package net.shibboleth.idp.plugin.oidc.op.profile.flow;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse;
import java.io.IOException;
import java.security.PublicKey;
import java.text.ParseException;
import net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractIssuedJWTSecurityTest;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/flow/IssuedSignedJWTTest.class */
public class IssuedSignedJWTTest extends AbstractIssuedJWTSecurityTest {
    public IssuedSignedJWTTest(AbstractIssuedJWTSecurityTest.JWT_FETCHING_TYPE jwt_fetching_type, String str) {
        super(jwt_fetching_type, str);
    }

    @Test
    public void testJwtSecurity_jwtSigAlgAndEncNotSpecified() throws Exception {
        if (!this.fetchingType.equals(AbstractIssuedJWTSecurityTest.JWT_FETCHING_TYPE.USERINFO)) {
            assertSignedJwt(obtainJwt(null), JWSAlgorithm.RS256, loadRSSigningCredential().getPublicKey());
            return;
        }
        UserInfoSuccessResponse obtainUserInfoResponse = obtainUserInfoResponse(this.defaultClientId, null);
        Assert.assertNotNull(obtainUserInfoResponse.getUserInfo());
        Assert.assertNull(obtainUserInfoResponse.getUserInfoJWT());
    }

    @Test
    public void testJwtSecurity_jwtRS256SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.RS256), JWSAlgorithm.RS256, loadRSSigningCredential().getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtRS384SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.RS384), JWSAlgorithm.RS384, loadRSSigningCredential().getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtRS512SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.RS512), JWSAlgorithm.RS512, loadRSSigningCredential().getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtPS256SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.PS256), JWSAlgorithm.PS256, loadRSSigningCredential().getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtPS384SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.PS384), JWSAlgorithm.PS384, loadRSSigningCredential().getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtPS512SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.PS512), JWSAlgorithm.PS512, loadRSSigningCredential().getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtES256SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.ES256), JWSAlgorithm.ES256, loadESSigningCredential().getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtES384SigAlgAndEncNotSpecified() throws Exception {
        assertExcludedAlgorithm(this.defaultClientId, this.defaultClientSecret, this.rsaPublicKey, JWSAlgorithm.ES384);
    }

    protected void assertExcludedAlgorithm(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm) throws ParseException, DataSealerException, IOException {
        assertNoJwtResponse(str, str2, publicKey, jWSAlgorithm, null, null, this.fetchingType);
    }

    @Test
    public void testJwtSecurity_jwtES512SigAlgAndEncNotSpecified() throws Exception {
        assertSignedJwt(obtainJwt(JWSAlgorithm.ES512), JWSAlgorithm.ES512, loadCredential("/credentials/idp-signing-es521.jwk").getPublicKey());
    }

    @Test
    public void testJwtSecurity_jwtHS256SigAlgAndEncNotSpecified_32BKey() throws Exception {
        assertSignedJwt(obtainJwt(this.defaultClientSecret, JWSAlgorithm.HS256), JWSAlgorithm.HS256, this.defaultClientSecret);
    }

    @Test
    public void testJwtSecurity_jwtHS384SigAlgAndEncNotSpecified_32BKey() throws Exception {
        assertNoJwtResponse(this.defaultClientId, this.defaultClientSecret, null, JWSAlgorithm.HS384, this.fetchingType);
    }

    @Test
    public void testJwtSecurity_jwtHS512SigAlgAndEncNotSpecified_32BKey() throws Exception {
        assertNoJwtResponse(this.defaultClientId, this.defaultClientSecret, null, JWSAlgorithm.HS512, this.fetchingType);
    }

    @Test
    public void testJwtSecurity_jwtHS256SigAlgAndEncNotSpecified_64BKey() throws Exception {
        assertSignedJwt(obtainJwt(this.defaultClientSecret64B, JWSAlgorithm.HS256), JWSAlgorithm.HS256, this.defaultClientSecret64B);
    }

    @Test
    public void testJwtSecurity_jwtHS384SigAlgAndEncNotSpecified_64BKey() throws Exception {
        assertSignedJwt(obtainJwt(this.defaultClientSecret64B, JWSAlgorithm.HS384), JWSAlgorithm.HS384, this.defaultClientSecret64B);
    }

    @Test
    public void testJwtSecurity_jwtHS512SigAlgAndEncNotSpecified_64BKey() throws Exception {
        assertSignedJwt(obtainJwt(this.defaultClientSecret64B, JWSAlgorithm.HS512), JWSAlgorithm.HS512, this.defaultClientSecret64B);
    }

    @Test
    public void testJwtSecurity_jwtHS256SigAlgAndEncNotSpecified_NoKey() throws Exception {
        assertNoJwtResponse(this.defaultClientId, null, null, JWSAlgorithm.HS512, this.fetchingType);
    }

    @Test
    public void testJwtSecurity_jwtHS384SigAlgAndEncNotSpecified_NoKey() throws Exception {
        assertNoJwtResponse(this.defaultClientId, null, null, JWSAlgorithm.HS512, this.fetchingType);
    }

    @Test
    public void testJwtSecurity_jwtHS512SigAlgAndEncNotSpecified_NoKey() throws Exception {
        assertNoJwtResponse(this.defaultClientId, null, null, JWSAlgorithm.HS512, this.fetchingType);
    }
}
