package net.shibboleth.idp.plugin.oidc.op.profile.flow;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.ClientSecretJWT;
import com.nimbusds.oauth2.sdk.auth.JWTAuthentication;
import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.time.Instant;
import java.util.Date;
import java.util.Map;
import net.shibboleth.utilities.java.support.collection.Pair;
import org.springframework.webflow.executor.FlowExecutionResult;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/flow/AbstractOidcClientAuthenticationFlowTest.class */
public abstract class AbstractOidcClientAuthenticationFlowTest extends AbstractOidcApiFlowTest {
    String clientId;
    String clientSecret;
    String clientIdSaml;
    String clientSecretSaml;
    String jwtAud;
    String issuer;

    public AbstractOidcClientAuthenticationFlowTest(String str) {
        super(str);
        this.clientId = "mockClientId";
        this.clientSecret = "mockClientSecretmockClientSecretmockClientSecretmockClientSecretmockClientSecret";
        this.clientIdSaml = "mockSamlClientId";
        this.clientSecretSaml = "mockClientSecretmockClientSecretmockClientSecret";
        this.issuer = "https://op.example.org";
        this.jwtAud = "http://localhost/idp/profile/" + str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateClientAssertionParams(Map<String, String> map, JWT jwt) {
        map.put("client_assertion", jwt.serialize());
        map.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
    }

    @BeforeMethod
    public void setupRequestURI() {
        this.request.setRequestURI("/idp/profile/" + this.flowId);
    }

    @Test
    public void testInvalidSecretJWT_missingSub() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(claimsSetMissingSub(), this.clientSecret), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidSecretJWT_missingIss() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(claimsSetMissingIss(), this.clientSecret), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidSecretJWT_missingAud() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(claimsSetMissingAud(), this.clientSecret), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidSecretJWT_missingExp() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(claimsSetMissingExp(), this.clientSecret), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidSecretJWT_expiredExp() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(claimsSetExpiredExp(), this.clientSecret), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidSecretJWT_issuedInTheFuture() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(claimsSetIssuedInTheFuture(), this.clientSecret), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidSecretJWT_missingJti() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(claimsSetMissingJti(), this.clientSecret), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidSecretJWT_replayJti() throws Exception {
        SignedJWT createSecretJWT = createSecretJWT(validClaimsSet(), this.clientSecret);
        launchWithJwtAuthentication(createSecretJWT, JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT, JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidSecretJWT_invalidSecret() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret + "wrong"), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testValidSecretJWTHS256_TokenEndpointAudience() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet("http://localhost/idp/profile/oidc/token"), this.clientSecret, JWSAlgorithm.HS256), null, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testValidSecretJWTHS256_IssuerAudience() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet(this.issuer), this.clientSecret, JWSAlgorithm.HS256), null, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testValidSecretJWTHS256_noRegisteredAlg() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS256), null, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testValidSecretJWTHS256_HS256Registered() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS256), JWSAlgorithm.HS256, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testValidSecretJWTH384_noRegisteredAlg() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS384), null, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testValidSecretJWTHS384_HS384Registered() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS384), JWSAlgorithm.HS384, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testValidSecretJWTHS512_noRegisteredAlg() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS512), null, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testValidSecretJWTHS512_HS512Registered() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS512), JWSAlgorithm.HS512, ClientAuthenticationMethod.CLIENT_SECRET_JWT));
    }

    @Test
    public void testInvalidSecretJWTHS256_algNotMatchingRegistered() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS256), JWSAlgorithm.HS512, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidSecretJWTHS384_algNotMatchingRegistered() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS384), JWSAlgorithm.HS512, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidSecretJWTHS512_algNotMatchingRegistered() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createSecretJWT(validClaimsSet(), this.clientSecret, JWSAlgorithm.HS512), JWSAlgorithm.HS384, ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWT_missingSub() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(claimsSetMissingSub(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidPrivateKeyJWT_missingIss() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(claimsSetMissingIss(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidPrivateKeyJWT_missingAud() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(claimsSetMissingAud(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidPrivateKeyJWT_missingExp() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(claimsSetMissingExp(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    @Test
    public void testInvalidPrivateKeyJWT_expiredExp() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(claimsSetExpiredExp(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWT_issuedInTheFuture() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(claimsSetIssuedInTheFuture(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWT_missingJti() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(claimsSetMissingJti(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWT_replayJti() throws Exception {
        SignedJWT createPrivateKeyJWT = createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey);
        launchWithJwtAuthentication(createPrivateKeyJWT, JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT);
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT, JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyRSJWT_invalidSignerKey() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), (RSAPrivateKey) generateNewKeyPair().getPrivate()), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyRSJWT_noTrustedKey() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyRSJWT_wrongKey() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, super.generateNewKeyPair().getPublic());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testValidPrivateKeyJWTRS256_noRegisteredAlg() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS256), null, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey));
    }

    @Test
    public void testValidPrivateKeyJWTRS256_RS256Registered() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS256), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey));
    }

    @Test
    public void testValidPrivateKeyJWTRS384_noRegisteredAlg() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS384), null, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey));
    }

