package org.apache.cxf.systest.jaxrs.security.oidc;

import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import javax.ws.rs.core.Response;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
import org.apache.cxf.systest.jaxrs.security.oauth2.common.OAuth2TestUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
import org.apache.cxf.testutil.common.TestUtil;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest.class */
public class UserInfoTest extends AbstractBusClientServerTestBase {
    static final String PORT = TestUtil.getPortNumber("jaxrs-userinfo");
    static final String JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jwt");
    static final String JCACHE_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache");
    static final String JCACHE_JWT_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache-jwt");
    static final String JPA_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jpa");
    static final String JWT_NON_PERSIST_JCACHE_PORT = TestUtil.getPortNumber("jaxrs-userinfo-jcache-jwt-non-persist");
    final String port;

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest$UserInfoServer.class */
    public static class UserInfoServer extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = UserInfoServer.class.getResource("userinfo-server.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new UserInfoServer();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest$UserInfoServerJCache.class */
    public static class UserInfoServerJCache extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = UserInfoServer.class.getResource("userinfo-server-jcache.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new UserInfoServerJCache();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest$UserInfoServerJCacheJWT.class */
    public static class UserInfoServerJCacheJWT extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = UserInfoServerJWT.class.getResource("userinfo-server-jcache-jwt.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new UserInfoServerJCacheJWT();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest$UserInfoServerJCacheJWTNonPersist.class */
    public static class UserInfoServerJCacheJWTNonPersist extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = UserInfoServerJWT.class.getResource("userinfo-server-jcache-jwt-non-persist.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new UserInfoServerJCacheJWTNonPersist();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest$UserInfoServerJPA.class */
    public static class UserInfoServerJPA extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = UserInfoServer.class.getResource("userinfo-server-jpa.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new UserInfoServerJPA();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/cxf/systest/jaxrs/security/oidc/UserInfoTest$UserInfoServerJWT.class */
    public static class UserInfoServerJWT extends AbstractBusTestServerBase {
        private static final URL SERVER_CONFIG_FILE = UserInfoServerJWT.class.getResource("userinfo-server-jwt.xml");

        protected void run() {
            Bus createBus = new SpringBusFactory().createBus(SERVER_CONFIG_FILE);
            BusFactory.setDefaultBus(createBus);
            setBus(createBus);
            try {
                new UserInfoServerJWT();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public UserInfoTest(String str) {
        this.port = str;
    }

    @BeforeClass
    public static void startServers() throws Exception {
        assertTrue("Server failed to launch", launchServer(UserInfoServer.class, true));
        assertTrue("Server failed to launch", launchServer(UserInfoServerJWT.class, true));
        assertTrue("Server failed to launch", launchServer(UserInfoServerJCache.class, true));
        assertTrue("Server failed to launch", launchServer(UserInfoServerJCacheJWT.class, true));
        assertTrue("Server failed to launch", launchServer(UserInfoServerJPA.class, true));
        assertTrue("Server failed to launch", launchServer(UserInfoServerJCacheJWTNonPersist.class, true));
    }

    @AfterClass
    public static void cleanup() throws Exception {
        SecurityTestUtil.cleanup();
    }

    @Parameterized.Parameters(name = "{0}")
    public static Collection<String> data() {
        return Arrays.asList(PORT, JWT_PORT, JCACHE_PORT, JCACHE_JWT_PORT, JPA_PORT, JWT_NON_PERSIST_JCACHE_PORT);
    }

    @Test
    public void testPlainUserInfo() throws Exception {
        URL resource = UserInfoTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/oidc";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
        WebClient create3 = WebClient.create("https://localhost:" + this.port + "/services/plain/userinfo", OAuth2TestUtils.setupProviders(), resource.toString());
        create3.accept(new String[]{"application/json"});
        create3.header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        Response response = create3.get();
        assertEquals(response.getStatus(), 200L);
        UserInfo userInfo = (UserInfo) response.readEntity(UserInfo.class);
        assertNotNull(userInfo);
        assertEquals("alice", userInfo.getSubject());
        assertEquals("consumer-id", userInfo.getAudience());
    }

