package net.shibboleth.idp.plugin.oidc.op.oauth2.profile.impl;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import java.net.URISyntaxException;
import net.shibboleth.idp.plugin.oidc.op.profile.impl.BaseOIDCResponseActionTest;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/oauth2/profile/impl/ValidateCodeChallengeTest.class */
public class ValidateCodeChallengeTest extends BaseOIDCResponseActionTest {
    private ValidateCodeChallenge action;
    private boolean forcePkce;
    private boolean allowPlain;

    @BeforeMethod
    private void init() throws ComponentInitializationException, URISyntaxException, ParseException {
        this.action = new ValidateCodeChallenge();
        this.action.setForcePKCECondition(profileRequestContext -> {
            return this.forcePkce;
        });
        this.action.setAllowPKCEPlainCondition(profileRequestContext2 -> {
            return this.allowPlain;
        });
        this.action.initialize();
    }

    @Test
    public void testUnforcedAllowMissingChallenge() throws ComponentInitializationException {
        this.forcePkce = false;
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testForcedFailsWhenMissingChallenge() throws ComponentInitializationException {
        this.forcePkce = true;
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCECodeChallengeRequired");
    }

    @Test
    public void testForcedFailsWhenEmptyChallenge() throws ComponentInitializationException, ParseException {
        this.forcePkce = true;
        setAuthenticationRequest(populateCodeChallenge("", null));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCECodeChallengeRequired");
    }

    @Test
    public void testUnforcedPNolainAllowedFailsWithUnknownMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "unsupported"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testUnforcedNoPlainAllowedFailsWithDefaultMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", null));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testUnforcedNoPlainAllowedFailsWithEmptyMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", ""));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testUnforcedNoPlainAllowedFailsWithPlainMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "plain"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testUnforcedNoPlainAllowedSuccessWithS256Method() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "S256"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testForcedNoPlainAllowedFailsWithUnknownMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "unsupported"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testForcedNoPlainAllowedFailsWithDefaultMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", null));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testForcedNoPlainAllowedFailsWithEmptyMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", ""));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testForcedNoPlainAllowedFailsWithPlainMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "plain"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testForcedNoPlainAllowedSuccessWithS256Method() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = false;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "S256"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testUnforcedPlainAllowedFailsWithUnknownMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "unsupported"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testUnforcedPlainAllowedSuccessWithDefaultMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", null));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testUnforcedPlainAllowedSuccessWithEmptyMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", ""));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testUnforcedPlainAllowedSuccesssWithPlainMethod() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "plain"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testUnforcedPlainAllowedSuccessWithS256Method() throws ParseException {
        this.forcePkce = false;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "S256"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testForcedPlainAllowedFailsWithUnknownMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "unsupported"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "PKCEVerifierTransformAlgorithmNotSupported");
    }

    @Test
    public void testForcedPlainAllowedSuccessWithDefaultMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", null));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testForcedPlainAllowedSuccessWithEmptyMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", ""));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testForcedPlainAllowedSuccessWithPlainMethod() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "plain"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    @Test
    public void testForceoPlainAllowedSuccessWithS256Method() throws ParseException {
        this.forcePkce = true;
        this.allowPlain = true;
        setAuthenticationRequest(populateCodeChallenge("asdsadasddsa", "S256"));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
    }

    protected AuthenticationRequest populateCodeChallenge(String str, String str2) throws ParseException {
        String str3 = this.request.toQueryString() + "&code_challenge=" + str;
        return AuthenticationRequest.parse(str2 == null ? str3 : str3 + "&code_challenge_method=" + str2);
    }
}
