package net.shibboleth.idp.plugin.oidc.op.profile.flow;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.jasminb.jsonapi.models.errors.Error;
import com.github.jasminb.jsonapi.models.errors.Errors;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.plugin.oidc.op.profile.impl.BaseOIDCResponseActionTest;
import net.shibboleth.idp.plugin.oidc.op.token.support.RegistrationClaimsSet;
import net.shibboleth.oidc.metadata.policy.MetadataPolicy;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.execution.FlowExecutionOutcome;
import org.springframework.webflow.executor.FlowExecutionResult;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/flow/IssueRegistrationAccessTokenFlowTest.class */
public class IssueRegistrationAccessTokenFlowTest extends AbstractOidcFlowTest {

    @Nonnull
    public static final String FLOW_ID = "admin/oidc/issue-registration-access-token";

    public IssueRegistrationAccessTokenFlowTest() {
        super(FLOW_ID);
    }

    @Test
    public void testWithNoParameters() throws Exception {
        buildRequest(null, null, null, null, null);
        Assert.assertEquals(this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext).getOutcome().getId(), AbstractOidcFlowTest.END_STATE_ID);
        assertErrorResponse(400, "Invalid Request");
    }

    @Test
    public void testWithInvalidLocation() throws Exception {
        buildRequest("P1D", "src/test/not_existing", "mockRpId", null, null);
        Assert.assertEquals(this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext).getOutcome().getId(), AbstractOidcFlowTest.END_STATE_ID);
        assertErrorResponse(400, "Invalid Request");
    }

    @Test
    public void testWithValidPolicyLocationAndId() throws Exception {
        buildRequest("P1D", "src/test/resources/conf/metadata-policy1.json", "mockRpId", null, null);
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(this.response.getStatus(), 200);
        Assert.assertEquals(outcome.getId(), AbstractOidcFlowTest.END_STATE_ID);
        validateToken((AccessTokenResponse) parseSuccessResponse(launchExecution, AccessTokenResponse.class), "mockRpId", null, buildMetadataPolicy1());
    }

    @Test
    public void testWithPolicyLocationOnly() throws Exception {
        buildRequest("P1D", "src/test/resources/conf/metadata-policy1.json", null, null, null);
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(this.response.getStatus(), 200);
        Assert.assertEquals(outcome.getId(), AbstractOidcFlowTest.END_STATE_ID);
        validateToken((AccessTokenResponse) parseSuccessResponse(launchExecution, AccessTokenResponse.class), null, null, buildMetadataPolicy1());
    }

    @Test
    public void testWithPolicyIdOnly() throws Exception {
        buildRequest("P1D", null, "mockRpId", null, null);
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(this.response.getStatus(), 200);
        Assert.assertEquals(outcome.getId(), AbstractOidcFlowTest.END_STATE_ID);
        validateToken((AccessTokenResponse) parseSuccessResponse(launchExecution, AccessTokenResponse.class), "mockRpId", null, null);
    }

    @Test
    public void testWithPolicyIdClientId() throws Exception {
        buildRequest("P1D", null, "mockRpId", "mockClientId", null);
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(this.response.getStatus(), 200);
        Assert.assertEquals(outcome.getId(), AbstractOidcFlowTest.END_STATE_ID);
        validateToken((AccessTokenResponse) parseSuccessResponse(launchExecution, AccessTokenResponse.class), "mockRpId", "mockClientId", null);
    }

    @Test
    public void testWithPolicyIdReplacementIgnoredWithoutClientId() throws Exception {
        buildRequest("P1D", null, "mockRpId", null, "true");
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(this.response.getStatus(), 200);
        Assert.assertEquals(outcome.getId(), AbstractOidcFlowTest.END_STATE_ID);
        Assert.assertFalse(validateToken((AccessTokenResponse) parseSuccessResponse(launchExecution, AccessTokenResponse.class), "mockRpId", null, null).isReplacement());
    }