    @Test
    public void testValidPrivateKeyJWTRS384_RS384Registered() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS384), JWSAlgorithm.RS384, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey));
    }

    @Test
    public void testValidPrivateKeyJWTRS512_noRegisteredAlg() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS512), null, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey));
    }

    @Test
    public void testValidPrivateKeyJWTRS512_RS512Registered() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS512), JWSAlgorithm.RS512, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey));
    }

    @Test
    public void testInvalidPrivateKeyJWTRS256_algNotMatchingRegistered() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS256), JWSAlgorithm.RS512, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWTRS384_algNotMatchingRegistered() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS384), JWSAlgorithm.RS512, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWTRS512_algNotMatchingRegistered() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.rsaPrivateKey, JWSAlgorithm.RS512), JWSAlgorithm.RS384, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.rsaPublicKey);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyESJWT_invalidSignerKey() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), initializeECKey(Curve.P_256, "mock").toECPrivateKey(), JWSAlgorithm.ES256), JWSAlgorithm.ES256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.ecKey.toECPublicKey());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyESJWT_noTrustedKey() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.ecKey.toECPrivateKey(), JWSAlgorithm.ES256), JWSAlgorithm.ES256, ClientAuthenticationMethod.PRIVATE_KEY_JWT);
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyESJWT_wrongKey() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.ecKey.toECPrivateKey(), JWSAlgorithm.ES256), JWSAlgorithm.ES384, ClientAuthenticationMethod.PRIVATE_KEY_JWT, initializeECKey(Curve.P_384, "mock").toECPublicKey());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testValidPrivateKeyJWTES256_noRegisteredAlg() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.ecKey.toECPrivateKey(), JWSAlgorithm.ES256), null, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.ecKey.toECPublicKey()));
    }

    @Test
    public void testValidPrivateKeyJWTES256_ES256Registered() throws Exception {
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.ecKey.toECPrivateKey(), JWSAlgorithm.ES256), JWSAlgorithm.ES256, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.ecKey.toECPublicKey()));
    }

    @Test
    public void testValidPrivateKeyJWTES384_noRegisteredAlg() throws Exception {
        ECKey initializeECKey = initializeECKey(Curve.P_384, "384");
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), initializeECKey.toECPrivateKey(), JWSAlgorithm.ES384), null, ClientAuthenticationMethod.PRIVATE_KEY_JWT, initializeECKey.toECPublicKey());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testValidPrivateKeyJWTES384_ES384Registered() throws Exception {
        ECKey initializeECKey = initializeECKey(Curve.P_384, "384");
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), initializeECKey.toECPrivateKey(), JWSAlgorithm.ES384), JWSAlgorithm.ES384, ClientAuthenticationMethod.PRIVATE_KEY_JWT, initializeECKey.toECPublicKey());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testValidPrivateKeyJWTES512_noRegisteredAlg() throws Exception {
        ECKey initializeECKey = initializeECKey(Curve.P_521, "521");
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), initializeECKey.toECPrivateKey(), JWSAlgorithm.ES512), null, ClientAuthenticationMethod.PRIVATE_KEY_JWT, initializeECKey.toECPublicKey()));
    }

    @Test
    public void testValidPrivateKeyJWTES512_ES512Registered() throws Exception {
        ECKey initializeECKey = initializeECKey(Curve.P_521, "521");
        assertSuccessResponse(launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), initializeECKey.toECPrivateKey(), JWSAlgorithm.ES512), JWSAlgorithm.ES512, ClientAuthenticationMethod.PRIVATE_KEY_JWT, initializeECKey.toECPublicKey()));
    }

    @Test
    public void testInvalidPrivateKeyJWTES256_algNotMatchingRegistered() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), this.ecKey.toECPrivateKey(), JWSAlgorithm.ES256), JWSAlgorithm.ES512, ClientAuthenticationMethod.PRIVATE_KEY_JWT, this.ecKey.toECPublicKey());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWTES384_algNotMatchingRegistered() throws Exception {
        ECKey initializeECKey = initializeECKey(Curve.P_384, "384");
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), initializeECKey.toECPrivateKey(), JWSAlgorithm.ES384), JWSAlgorithm.ES512, ClientAuthenticationMethod.PRIVATE_KEY_JWT, initializeECKey.toECPublicKey());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testInvalidPrivateKeyJWTES512_algNotMatchingRegistered() throws Exception {
        ECKey initializeECKey = initializeECKey(Curve.P_521, "521");
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(createPrivateKeyJWT(validClaimsSet(), initializeECKey.toECPrivateKey(), JWSAlgorithm.ES512), JWSAlgorithm.ES384, ClientAuthenticationMethod.PRIVATE_KEY_JWT, initializeECKey.toECPublicKey());
        assertErrorCode(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getFirst());
        assertErrorDescriptionContains(launchWithJwtAuthentication, (String) getErrorDetaisForJWTValidation().getSecond());
    }

