package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.openid.connect.sdk.claims.AMR;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import java.time.Instant;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.oidc.profile.config.impl.DefaultOIDCAuthorizationConfiguration;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.mockito.Mockito;
import org.opensaml.profile.context.ProfileRequestContext;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/ManipulateClaimsForIDTokenTest.class */
public class ManipulateClaimsForIDTokenTest extends BaseOIDCResponseActionTest {
    private ManipulateClaimsForIDToken action;

    private void init() throws ComponentInitializationException {
        init(null);
    }

    private void init(BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>> biFunction) throws ComponentInitializationException {
        this.action = new ManipulateClaimsForIDToken();
        this.action.initialize();
        DefaultOIDCAuthorizationConfiguration defaultOIDCAuthorizationConfiguration = new DefaultOIDCAuthorizationConfiguration();
        defaultOIDCAuthorizationConfiguration.setIDTokenManipulationStrategy(biFunction);
        this.rpCtx.setProfileConfig(defaultOIDCAuthorizationConfiguration);
    }

    @Test
    public void testNoCtx() throws ComponentInitializationException {
        init();
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessageContext");
    }

    @Test
    public void testSuccessSameMapDoesntChangeContents() throws ComponentInitializationException, ParseException {
        Instant now = Instant.now();
        setIdTokenToResponseContext("iss", "sub", "aud", now, now);
        Assert.assertEquals(this.respCtx.getIDToken().toJSONObject().size(), 5);
        init((profileRequestContext, map) -> {
            return map;
        });
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        IDTokenClaimsSet iDToken = this.respCtx.getIDToken();
        Assert.assertEquals(iDToken.toJSONObject().size(), 5);
        Assert.assertEquals(iDToken.getSubject().getValue(), "sub");
        Assert.assertEquals(iDToken.getIssuer().getValue(), "iss");
        Assert.assertEquals(iDToken.getAudience(), Audience.create(new String[]{"aud"}));
        Assert.assertEquals(iDToken.getIssueTime().toInstant().getEpochSecond(), now.getEpochSecond());
        Assert.assertEquals(iDToken.getExpirationTime().toInstant().getEpochSecond(), now.getEpochSecond());
    }

    @Test
    public void testSuccessManipulationForIss() throws ComponentInitializationException, ParseException {
        Instant now = Instant.now();
        setIdTokenToResponseContext("iss", "sub", "aud", now, now);
        Assert.assertEquals(this.respCtx.getIDToken().toJSONObject().size(), 5);
        init(mockFunction(Map.of("iss", "manipulatedIss", "sub", "sub", "aud", List.of("aud"), "exp", Long.valueOf(now.getEpochSecond()), "iat", Long.valueOf(now.getEpochSecond()))));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        IDTokenClaimsSet iDToken = this.respCtx.getIDToken();
        Assert.assertEquals(iDToken.toJSONObject().size(), 5);
        Assert.assertEquals(iDToken.getSubject().getValue(), "sub");
        Assert.assertEquals(iDToken.getIssuer().getValue(), "manipulatedIss");
        Assert.assertEquals(iDToken.getAudience(), Audience.create(new String[]{"aud"}));
        Assert.assertEquals(iDToken.getIssueTime().toInstant().getEpochSecond(), now.getEpochSecond());
        Assert.assertEquals(iDToken.getExpirationTime().toInstant().getEpochSecond(), now.getEpochSecond());
    }

    @Test
    public void testSuccessManipulationAddStandardClaims() throws ComponentInitializationException, ParseException {
        Instant now = Instant.now();
        setIdTokenToResponseContext("iss", "sub", "aud", now, now);
        Assert.assertEquals(this.respCtx.getIDToken().toJSONObject().size(), 5);
        init(mockFunction(Map.of("iss", "manipulatedIss", "sub", "sub", "aud", List.of("aud"), "exp", Long.valueOf(now.getEpochSecond()), "iat", Long.valueOf(now.getEpochSecond()), "acr", "password", "amr", List.of("face"))));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        IDTokenClaimsSet iDToken = this.respCtx.getIDToken();
        Assert.assertEquals(iDToken.toJSONObject().size(), 7);
        Assert.assertEquals(iDToken.getSubject().getValue(), "sub");
        Assert.assertEquals(iDToken.getIssuer().getValue(), "manipulatedIss");
        Assert.assertEquals(iDToken.getAudience(), Audience.create(new String[]{"aud"}));
        Assert.assertEquals(iDToken.getIssueTime().toInstant().getEpochSecond(), now.getEpochSecond());
        Assert.assertEquals(iDToken.getExpirationTime().toInstant().getEpochSecond(), now.getEpochSecond());
        Assert.assertEquals(iDToken.getACR().getValue(), "password");
        Assert.assertEquals(iDToken.getAMR(), List.of(AMR.FACE));
    }

    @Test
    public void testSuccessManipulationAddCustomClaims() throws ComponentInitializationException, ParseException {
        Instant now = Instant.now();
        setIdTokenToResponseContext("iss", "sub", "aud", now, now);
        Assert.assertEquals(this.respCtx.getIDToken().toJSONObject().size(), 5);
        init(mockFunction(Map.of("iss", "manipulatedIss", "sub", "sub", "aud", List.of("aud"), "exp", Long.valueOf(now.getEpochSecond()), "iat", Long.valueOf(now.getEpochSecond()), "custom1", 3, "custom2", List.of("customV1", "customV2"))));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        IDTokenClaimsSet iDToken = this.respCtx.getIDToken();
        Assert.assertEquals(iDToken.toJSONObject().size(), 7);
        Assert.assertEquals(iDToken.getSubject().getValue(), "sub");
        Assert.assertEquals(iDToken.getIssuer().getValue(), "manipulatedIss");
        Assert.assertEquals(iDToken.getAudience(), Audience.create(new String[]{"aud"}));
        Assert.assertEquals(iDToken.getIssueTime().toInstant().getEpochSecond(), now.getEpochSecond());
        Assert.assertEquals(iDToken.getExpirationTime().toInstant().getEpochSecond(), now.getEpochSecond());
        Integer num = 3;
        Assert.assertEquals(iDToken.getNumberClaim("custom1").toString(), num.toString());
        Assert.assertEquals(iDToken.getStringListClaim("custom2"), List.of("customV1", "customV2"));
    }

    @Test
    public void testFailedManipulationDueMissingIss() throws ComponentInitializationException, ParseException {
        Instant now = Instant.now();
        setIdTokenToResponseContext("iss", "sub", "aud", now, now);
        init(mockFunction(Map.of("sub", "sub", "aud", List.of("aud"), "exp", Long.valueOf(now.getEpochSecond()), "iat", Long.valueOf(now.getEpochSecond()))));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidProfileConfiguration");
    }

    @Test
    public void testFailedManipulationDueInvalidIatFormat() throws ComponentInitializationException, ParseException {
        Instant now = Instant.now();
        setIdTokenToResponseContext("iss", "sub", "aud", now, now);
        init(mockFunction(Map.of("iss", "iss", "sub", "sub", "aud", List.of("aud"), "exp", Long.valueOf(now.getEpochSecond()), "iat", "invalidFormat")));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidProfileConfiguration");
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>> mockFunction(Map<String, Object> map) {
        BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>> biFunction = (BiFunction) Mockito.mock(BiFunction.class);
        Mockito.when(biFunction.apply(Mockito.any(), Mockito.any())).thenReturn(map);
        return biFunction;
    }
}
