package net.shibboleth.idp.plugin.oidc.op.authn.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.ClientSecretJWT;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.oidc.authn.context.OAuth2ClientAuthenticationContext;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/authn/impl/ExtractClientAuthenticationFromRequestTest.class */
public class ExtractClientAuthenticationFromRequestTest {
    private ClientID clientId;
    private Secret clientSecret;
    private URI endpointUri;
    private RSAPrivateKey rsaPrivateKey;
    private RSAPublicKey rsaPublicKey;
    private ExtractClientAuthenticationFromRequest action;
    private RequestContext rc;
    private ProfileRequestContext prc;

    @BeforeClass
    public void initKeys() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        this.rsaPrivateKey = (RSAPrivateKey) genKeyPair.getPrivate();
        this.rsaPublicKey = (RSAPublicKey) genKeyPair.getPublic();
    }

    @BeforeMethod
    public void init() throws URISyntaxException, ComponentInitializationException {
        this.clientId = new ClientID("mockId");
        this.clientSecret = new Secret("secret1234567890secret1234567890secret1234567890");
        this.endpointUri = new URI("https://mock.example.org/");
        this.action = new ExtractClientAuthenticationFromRequest();
        this.action.initialize();
    }

    protected void initializeRequestCtx(ClientAuthenticationMethod clientAuthenticationMethod) throws JOSEException, ComponentInitializationException {
        this.rc = new RequestContextBuilder().setInboundMessage(new TokenRequest((URI) null, clientAuthenticationMethod.equals(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) ? new ClientSecretBasic(this.clientId, this.clientSecret) : clientAuthenticationMethod.equals(ClientAuthenticationMethod.CLIENT_SECRET_POST) ? new ClientSecretPost(this.clientId, this.clientSecret) : clientAuthenticationMethod.equals(ClientAuthenticationMethod.CLIENT_SECRET_JWT) ? new ClientSecretJWT(this.clientId, this.endpointUri, JWSAlgorithm.HS256, this.clientSecret) : clientAuthenticationMethod.equals(ClientAuthenticationMethod.PRIVATE_KEY_JWT) ? new PrivateKeyJWT(this.clientId, this.endpointUri, JWSAlgorithm.RS256, this.rsaPrivateKey, (String) null, (Provider) null) : null, new AuthorizationCodeGrant(new AuthorizationCode(), (URI) null))).buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.rc);
        this.prc.addSubcontext(new AuthenticationContext());
    }

    @Test
    public void testNoAuthnContext() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        this.prc.removeSubcontext(AuthenticationContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.rc), "InvalidAuthenticationContext");
    }

    @Test
    public void testBasic() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        OAuth2ClientAuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class).getSubcontext(OAuth2ClientAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getClientAuthentication().getClientID(), this.clientId);
        Assert.assertEquals(subcontext.getClientAuthentication().getMethod(), ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        UsernamePasswordContext subcontext2 = subcontext.getParent().getSubcontext(UsernamePasswordContext.class);
        Assert.assertNotNull(subcontext2);
        Assert.assertEquals(subcontext2.getUsername(), this.clientId.getValue());
        Assert.assertEquals(subcontext2.getPassword(), this.clientSecret.getValue());
    }

    @Test
    public void testPost() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.CLIENT_SECRET_POST);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        OAuth2ClientAuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class).getSubcontext(OAuth2ClientAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getClientAuthentication().getClientID(), this.clientId);
        Assert.assertEquals(subcontext.getClientAuthentication().getMethod(), ClientAuthenticationMethod.CLIENT_SECRET_POST);
        UsernamePasswordContext subcontext2 = subcontext.getParent().getSubcontext(UsernamePasswordContext.class);
        Assert.assertNotNull(subcontext2);
        Assert.assertEquals(subcontext2.getUsername(), this.clientId.getValue());
        Assert.assertEquals(subcontext2.getPassword(), this.clientSecret.getValue());
    }

    @Test
    public void testSecretJwt() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        OAuth2ClientAuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class).getSubcontext(OAuth2ClientAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getClientAuthentication().getClientID(), this.clientId);
        Assert.assertEquals(subcontext.getClientAuthentication().getMethod(), ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        Assert.assertNull(subcontext.getParent().getSubcontext(UsernamePasswordContext.class));
    }

    @Test
    public void testPrivateKeyJwt() throws Exception {
        initializeRequestCtx(ClientAuthenticationMethod.PRIVATE_KEY_JWT);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.rc));
        OAuth2ClientAuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class).getSubcontext(OAuth2ClientAuthenticationContext.class);
        Assert.assertNotNull(subcontext);
        Assert.assertEquals(subcontext.getClientAuthentication().getClientID(), this.clientId);
        Assert.assertEquals(subcontext.getClientAuthentication().getMethod(), ClientAuthenticationMethod.PRIVATE_KEY_JWT);
        Assert.assertNull(subcontext.getParent().getSubcontext(UsernamePasswordContext.class));
    }
}
