package net.shibboleth.idp.plugin.oidc.op.authn.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.util.Collections;
import java.util.Date;
import java.util.Set;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.oidc.authn.context.OAuth2ClientAuthenticationContext;
import net.shibboleth.oidc.metadata.context.OIDCMetadataContext;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.webflow.execution.RequestContext;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/authn/impl/ValidateClientAuthenticationTypeTest.class */
public class ValidateClientAuthenticationTypeTest {
    private ClientID clientId;
    private Secret clientSecret;
    private ValidateClientAuthenticationType action;
    private RequestContext rc;
    private ProfileRequestContext prc;
    private Set<ClientAuthenticationMethod> enabledMethods;

    @BeforeMethod
    public void init() throws ComponentInitializationException {
        this.clientId = new ClientID("mockId");
        this.clientSecret = new Secret("secret1234567890secret1234567890secret1234567890");
        this.enabledMethods = Collections.emptySet();
        this.action = new ValidateClientAuthenticationType();
        this.action.setTokenEndpointAuthMethodsLookupStrategy(profileRequestContext -> {
            return this.enabledMethods;
        });
        this.action.initialize();
    }

    protected void initializeRequestCtx(ClientAuthenticationMethod clientAuthenticationMethod, ClientAuthenticationMethod clientAuthenticationMethod2) throws JOSEException, ComponentInitializationException {
        ClientSecretBasic clientSecretBasic = clientAuthenticationMethod.equals(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) ? new ClientSecretBasic(this.clientId, this.clientSecret) : clientAuthenticationMethod.equals(ClientAuthenticationMethod.CLIENT_SECRET_POST) ? new ClientSecretPost(this.clientId, this.clientSecret) : null;
        this.rc = new RequestContextBuilder().setInboundMessage((Object) null).buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        this.prc.addSubcontext(new AuthenticationContext()).addSubcontext(new OAuth2ClientAuthenticationContext().setClientAuthentication(clientSecretBasic));
        OIDCMetadataContext oIDCMetadataContext = new OIDCMetadataContext();
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setTokenEndpointAuthMethod(clientAuthenticationMethod2);
        oIDCMetadataContext.setClientInformation(new OIDCClientInformation(this.clientId, new Date(), oIDCClientMetadata, new Secret("WRONG1234567890secret1234567890secret1234567890")));
        this.prc.getInboundMessageContext().addSubcontext(oIDCMetadataContext);
    }

    @Test
    public void testNoAuthnContext() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        this.prc.removeSubcontext(AuthenticationContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidAuthenticationContext");
    }

    @Test
    public void testNoneDisabled() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.NONE, ClientAuthenticationMethod.NONE);
        this.prc.getSubcontext(AuthenticationContext.class).removeSubcontext(OAuth2ClientAuthenticationContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "AccessDenied");
    }

    @Test
    public void testNoneEnabled() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.NONE, ClientAuthenticationMethod.NONE);
        this.enabledMethods = Collections.singleton(ClientAuthenticationMethod.NONE);
        this.prc.getSubcontext(AuthenticationContext.class).removeSubcontext(OAuth2ClientAuthenticationContext.class);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }

    @Test
    public void testBasicDisabled() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.NONE, ClientAuthenticationMethod.NONE);
        this.enabledMethods = Collections.singleton(ClientAuthenticationMethod.CLIENT_SECRET_POST);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "AccessDenied");
    }

    @Test
    public void testBasicEnabled() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        this.enabledMethods = Collections.singleton(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }

    @Test
    public void testNoMetadata() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.CLIENT_SECRET_BASIC, ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        this.prc.getInboundMessageContext().removeSubcontext(this.prc.getInboundMessageContext().getSubcontext(OIDCMetadataContext.class));
        this.enabledMethods = Collections.singleton(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
    }
}