    @Test
    public void testWithPolicyIdReplacemenSetWithClientId() throws Exception {
        buildRequest("P1D", null, "mockRpId", "mockClientId", "true");
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(FLOW_ID, (MutableAttributeMap) null, this.externalContext);
        FlowExecutionOutcome outcome = launchExecution.getOutcome();
        Assert.assertEquals(this.response.getStatus(), 200);
        Assert.assertEquals(outcome.getId(), AbstractOidcFlowTest.END_STATE_ID);
        Assert.assertTrue(validateToken((AccessTokenResponse) parseSuccessResponse(launchExecution, AccessTokenResponse.class), "mockRpId", "mockClientId", null).isReplacement());
    }

    protected RegistrationClaimsSet validateToken(AccessTokenResponse accessTokenResponse, String str, String str2, Map<String, MetadataPolicy> map) throws Exception {
        Assert.assertNotNull(accessTokenResponse.getTokens());
        BearerAccessToken bearerAccessToken = accessTokenResponse.getTokens().getBearerAccessToken();
        Assert.assertNotNull(bearerAccessToken);
        RegistrationClaimsSet registrationClaimsSet = (RegistrationClaimsSet) new ObjectMapper().readValue(BaseOIDCResponseActionTest.initializeDataSealer().unwrap(bearerAccessToken.getValue()), RegistrationClaimsSet.class);
        Assert.assertEquals(registrationClaimsSet.getKeyType(), "rt");
        Assert.assertNotNull(registrationClaimsSet.getJti());
        Assert.assertEquals(registrationClaimsSet.getIssuer(), "https://op.example.org");
        Assert.assertEquals(registrationClaimsSet.getRelyingPartyId(), str);
        Assert.assertEquals(registrationClaimsSet.getClientId(), str2);
        if (map != null) {
            Map metadata = registrationClaimsSet.getMetadata();
            Assert.assertNotNull(metadata);
            Assert.assertEquals(metadata.size(), map.size());
            for (String str3 : metadata.keySet()) {
                Assert.assertEquals(((MetadataPolicy) metadata.get(str3)).toString(), map.get(str3).toString());
            }
        } else {
            Assert.assertNull(registrationClaimsSet.getMetadata());
        }
        return registrationClaimsSet;
    }

    private Map<String, MetadataPolicy> buildMetadataPolicy1() {
        HashMap hashMap = new HashMap();
        hashMap.put("grant_types", new MetadataPolicy.Builder().withOneOfValues(List.of("authorization_code", "implicit")).build());
        hashMap.put("client_name", new MetadataPolicy.Builder().withDefaultValue("A known test application").build());
        hashMap.put("organization_name", new MetadataPolicy.Builder().withValue("A trusted organization").build());
        hashMap.put("redirect_uris", new MetadataPolicy.Builder().withRegexp("^https:\\/\\/(?:([^.]+).)?example.org\\/(.*)").withEssential(true).build());
        hashMap.put("id_token_signed_response_alg", new MetadataPolicy.Builder().withSubsetOfValues(List.of("RS256", "RS384", "RS512")).build());
        hashMap.put("scope", new MetadataPolicy.Builder().withSubsetOfValues(List.of("openid", "profile", "email", "phone")).build());
        return hashMap;
    }

    private void buildRequest(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String str4, @Nullable String str5) throws UnsupportedEncodingException {
        this.request.setMethod("GET");
        if (str != null) {
            this.request.addParameter("tokenLifetime", URLEncoder.encode(str, "UTF-8"));
        }
        if (str2 != null) {
            this.request.addParameter("policyLocation", str2);
        }
        if (str3 != null) {
            this.request.addParameter("policyId", str3);
        }
        if (str4 != null) {
            this.request.addParameter("clientId", str4);
        }
        if (str5 != null) {
            this.request.addParameter("replacement", str5);
        }
    }

    private void assertErrorResponse(int i, String str) throws UnsupportedEncodingException, JsonMappingException, JsonProcessingException {
        Assert.assertEquals(this.response.getStatus(), i);
        Errors errors = (Errors) new ObjectMapper().readerFor(Errors.class).readValue(this.response.getContentAsString());
        Assert.assertNotNull(errors);
        Assert.assertNotNull(errors.getErrors());
        Assert.assertEquals(errors.getErrors().size(), 1);
        Error error = (Error) errors.getErrors().get(0);
        Assert.assertNotNull(error);
        Assert.assertEquals(error.getStatus(), i);
        Assert.assertEquals(error.getTitle(), str);
    }
}
