package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import java.net.URISyntaxException;
import java.time.Instant;
import net.shibboleth.idp.plugin.oidc.op.profile.context.navigate.DefaultComputeAuthorizationCodeHashFunction;
import net.shibboleth.idp.plugin.oidc.op.profile.context.navigate.ResponseContextAuthorizationCodeLookupFunction;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.oidc.security.jose.SignatureSigningParameters;
import net.shibboleth.oidc.security.jose.context.SecurityParametersContext;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.security.credential.Credential;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/AddAuthorizationCodeHashToIDTokenTest.class */
public class AddAuthorizationCodeHashToIDTokenTest extends BaseOIDCResponseActionTest {
    private AddAuthorizationCodeHashToIDToken action;
    SecurityParametersContext spCtx;

    private void init(String str, Credential credential) throws ComponentInitializationException, URISyntaxException {
        this.spCtx = new SecurityParametersContext();
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        this.spCtx.setSignatureSigningParameters(signatureSigningParameters);
        signatureSigningParameters.setSigningCredential(credential);
        signatureSigningParameters.setSignatureAlgorithm(str);
        this.profileRequestCtx.getOutboundMessageContext().addSubcontext(this.spCtx);
        setIdTokenToResponseContext("iss", "sub", "aud", Instant.now(), Instant.now());
        this.respCtx.setAuthorizationCode("authcode");
        DefaultComputeAuthorizationCodeHashFunction defaultComputeAuthorizationCodeHashFunction = new DefaultComputeAuthorizationCodeHashFunction();
        defaultComputeAuthorizationCodeHashFunction.setAuthorizationCodeLookupStrategy(new ResponseContextAuthorizationCodeLookupFunction());
        defaultComputeAuthorizationCodeHashFunction.setSecurityParametersLookupStrategy(profileRequestContext -> {
            return this.spCtx;
        });
        this.action = new AddAuthorizationCodeHashToIDToken();
        this.action.setCodeHashCalculationStrategy(defaultComputeAuthorizationCodeHashFunction);
        this.action.initialize();
    }

    @Test
    public void testNoIdToken() throws ComponentInitializationException, ParseException, URISyntaxException {
        init("RS256", this.credentialRSA);
        this.respCtx.setIDToken((IDTokenClaimsSet) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessageContext");
    }

    @Test
    public void testNoAuthorizationCode() throws ComponentInitializationException, ParseException, URISyntaxException {
        init("RS256", this.credentialRSA);
        this.respCtx.setAuthorizationCode((String) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidSecurityConfiguration");
    }

    @Test
    public void testSuccess() throws ComponentInitializationException, ParseException, URISyntaxException {
        init("RS256", this.credentialRSA);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getIDToken().getStringClaim("c_hash"));
    }
}