    @Test
    public void testPlainJWT() throws Exception {
        FlowExecutionResult launchWithJwtAuthentication = launchWithJwtAuthentication(new PlainJWT(validClaimsSet()), JWSAlgorithm.RS256, ClientAuthenticationMethod.PRIVATE_KEY_JWT);
        assertErrorCode(launchWithJwtAuthentication, "invalid_request");
        assertErrorDescriptionContains(launchWithJwtAuthentication, "UnableToDecode");
    }

    protected JWTClaimsSet claimsSetMissingSub() {
        return new JWTClaimsSet.Builder().issuer(this.clientId).audience(this.jwtAud).expirationTime(Date.from(Instant.now().plusSeconds(600L))).jwtID(this.idGenerator.generateIdentifier()).build();
    }

    protected JWTClaimsSet claimsSetMissingIss() {
        return new JWTClaimsSet.Builder().subject(this.clientId).audience(this.jwtAud).expirationTime(Date.from(Instant.now().plusSeconds(600L))).jwtID(this.idGenerator.generateIdentifier()).build();
    }

    protected JWTClaimsSet claimsSetMissingAud() {
        return new JWTClaimsSet.Builder().subject(this.clientId).issuer(this.clientId).expirationTime(Date.from(Instant.now().plusSeconds(600L))).jwtID(this.idGenerator.generateIdentifier()).build();
    }

    protected JWTClaimsSet claimsSetMissingExp() {
        return new JWTClaimsSet.Builder().subject(this.clientId).issuer(this.clientId).audience(this.jwtAud).jwtID(this.idGenerator.generateIdentifier()).build();
    }

    protected JWTClaimsSet claimsSetExpiredExp() {
        return new JWTClaimsSet.Builder().subject(this.clientId).issuer(this.clientId).audience(this.jwtAud).expirationTime(Date.from(Instant.now().minusSeconds(600L))).jwtID(this.idGenerator.generateIdentifier()).build();
    }

    protected JWTClaimsSet claimsSetIssuedInTheFuture() {
        return new JWTClaimsSet.Builder().subject(this.clientId).issuer(this.clientId).audience(this.jwtAud).expirationTime(Date.from(Instant.now().plusSeconds(600L))).issueTime(Date.from(Instant.now().plusSeconds(600L))).jwtID(this.idGenerator.generateIdentifier()).build();
    }

    protected JWTClaimsSet claimsSetMissingJti() {
        return new JWTClaimsSet.Builder().subject(this.clientId).issuer(this.clientId).audience(this.jwtAud).expirationTime(Date.from(Instant.now().plusSeconds(600L))).build();
    }

    protected JWTClaimsSet validClaimsSet() {
        return validClaimsSet(this.jwtAud);
    }

    protected JWTClaimsSet validClaimsSet(String str) {
        return new JWTClaimsSet.Builder().subject(this.clientId).issuer(this.clientId).audience(str).expirationTime(Date.from(Instant.now().plusSeconds(600L))).jwtID(this.idGenerator.generateIdentifier()).build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientSecretJWT buildSecretJwtAuth(String str) throws JOSEException, URISyntaxException {
        return buildSecretJwtAuth(this.clientId, str);
    }

    protected ClientSecretJWT buildSecretJwtAuth(String str, String str2) throws JOSEException, URISyntaxException {
        return buildSecretJwtAuth(str, str2, this.jwtAud);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ClientSecretJWT buildSecretJwtAuth(String str, String str2, String str3) throws JOSEException, URISyntaxException {
        return new ClientSecretJWT(new ClientID(str), new URI(str3), JWSAlgorithm.HS256, new Secret(str2));
    }

    protected PrivateKeyJWT buildPrivateKeyJwtAuth() throws JOSEException, URISyntaxException {
        return new PrivateKeyJWT(new ClientID(this.clientId), new URI(this.jwtAud), JWSAlgorithm.RS256, this.rsaPrivateKey, (String) null, (Provider) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PrivateKeyJWT buildPrivateKeyJwtAuth(String str, PrivateKey privateKey, String str2) throws JOSEException, URISyntaxException {
        return new PrivateKeyJWT(new ClientID(str), new URI(str2), JWSAlgorithm.RS256, privateKey, (String) null, (Provider) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void populateClientAssertionParams(Map<String, String> map, JWTAuthentication jWTAuthentication) {
        map.put("client_assertion", jWTAuthentication.getClientAssertion().serialize());
        map.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
    }

    protected FlowExecutionResult launchWithJwtAuthentication(JWT jwt, JWSAlgorithm jWSAlgorithm, ClientAuthenticationMethod clientAuthenticationMethod) throws Exception {
        return launchWithJwtAuthentication(jwt, jWSAlgorithm, clientAuthenticationMethod, null);
    }

    protected abstract FlowExecutionResult launchWithJwtAuthentication(JWT jwt, JWSAlgorithm jWSAlgorithm, ClientAuthenticationMethod clientAuthenticationMethod, PublicKey publicKey) throws Exception;

    protected abstract Pair<String, String> getErrorDetaisForJWTValidation();

    protected abstract void assertSuccessResponse(FlowExecutionResult flowExecutionResult);
}