    @Test
    public void testSignedUserInfo() throws Exception {
        URL resource = UserInfoTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/oidc";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
        WebClient create3 = WebClient.create("https://localhost:" + this.port + "/services/signed/userinfo", OAuth2TestUtils.setupProviders(), resource.toString());
        create3.accept(new String[]{"application/jwt"});
        create3.header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        Response response = create3.get();
        assertEquals(response.getStatus(), 200L);
        String str3 = (String) response.readEntity(String.class);
        assertNotNull(str3);
        JwsJwtCompactConsumer jwsJwtCompactConsumer = new JwsJwtCompactConsumer(str3);
        JwtToken jwtToken = jwsJwtCompactConsumer.getJwtToken();
        assertEquals("alice", jwtToken.getClaim("sub"));
        assertEquals("consumer-id", jwtToken.getClaim("aud"));
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", getClass()), "password".toCharArray());
        Certificate certificate = keyStore.getCertificate("alice");
        Assert.assertNotNull(certificate);
        Assert.assertTrue(jwsJwtCompactConsumer.verifySignatureWith((X509Certificate) certificate, SignatureAlgorithm.RS256));
    }

    @Test
    public void testEncryptedUserInfo() throws Exception {
        URL resource = UserInfoTest.class.getResource("client.xml");
        String str = "https://localhost:" + this.port + "/services/oidc";
        WebClient create = WebClient.create(str, OAuth2TestUtils.setupProviders(), "alice", "security", resource.toString());
        WebClient.getConfig(create).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        String authorizationCode = OAuth2TestUtils.getAuthorizationCode(create, "openid");
        assertNotNull(authorizationCode);
        WebClient create2 = WebClient.create(str, OAuth2TestUtils.setupProviders(), "consumer-id", "this-is-a-secret", resource.toString());
        WebClient.getConfig(create2).getRequestContext().put(Message.MAINTAIN_SESSION, Boolean.TRUE);
        ClientAccessToken accessTokenWithAuthorizationCode = OAuth2TestUtils.getAccessTokenWithAuthorizationCode(create2, authorizationCode);
        assertNotNull(accessTokenWithAuthorizationCode.getTokenKey());
        assertTrue(accessTokenWithAuthorizationCode.getApprovedScope().contains("openid"));
        String str2 = (String) accessTokenWithAuthorizationCode.getParameters().get("id_token");
        assertNotNull(str2);
        validateIdToken(str2, null);
        WebClient create3 = WebClient.create("https://localhost:" + this.port + "/services/encrypted/userinfo", OAuth2TestUtils.setupProviders(), resource.toString());
        create3.accept(new String[]{"application/jwt"});
        create3.header("Authorization", new Object[]{"Bearer " + accessTokenWithAuthorizationCode.getTokenKey()});
        Response response = create3.get();
        assertEquals(200L, response.getStatus());
        String str3 = (String) response.readEntity(String.class);
        assertNotNull(str3);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", getClass()), "password".toCharArray());
        JwtToken decryptWith = new JweJwtCompactConsumer(str3).decryptWith((PrivateKey) keyStore.getKey("alice", "password".toCharArray()));
        assertEquals("alice", decryptWith.getClaim("sub"));
        assertEquals("consumer-id", decryptWith.getClaim("aud"));
    }

    private void validateIdToken(String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        JwsJwtCompactConsumer jwsJwtCompactConsumer = new JwsJwtCompactConsumer(str);
        JwtToken jwtToken = jwsJwtCompactConsumer.getJwtToken();
        Assert.assertEquals("alice", jwtToken.getClaim("sub"));
        Assert.assertEquals("OIDC IdP", jwtToken.getClaim("iss"));
        Assert.assertEquals("consumer-id", jwtToken.getClaim("aud"));
        Assert.assertNotNull(jwtToken.getClaim("exp"));
        Assert.assertNotNull(jwtToken.getClaim("iat"));
        if (str2 != null) {
            Assert.assertEquals(str2, jwtToken.getClaim("nonce"));
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(ClassLoaderUtils.getResourceAsStream("keys/alice.jks", getClass()), "password".toCharArray());
        Certificate certificate = keyStore.getCertificate("alice");
        Assert.assertNotNull(certificate);
        Assert.assertTrue(jwsJwtCompactConsumer.verifySignatureWith((X509Certificate) certificate, SignatureAlgorithm.RS256));
    }
}
