthorizationCodeFlowUnsignedJWT() throws Exception {
        WebClient create = WebClient.create("https://localhost:" + PORT + "/unsignedjwtservices/", OAuth2TestUtils.setupProviders(), "alice", "security", OIDCFlowTest.class.getResource("client.xml").toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer("consumer-id");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
        JwsHeaders jwsHeaders = new JwsHeaders();
        jwsHeaders.setAlgorithm("none");
        String signedEncodedJws = new JwsJwtCompactProducer(new JwtToken(jwsHeaders, jwtClaims)).getSignedEncodedJws();
        OAuth2TestUtils.AuthorizationCodeParameters authorizationCodeParameters = new OAuth2TestUtils.AuthorizationCodeParameters();
        authorizationCodeParameters.setConsumerId("consumer-id");
        authorizationCodeParameters.setScope("openid");
        authorizationCodeParameters.setResponseType("code");
        authorizationCodeParameters.setPath("authorize/");
        authorizationCodeParameters.setRequest(signedEncodedJws);
        assertNotNull(OAuth2TestUtils.getSubstring(OAuth2TestUtils.getLocation(create, authorizationCodeParameters), "code"));
    }

    @Test
    public void testAuthorizationCodeFlowUnsignedJWTWithState() throws Exception {
        WebClient create = WebClient.create("https://localhost:" + PORT + "/unsignedjwtservices/", OAuth2TestUtils.setupProviders(), "alice", "security", OIDCFlowTest.class.getResource("client.xml").toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setIssuer("consumer-id");
        jwtClaims.setIssuedAt(Long.valueOf(new Date().getTime() / 1000));
        jwtClaims.setAudiences(Collections.singletonList("https://localhost:" + PORT + "/unsignedjwtservices/"));
        JwsHeaders jwsHeaders = new JwsHeaders();
        jwsHeaders.setAlgorithm("none");
        String signedEncodedJws = new JwsJwtCompactProducer(new JwtToken(jwsHeaders, jwtClaims)).getSignedEncodedJws();
        OAuth2TestUtils.AuthorizationCodeParameters authorizationCodeParameters = new OAuth2TestUtils.AuthorizationCodeParameters();
        authorizationCodeParameters.setConsumerId("consumer-id");
        authorizationCodeParameters.setScope("openid");
        authorizationCodeParameters.setResponseType("code");
        authorizationCodeParameters.setPath("authorize/");
        authorizationCodeParameters.setState("123456789");
        authorizationCodeParameters.setRequest(signedEncodedJws);
        assertNotNull(OAuth2TestUtils.getSubstring(OAuth2TestUtils.getLocation(create, authorizationCodeParameters), "code"));
    }

    @Test
    public void testGetKeys() throws Exception {
        WebClient create = WebClient.create("https://localhost:" + PORT + "/services/", OAuth2TestUtils.setupProviders(), "alice", "security", OIDCFlowTest.class.getResource("client.xml").toString());
        create.accept(new String[]{"application/json"});
        create.path("keys/");
        assertEquals(1L, ((JsonWebKeys) create.get().readEntity(JsonWebKeys.class)).getKeys().size());
    }

    @Test
    public void testAuthorizationCodeFlowWithKey() throws Exception {
        URL resource = OIDCFlowTest.class.getResource("client.xml");
        String str = "https://localhost:" + PORT + "/services/";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        JwsJwtCompactConsumer jwsJwtCompactConsumer = new JwsJwtCompactConsumer(str2);
        WebClient create3 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        create3.accept(new String[]{"application/json"});
        create3.path("keys/");
        Assert.assertTrue(jwsJwtCompactConsumer.verifySignatureWith((JsonWebKey) ((JsonWebKeys) create3.get().readEntity(JsonWebKeys.class)).getKeys().get(0), SignatureAlgorithm.RS256));
    }

    private void validateIdToken(String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        JwsJwtCompactConsumer jwsJwtCompactConsumer = new JwsJwtCompactConsumer(str);
        JwtToken jwtToken = jwsJwtCompactConsumer.getJwtToken();
        Assert.assertEquals("alice", jwtToken.getClaim("sub"));
        Assert.assertEquals("OIDC IdP", jwtToken.getClaim("iss"));
        Assert.assertEquals("consumer-id", jwtToken.getClaim("aud"));
        Assert.assertNotNull(jwtToken.getClaim("exp"));
        Assert.assertNotNull(jwtToken.getClaim("iat"));
        if (str2 != null) {
            Assert.assertEquals(str2, jwtToken.getClaim("nonce"));
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", getClass()), "password".toCharArray());
        Certificate certificate = keyStore.getCertificate("alice");
        Assert.assertNotNull(certificate);
        Assert.assertTrue(jwsJwtCompactConsumer.verifySignatureWith((X509Certificate) certificate, SignatureAlgorithm.RS256));
    }
}
